Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems with authenticating and general setup.

Status
Not open for further replies.
Goodeye

Goodeye

MIS
Joined
Nov 11, 2001
Messages
5
Location
US
Hello,

I am running "Apache/2.0.55 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e mod_auth_sspi/1.0.3 configured" and am trying to authenticate against a Windows domain. When I tell my ssl.conf file to "require valid-user" I get a password prompt but nothing I use will validate. My site is composed of one standard HTTP section and one HTTPS section. The index page of the HTTP session immediately redirects to the HTTPS session. I have included both the httpd.conf and ssl.conf files. I am sorely baffled and a definite newbie in need of help. Any help pointing me in the direction of my mistake(s) would be greatly appreciated.



Code: 
[COLOR=red] httpd.conf[/color]

PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 15
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
#LoadModule auth_anon_module modules/mod_auth_anon.so
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule sspi_auth_module modules/mod_auth_sspi.so

ServerAdmin scott.medaugh@gmail.com

ServerName xxxx.yyyy.com:80

UseCanonicalName Off

DocumentRoot "C:/httpd/html"

<Directory />
Options Indexes FollowSymLinks +ExecCGI
AllowOverride None
</Directory>

<Directory "C:/httpd/html">
Options Indexes FollowSymLinks +ExecCGI
AllowOverride None
Order allow,deny
Allow from all
<LimitExcept GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</LimitExcept>
</Directory>

DirectoryIndex index.pl index.html index.html.var 
AccessFileName .htaccess
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>

TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off

ErrorLog logs/error.log
LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog logs/access.log common

ServerTokens Full
ServerSignature On

Alias /icons/ "C:/httpd/icons/"

<Directory "C:/httpd/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

AliasMatch ^/manual(?:/(?e|en|es|fr|ja|ko|ru))?(/.*)?$ "C:/httpd/manual$1"

<Directory "C:/httpd/manual">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all

<Files *.html>
SetHandler type-map
</Files>

SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
</Directory>

ScriptAlias /cgi-bin/ "C:/httpd/cgi-bin/"
<Directory "C:/httpd/cgi-bin">
AllowOverride All
Options None
Order allow,deny
Allow from all
</Directory>

IndexOptions FancyIndexing VersionSort

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
AddDescription "Quicktime Movie" .mov
AddDescription "Text File" .txt
AddDescription "Text File" .log


ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8

AddCharset GB2312 .gb2312 .gb 
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

#AddHandler cgi-script .cgi
AddHandler cgi-script .cgi .pl

#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis

AddHandler type-map var

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

Alias /error/include/ "c:/httpd/error/include/"

Alias /error/ "c:/httpd/error/"

<Directory "/error/">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html var
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var



BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .yyyyy.com
#</Location>

#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .yyyyyy.com
#</Location>


<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none


************************************************************************
[COLOR=red]ssl.conf[/color]

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl-scache.log
SSLSessionCacheTimeout 300

#SSLMutex file:logs/ssl_mutex.log
SSLMutex default

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512


<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "c:/httpd/html/secure"
#ServerName localhost:443
ServerName xxxxx.yyyyyy.com:443
ServerAdmin scott.medaugh@gmail.com
ErrorLog logs/error.log
TransferLog logs/access.log

<Directory "c:/httpd/html/secure">
#Options All
AllowOverride AuthConfig
AuthName "Please Enter Your Username and Password"
AuthType SSPI
require valid-user
SSPIAuth On
SSPIAuthoritative On
SSPIDomain yyyyyyy
#SSPIOmitDomain On
#SSPIUsernameCase lower


Options All +MultiViews +ExecCGI -Indexes +Includes
Order allow,deny
Allow from all

</Directory> 


SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile conf/ssl/"server".cert ** I have changed the name of the key to remove system name
SSLCertificateKeyFile conf/ssl/"server".key

#SSLCACertificatePath conf/ssl.crt
#SSLCACertificateFile conf/ssl.crt/ca-bundle.crt
#SSLCARevocationPath conf/ssl.crl
#SSLCARevocationFile conf/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
#<Location>
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/cgi-bin">
SSLOptions +StdEnvVars
</Directory>



ScriptAlias /cgi-bin/ "C:/httpd/html/secure/cgi-bin/"

<Directory "C:/httpd/html/secure/cgi-bin">
AllowOverride All
Options None
Order allow,deny
Allow from all
</Directory>


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost> 

#</IfDefine>
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

CecilXavier
  • Locked
  • Question Question
RHEL IDM with Radius not authenticating
Replies
0
Views
472
CecilXavier
CecilXavier
SamBones
  • Locked
  • Question Question
CentOS 7 and Putty
Replies
2
Views
568
SamBones
SamBones
harro1968
  • Locked
  • Question Question
Help with ProxyPass
Replies
0
Views
358
harro1968
harro1968
KannaChan
  • Locked
  • Question Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
501
ChrisHirst
ChrisHirst
mjj4golf2
  • Locked
  • Question Question
Help with setting up a media server
Replies
2
Views
532
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top