External authorization

-----BEGIN PGP SIGNED MESSAGE-----

Having a really weird problem I can’t figure out. I’m using external
authorization and it’s letting me past the web server login prompt, but stops
at the rt web login window, although the rt web login window has no fields in
which to type userid and password, the gray part of the table is simply blank,
execept for the copyright footer.

(originally I did all my changes in RT_SiteConfig.pm only)

grep ‘[1]’ RT_Config.pm

package RT;
=head1 NAME
RT::Config
=for testing
use RT::Config;
=cut
Set($rtname , “gwi.net”);
Set($Organization , “gwi.net”);
Set($MinimumPasswordLength , “8”);
Set($Timezone , ‘US/Eastern’);
Set($DatabaseType , ‘Pg’);
Set($DatabaseHost , ‘localhost’);
Set($DatabaseRTHost , ‘localhost’);
Set($DatabasePort , ‘’);
Set($DatabaseUser , ‘rt3’);
Set($DatabasePassword , ‘xxxxxxxx’);
Set($DatabaseName , ‘rt3’);
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , ‘root’);
Set($LoopsToRTOwner , 1);
Set($StoreLoops , undef);
Set($MaxAttachmentSize , 10000000);
Set($TruncateLongAttachments , undef);
Set($DropLongAttachments , undef);
Set($ParseNewMessageForTicketCcs , undef);
Set($RTAddressRegexp , ‘^rt@gwi.net$’);
Set($CanonicalizeEmailAddressMatch , ‘rt.gwi.net$’);
Set($CanonicalizeEmailAddressReplace , ‘gwi.net’);
Set($SenderMustExistInExternalDatabase , undef);
Set($CorrespondAddress , ‘xxxxxxxsnipxxxxxx’);
Set($CommentAddress , ‘xxxxxxxsnipxxxxxxx’);
Set($MailCommand , ‘sendmailpipe’);
Set($SendmailArguments , “-oi -t”);
Set($SendmailPath , “/usr/sbin/sendmail”);
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , “"%s via RT" <%s>”);
Set($UseFriendlyToLine , 0);
Set($FriendlyToLineFormat, “"%s of $RT::rtname Ticket #%s":;”);
Set($NotifyActor, 0);
Set($LogToSyslog , ‘debug’);
Set($LogToScreen , ‘error’);
Set($LogToFile , 1);
Set($LogDir, ‘/usr/local/rt3/var/log’);
Set($LogToFileNamed , “rt.log”); #log to rt.log
Set($WebPath , “”);
Set($WebBaseURL , “https://bedlam.gwi”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);
Set($WebImagesURL , $WebURL . “NoAuth/images/”);
Set($LogoURL , $WebImagesURL . “rt.jpg”);
Set($TrustHTMLAttachments , undef);
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , undef);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , undef);
@LexiconLanguages = qw(*) unless (@LexiconLanguages);
@EmailInputEncodings = qw(utf-8 iso-8859-1 us-ascii) unless
(@EmailInputEncodings);
Set($EmailOutputEncoding , ‘utf-8’);
Set($DateDayBeforeMonth , 1);
Set($AmbiguousDayInPast , 1);
1;

cat RT_SiteConfig.pm

Set($rtname , “gwi.net”);
Set($Organization , “gwi.net”);
Set($MinimumPasswordLength , “8”);
Set($OwnerEmail , ‘ajharrison@gwi.net’);
Set($RTAddressRegexp , ‘^rt3@gwi.net$’);
Set($CanonicalizeEmailAddressMatch , ‘webrt.gwi.net’);
Set($CanonicalizeEmailAddressReplace , ‘gwi.net’);
Set($CorrespondAddress , ‘gwi-network@gwi.net’);
Set($CommentAddress , ‘gwi-network@gwi.net’);
Set($LogToSyslog , ‘debug’);
Set($LogToScreen , ‘error’);
Set($LogToFile , 1);
Set($LogDir, ‘/usr/local/rt3/var/log’);
Set($LogToFileNamed , “rt.log”); #log to rt.log
Set($WebBaseURL , “https://bedlam.gwi”);
Set($WebExternalAuth , “true”);
Set($WebFallbackToInternalAuth , undef);
1;

httpd.conf section:
#WEBRT PUBLIC VWS##
<VirtualHost 192.168.1.243:80>
ServerAdmin xxxxxxsnipxxxxxx
ServerName bedlam.gwi
DocumentRoot /usr/local/rt3/share/html
ErrorLog /var/log/httpd/bedlam.gwi_error_log
TransferLog /var/log/httpd/bedlam.gwi_access_log

RedirectMatch permanent /(.*) https://bedlam.gwi/$1

<VirtualHost 192.168.1.243:443>

SSLEngine on

    SSLCertificateFile /usr/local/etc/apache/ssl.crt/bedlam.gwi.crt
    SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/bedlam.gwi.key

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
</IfDefine>

ServerName bedlam.gwi
DocumentRoot /usr/local/rt3/share/html
ErrorLog /var/log/httpd/bedlam.gwi_error_log              
TransferLog /var/log/httpd/bedlam.gwi_access_log 
AddDefaultCharset UTF-8
AddRadiusAuth radius1.gwi:1812 xxxxxxsnipxxxxxxx

PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl

<Location />
    SetHandler perl-script
    PerlHandler RT::Mason
</Location>

<Directory /usr/local/rt3/share/html/>
    AuthRadiusAuthoritative on
    AuthRadiusCookieValid 480
    AuthName "WebRT"
    AuthType Basic

    AuthGroupFile /usr/local/etc/apache/auth/calltrak.group
    #AuthUserFile  /usr/local/etc/apache/auth/calltrak.auth

    require group tech
    Options FollowSymLinks +Includes ExecCGI MultiViews
    AllowOverride AuthConfig Limit
</Directory>

I look for errors logged in the apache logs, messages log, and rt.log and there
are none. And I quadruple checked that my login name appears in the
calltrack.group file and matches the what I’m typing in when I authenticate.

Any clues?

Andy Harrison
(full headers for details)

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPzvZTFPEkLgodAWVAQHBOAP+ORucDno2btfVI2CoOKa+rd3R9zgoN8sI
FvO15gqLtGNizrLljAGbWh1Z771HRIwFTjumgFc6n0xoVUe8sm+6aGdXr4Qt6jak
jXdwkSlXcpKsvQdAtLDbbzxmJMM8uMaFwl+SbZdBPG6CV3gwXF4t5pwWINXr11rh
mWHVJqOAf50=
=XBdA
-----END PGP SIGNATURE-----


  1. ^# ↩︎

-----BEGIN PGP SIGNED MESSAGE-----

Nevermind… All set. Helps if I remember to import the dump FIRST. doh!

Andy Harrison
(full headers for details)

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPzv6YFPEkLgodAWVAQHx9AP+OLXIdr0uFkNu4LEvc6odsPlshTE12NUH
lAqX9XjbQgRd+rHqMFMiaxruvexcZgnfu5TSbnjlbOIU4z6VHziDgC8IW8x/s3YQ
lDTTy+RsIxbmurLdeO7MJ1a7/RMooKOuucfMSXBuNV8N92eiDWUPQE24f4W3wMyu
fXZcA8FJcQ8=
=upmQ
-----END PGP SIGNATURE-----