Problem using Otrs SSO AD and Apache2::AuthenNTLM

[MrMengsk]

I would like to know if this steps are ok I want to enable SSo Login for Otrs using Active Directory. Because i look a lot in this forum, but i could find something solid to apply.

I do this:

First: Install libapache2-authenntlm-perl for Debian

Second: Add lines in the file " /etc/apache2/conf.d/otrs.conf"

PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName Basic
require valid-user
PerlAddVar ntdomain "DOMAIN dc bdc"
PerlSetVar defaultdomain DOMAIN
PerlSetVar splitdomainprefix 1

Inside <Location /otrs> </Location>

Third: Add this three lines to the file

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{CustomerPanelLoginURL} = 'http://192.168.1.38/otrs/customer.html';'; "How can i do that?
$Self->{CustomerPanelLogoutURL} = 'http://192.168.1.38/';

Fourth: I installed Samba and i did some change in internet explorer.

I dont know if that is everything, probably not because i receive a message:

[error] [client 192.168.1.81] failed to resolve handler `Apache2::AuthenNTLM': Can't locate Apache2/AuthenNTLM.pm in @INC (@INC contains:
/TARGET/RAM/usr/Custom
/TARGET/RAM/usr/Kernel/cpan-lib
/TARGET/RAM/usr /opt/otrs/Custom
/opt/otrs/Kernel/cpan-lib /opt/otrs/
/etc/perl /usr/local/lib/perl/5.10.1
/usr/local/share/perl/5.10.1
/usr/lib/perl5
/usr/share/perl5 /usr/lib/perl/5.10
/usr/share/perl/5.10 /usr/local/lib/site_perl .
/etc/apache2) at (eval 157) line 3.\n

What should I do to solve this little issue?

[crythias]

if it can't locate the module, it's not installed. Install it via your distribution's package manager or via cpan or ppm.

[MrMengsk]

if it can't locate the module, it's not installed. Install it via your distribution's package manager or via cpan or ppm.

Thank you for your answer Crythias, but I try to do it via cpan and i recieved thhis message:

root@otrs:~# cpanm Apache2::AuthenNTLM
--> Working on Apache2::AuthenNTLM
Fetching http://www.cpan.org/authors/id/S/SP/SPE ... .02.tar.gz ... OK
Configuring Apache2-AuthenNTLM-0.02 ... OK
Building and testing Apache2-AuthenNTLM-0.02 ... FAIL
! Installing Apache2::AuthenNTLM failed. See /root/.cpanm/build.log for details.
root@otrs:~# tail -f /root/.cpanm/build.log
cd smbval && make LIBPERL_A="libperl.a" LINKTYPE="dynamic" OPTIMIZE="-O2 -g" PREFIX="/usr/local" PASTHRU_DEFINE="" PASTHRU_INC=""
make[2]: Entering directory `/TARGET/SHARE/etc/root/.cpanm/work/1411579787.19278/Apache2-AuthenNTLM-0.02/smb/smbval'
cc -c -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g -DVERSION=\"\" -DXS_VERSION=\"\" -fPIC "-I/usr/lib/perl/5.10/CORE" valid.c
/bin/sh: cc: not found
make[2]: *** [valid.o] Error 127
make[2]: Leaving directory `/TARGET/SHARE/etc/root/.cpanm/work/1411579787.19278/Apache2-AuthenNTLM-0.02/smb/smbval'
make[1]: *** [smbval/smbvalid.a] Error 2
make[1]: Leaving directory `/TARGET/SHARE/etc/root/.cpanm/work/1411579787.19278/Apache2-AuthenNTLM-0.02/smb'
make: *** [subdirs] Error 2
-> FAIL Installing Apache2::AuthenNTLM failed. See /root/.cpanm/build.log for details.

Now i dont understand very much.

Could you help o this?

[jojo]

you don't have a C compiler installed.

Also why you are try to use NTLM, you should use Kerberos for SSO

[MrMengsk]

you don't have a C compiler installed.

Also why you are try to use NTLM, you should use Kerberos for SSO

I dont know, probably o looked a tutorial with NTLM, i will check Kerberos.

Do you have some link???

[crythias]

viewtopic.php?t=15422&p=59264

[MrMengsk]

I have some question about the settings what did you use.

I should paste this setting instead of the settings of <Directory "/opt/otrs/bin/cgi-bin/">, or i just paste that inside of that section

/etc/apache/conf.d/otrs.conf
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
AuthType Kerberos
AuthName "Something interesting" <- i must change that?
Krb5Keytab mykeytabfile.keytab
KrbAuthRealms THE-REALM-IN-krb5.conf
KrbMethodNegotiate on
KrbSaveCredentials off
Require valid-user
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>

I paste that in the end of the file? or should replace something?

krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYREALM
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true

[realms]
MYREALM = {
kdc = dc00.fl.local
kdc = dc1.fl.local
admin_server = dc00.fl.local
default_domain = FL.LOCAL
}
[domain_realm]
.domain.local = MYREALM
domain.local = MYREALM

[login]
krb4_convert = true
krb4_get_tickets = false

About this, I have to comment mi settings for agents and customer after paste this in the config.pm? or I just paste in the file? I should put a number like

/opt/otrs/Kernel/Config.pm
$Self->{LoginURL} = 'http://ticketing/otrs-web/notauthd.html';
$Self->{LogoutURL} = 'http://ticketing/otrs-web/goodbye.html';

$Self->{'AuthModule2'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp2'} = '@FL.LOCAL';
$Self->{'Customer::AuthModule3'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{'Customer::AuthModule::HTTPBasicAuth::ReplaceRegExp3'} ='@FL.LOCAL';

Thank you in advance!

[MrMengsk]

you don't have a C compiler installed.

Also why you are try to use NTLM, you should use Kerberos for SSO

Because the tutorial what I found it use NTML.

Now I´m dealing with kerberos because I´m a newbie on this.