Open steveconig opened 10 years ago
Hi, I am also getting this problem with valid-user for 2.4 and I dont know how to solve it.. were you able to fix this issue?
I was missing a module, though I don't remember what module it was at the time. I would double check and make sure that you have all of the modules required, they may be different if you are using Ubuntu.
Hello,@steveconig, have you found a module name which absence was causing the problem?
I think it's the same issue as #15
I got it to work by disabling the authorization checks in:
def check_authorization(req, username, proxy):
I changed the last line from this snipped from False to True:
else:
req.log_error('PYNTLM: Authorization failed for %s and URI %s.' %
(username,req.unparsed_uri))
return True
This is due to changed code in Apache 2.4+ which needs an update in PyAuthenNTLM2 to work.
doesn't that defeat the whole purpose of using PyAuthenNTLM2 ?
Do not mix authentication with authorization.
Op vr 29 apr. 2016 09:54 schreef Judokus notifications@github.com:
doesn't that defeat the whole purpose of using Py_Auth_enNTLM2 ?
— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/Legrandin/PyAuthenNTLM2/issues/19#issuecomment-215652216
I am using Ubuntu 14.04 with Apache 2.4.7 and Python 3.4. I am trying to get SSO to work with NTLM. I can get basic authentication to authenticate with Active Directory. I am using this Directory Apache Config:
Directory /var/www/some_directory AuthType NTLM AuthName domain.local require valid-user PythonAuthenHandler pyntlm PythonOption Domain domain.local PythonOption PDC dc1.domain.local PythonOption BDC dc2.domain.local /Directory
When I comment out the require valid-user I am able to use basic authentication to authenticate to the site. Yet when I use require valid-user I get an error in apache2/error.log. It does say I authenticate and shows my username/DOMAIN but I get a following error that says "PYNTLM: Authorization failed for username and URI /." Is there an alternative to require valid-user that can be used in the apache2.conf file.