PyAuthenNTLM2 icon indicating copy to clipboard operation
PyAuthenNTLM2 copied to clipboard

Published 20 hours ago verified publisher icon Legrandin

PYNTLM error with required valid-user

Open steveconig opened this issue 11 years ago • 7 comments

I am using Ubuntu 14.04 with Apache 2.4.7 and Python 3.4. I am trying to get SSO to work with NTLM. I can get basic authentication to authenticate with Active Directory. I am using this Directory Apache Config:

Directory /var/www/some_directory AuthType NTLM AuthName domain.local require valid-user PythonAuthenHandler pyntlm PythonOption Domain domain.local PythonOption PDC dc1.domain.local PythonOption BDC dc2.domain.local /Directory

When I comment out the require valid-user I am able to use basic authentication to authenticate to the site. Yet when I use require valid-user I get an error in apache2/error.log. It does say I authenticate and shows my username/DOMAIN but I get a following error that says "PYNTLM: Authorization failed for username and URI /." Is there an alternative to require valid-user that can be used in the apache2.conf file.

steveconig avatar May 29 '14 00:05 steveconig

Hi, I am also getting this problem with valid-user for 2.4 and I dont know how to solve it.. were you able to fix this issue?

DeathR0W avatar Oct 08 '14 08:10 DeathR0W

I was missing a module, though I don't remember what module it was at the time. I would double check and make sure that you have all of the modules required, they may be different if you are using Ubuntu.

steveconig avatar Oct 24 '14 03:10 steveconig

Hello,@steveconig, have you found a module name which absence was causing the problem?

geshido avatar Nov 20 '14 05:11 geshido

I think it's the same issue as #15

Judokus avatar Feb 18 '15 16:02 Judokus

I got it to work by disabling the authorization checks in:

def check_authorization(req, username, proxy):

I changed the last line from this snipped from False to True:


 else:
        req.log_error('PYNTLM: Authorization failed for %s and URI %s.' %
            (username,req.unparsed_uri))
    return True

This is due to changed code in Apache 2.4+ which needs an update in PyAuthenNTLM2 to work.

SanderGit avatar Apr 19 '16 14:04 SanderGit

doesn't that defeat the whole purpose of using PyAuthenNTLM2 ?

Judokus avatar Apr 29 '16 07:04 Judokus

Do not mix authentication with authorization.

Op vr 29 apr. 2016 09:54 schreef Judokus [email protected]:

doesn't that defeat the whole purpose of using Py_Auth_enNTLM2 ?

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/Legrandin/PyAuthenNTLM2/issues/19#issuecomment-215652216

SanderGit avatar Apr 29 '16 10:04 SanderGit