Greetings, fellow RTers.
I’ve just installed RT3.4, and run into some peculiar problem. Perhaps someone
was also struggling with such setup, and can give me a hand here.
Anyway: I was hoping to use WebExternalAuth and check passwords on AD controler. Thus:
—8<--------------------------------------------
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , undef);
—8<--------------------------------------------
I want the fallback just in case ADC fails, so I can log in, at least with
locally defined root account.
I’ve also modified apache-modperl.conf to look like this:
—8<--------------------------------------------
<Directory /usr/share/request-tracker3.2/html>
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm
require valid-user
PerlAddVar ntdomain "DOMAIN ADC1 ADC2"
PerlSetVar defaultdomain DOMAIN
PerlSetVar splitdomainprefix 1
SetHandler perl-script
PerlHandler RT::Mason
<Directory /usr/share/request-tracker3.2/html/NoAuth>
Satisfy Any
Allow from All
—8<--------------------------------------------
And voila! It works!
…but without failback.
With IE, I found no way to stop browser from sending proper NTLM auth header,
so I’m always logged. With Firefox, a window pops out to enter login/pass, so I
hoped I can get RT login page in case I enter wrong login or press esc. When I
press esc, I get ‘Authorization Required’ from Apache. When I supply wrong
login/pass, window is redisplayed again. Not what I want :>
It looks like this in the error log:
[Fri Feb 18 18:36:40 2005] [error] access to /rt/ failed for , reason: Wrong password/user (rc=3/1/327681): DOMAIN\ for /rt/
[Fri Feb 18 18:36:41 2005] [error] access to /rt/ failed for , reason: Wrong password/user (rc=3/1/327681): DOMAIN\ewrqwer for /rt/
[Fri Feb 18 18:36:41 2005] [error] access to /rt/ failed for , reason: Wrong password/user (rc=3/1/327681): DOMAIN\wqerqwe for /rt/
[Fri Feb 18 18:36:41 2005] [error] access to /rt/ failed for , reason: Wrong password/user (rc=3/1/327681): DOMAIN\ for /rt/
[Fri Feb 18 18:55:08 2005] [error] access to /rt/ failed for , reason: Bad/Missing NTLM/Basic Authorization Header for /rt/
(series of wrong logins, ended with ESC)
I’ve tried to modify Apache::AuthenNTLM behaviour, by setting ntlmauthoritative to off:
PerlSetVar ntlmauthoritative off
But in that case, I get 500 Internal Server Error:
[Fri Feb 18 19:01:42 2005] [error] access to /rt/ failed for , reason: Wrong password/user (rc=3/1/327681): DOMAIN\fasfads for /rt/
[Fri Feb 18 19:01:42 2005] [crit] [client 163.242.13.190] configuration error: couldn’t check user. No user file?: /rt/
… just after first bad login attempt.
Of course this brokes rt command line tool, which is a bit more important to me than fallback.
Exactly the same happens with Basic auth, so I guess it is rather RT related.
Help?
Best regards,
KT.
__ .---------------------------------------------------------------.
(oo) | If God is perfect, why did He create discontinuous functions? |
/ / \ | |
V__V'
–.penguin#128720_____________________________________________.–’