YvesR
commented
3 years ago You can always find latest release here https://github.com/TQsoft-GmbH/mod_authn_ntlm/releases and ApacheHaus probably use this to build the packages you download there.
Here is an example config that works for me in local and domain configs (also with trusted domains):
# if windows/ntlm auth used
RequestHeader unset X_USER
RequestHeader unset X-USER
<Location /ror_auth >
AllowOverride None
AuthName "Informer"
AuthType SSPI
NTLMAuth On
NTLMAuthoritative On
## set to the domain you want users authenticated against for clear text authentication - if not specified, the local machine, then all trusted domains are checked
# NTLMDomain domain.local
require valid-user
RequestHeader set X-USER expr=%{REMOTE_USER}
</Location>
neongrau
Hi. The task - if a user logs on to a computer under a domain account, then he can log in to our web-application in browsers “transparently” - without an additional request for a name and password.
1. Apache 2.4 is installed on 64-bit Windows Server 2016. I downloaded and installed the module from here https://www.apachehaus.com/cgi-bin/download.plx Download Name: Mod Auth NTLM for Apache 2.4.x x64 Download Description: SSPI NTLM based authentication module for Apache Download Filename: mod_authn_ntml-1.0-2.4.x-x64-vc15.zip There is also V14, as I understand it, they are not functionally different. Is this the latest version of your module,from among those immediately ready for use?
2. We tried to log in under different users and under different browsers (IE 11, Chrome and Firefox). Sometimes the user transparently logs into the application (without the authorization window appearing) and the domain username appears in the X_ISRW_PROXY_AUTH_USER variable. But more often than not, a nasty login window appears ine different browsers, although the user has already entered the domain in Windows. Changing the string Require valid-user to Require valid-sspi-user does not greatly improve the situation. How to fix it? Here is how I did based on your sample configuration: