search

Legrandin / PyAuthenNTLM2

PyAuthenNTLM2 is an authentication module for Apache. It validates a user by means of the NTLM protocol and a separate Domain Controller (or Active Directory server).
Other
57 stars 42 forks source link

LDAP does not work with python <2.6.6 #9

Open Legrandin opened 12 years ago

Legrandin commented 12 years ago

Urlparse modules in python <2.6.6 do not parse correctly ldap URLs (even though http URLs are fine). As a result, PyAuthenNTLM2 does not work when connecting to an ADS via LDAP.

An untested fix exists on the "urlparse_replacement" branch.

PiNotEqual3 commented 10 years ago

I can confirm this. I have

# python -V
Python 2.6

and master branch got me

PYNTLM: Error when retrieving Type 2 message from server
     (ldap://my.server.net/DC=stuff,DC=org) = Connection refused

After I installed urlparse_replacement branch it work.

Thanks a lot!

debarghaya commented 7 years ago

I had used the Active directory one and got the following error :-1:

Error [Mon Jun 12 20:06:21 2017] [crit] [client 192.168.0.4] PYNTLM: Error when retrieving Type 2 message from server(192.168.0.2) = [Errno 13] Permission denied

Apache Config

    AuthType NTLM
    AuthName ABCD
    require valid-user
    PythonAuthenHandler pyntlm
    PythonOption Domain ABCD
    PythonOption PDC 192.168.0.2

Python Version [root@rhel67 www]# python -V Python 2.6.6

Active Directory - Windows2008R2 OS - RHEL 6.7 Apache 2.2 Mod python - http://archive.apache.org/dist/httpd/modpython/mod_python-3.3.1.tgz

Tried using urlparse_replacement still got the same error.

Http Client [root@rhel67 PyAuthenNTLM2-ActiveDirectory]# python http_client.py -u administrator -p password12 -d ABCD http://192.168.0.3/cgi-bin/whoami.cgi First round NTLM authentication for HTTP request failed 500 Internal Server Error Authentication failed

whoami.cgi

!/bin/sh

printf "Content-type: text/html\n\n$REMOTE_USER\n"

NTLM Client [root@rhel67 PyAuthenNTLM2-ActiveDirectory]# python ntlm_client.py -u administrator -p password12 -d ABCD -a ldap://192.168.0.2 Using Active Directory (LDAP) to verify credentials. User administrator\ABCD was authenticated.

Kind of confused and stuck, appreciate your thoughts on this.

oetiker commented 7 years ago

to use active directory, you have you have to use an ldap url !

debarghaya commented 7 years ago

ldap url where in the Apache config. Can you share an example.

oetiker commented 7 years ago

ldap://10.12.13.1/DC=nasa,DC=gov

debarghaya commented 7 years ago

Got it i should have read the readme file. Will check and let you guys know.

debarghaya commented 7 years ago

Worked thanks Oetiker