Problem with SSO on Linux with Apache(AuthenNTLM) [SOLVED]

[pgandalipov]

Need some help about SSO on Linux. I choose AuthenNTLM for customer autorization using AD credentials.

I have made such changes in otrs.conf

Code: Select all

<Location /otrs>
#       ErrorDocument 403 /otrs/customer.pl
        ErrorDocument 403 /otrs/index.pl
        SetHandler  perl-script
        PerlResponseHandler ModPerl::Registry
        Options +ExecCGI
        PerlOptions +ParseHeaders
        PerlOptions +SetupEnv
  PerlAuthenHandler Apache2::AuthenNTLM
  AuthType ntlm,basic
  AuthName Basic
  require valid-user
  PerlAddVar ntdomain "KE kesrv1"
  PerlSetVar defaultdomain KE
  PerlSetVar splitdomainprefix 1
  PerlSetVar ntlmdebug 2
        Order allow,deny
        Allow from all

</Location

/etc/resolv.conf consists of these strings:

Code: Select all

nameserver 10.50.9.2
domain KE
search KE

In config.pm i added

Code: Select all

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{CustomerPanelLoginURL} = 'http://otrs/otrs/customer.pl';
$Self->{CustomerPanelLogoutURL} = 'http://otrs/otrs/customer.pl';

and comment all other customer's autorization methods.

I try to get access to otrs from WindowsXP using IE, when i enter http:/otrs/otrs/customer.pl, i get login/password form, but when i press ok, i see this

Code: Select all

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

looking at Apache error.log

Code: Select all

[1148] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAAD2==
[1148] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 130 8 162 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5 1 40 10 0 0 0 15
[1148] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain offset=0, host length=0, host offset=0, host=, domain=
[1148] handler type == 1
[1148] AuthenNTLM: Connect to pdc = kesrv1 bdc =  domain = ke
[1148] AuthenNTLM: enter lock
[1148] AuthenNTLM: verify handle  smbhandle == 0
[Thu Jul 01 00:04:25 2010] [error] Connect to SMB Server failed (pdc = kesrv1 bdc =  domain = ke error = -11/0) for /otrs/customer.pl
[1148] AuthenNTLM: leave lock
[Thu Jul 01 00:04:25 2010] [error] Cannot get nonce

i have tried to set domain and pdc's names in FQDN form, but it was useless. What should i do?

P.S. I used this article http://wiki.otrs.org/index.php?title=Im ... ith_Apache and tried to search in other places with no success.

[meilon]

What I don't "like" is the resolv.conf: I think the domain ans search entries there has to be FQDN (ke.lan or what it is for you). That's the only idea I have.

[pgandalipov]

meilon, thanks a lot.
} It works!