Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

apache service can't load with mod_auth_sspi

Help
afiz
2011-12-07
2013-10-14
  • afiz
    afiz
    2011-12-07

    I'm using a working WAMP 2.2 install on a Windows 2008R2 x64.

    Adding the "LoadModule sspi_auth_module modules/mod_auth_sspi.so" line in the httpd.conf prevent Apache service to start. No info in the apache error log, but i've found this in the windows event manager :

    The Apache service named  reported the following error:
    >>> httpd.exe: Syntax error on line 62 of C:/wamp/bin/apache/Apache2.2.21/conf/httpd.conf: Cannot load C:/wamp/bin/apache/Apache2.2.21/modules/mod_auth_sspi.so into server: The Apache service named n\x92est pas une application Win32 valide.     .

    Changing the line position does not seems to be the answer, i've tried several localtion without any change.

    Is there a incompatibility between Windows 2008R2 x64, Apache 2.2.21 64ed and this mod ?

     
  • Rodney Beede
    Rodney Beede
    2011-12-07

    The module is built for 32-bit Apache not 64-bit Apache.  Unless you have some special memory requirement use Apache 32-bit.

     
  • Avi Davidowitz
    Avi Davidowitz
    2012-07-23

    I have the same issue - the server is Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.x not 2.2.x - is mod_auth_sspi supported in this configuration?

     
  • Mandeep
    Mandeep
    2012-09-18

    Hello All,

    Did anyone manage to get to the bottom of it. I am trying to upgrade to Apache2.4 and the mod_auth_sspi is not Loading. Does it not work with Apache2.4? Does Apache2.4 has to be 32bit ? Any suggestions most welcome

    Thanks
    Mandeep

     
  • DjeDje_zr7
    DjeDje_zr7
    2012-10-17

    Hello,
    we have the same conf :
    Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.3.
    We try with the 64bit version of mod_auth_sspi, but the apache service still not load.

    Thanks for help
    DjeDje

     
  • Mandeep
    Mandeep
    2012-10-17

    Hi DjeDje

    I managed to get it working using a branch of mod_auth_sspi. I posted about it on ApacheLounge, I am copying the post from there to here, follow it and you should be able to get the auto login working.

    So, Just to give everyone a refresher on this. With Apache 2.2 the mod_auth_sspi.so module can be used to auto login users by getting their AD credentials ( logged on user on the client machine). This method is very useful when you are working on an intranet.

    With Apache2.4 this module is broken and does not work. If you are upgrading to 2.4 and need this to work, you have to make some changes. The below steps are for windows 2008 R2, Running Apache 2.4 (32 bit version)

    Follow these steps to get this working:

    1: Download the module from here
    https://www.apachehaus.net/modules/mod_authnz_sspi/
    (x86 for 32 bit and x64 for 64 bit apache)
    2: Copy the mod_authnz_sspi.so from Apache24>>modules folder and place it in the modules folder of your Apache folder on your webserver
    3: Under the httpd.conf file (Config file for your apache) place this line of code. Try to load this as the last module
    LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
    4: Make sure that the following modules are uncommented
    LoadModule authn_core_module modules/mod_authn_core.so
    LoadModule authz_core_module modules/mod_authz_core.so
    PS:- both the above modules are required for this to work.
    5: Place the following code in your httpd.conf file
    <Directory "path/to/your/secure/folder">
    Options None
    AllowOverride All
    Order allow,deny
    Allow from all
    #AuthName "SSPI Protected Place"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIOfferBasic On
    SSPIOmitDomain On
    Require valid-user
    </Directory>
    6: Restart your apache servive and hopefully it should restart without any issues.

    7: Now in order to recognise the user , use the following code on a php page (index/main page for internal users)

    $cred = explode('\\',$_SERVER);
    if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
    list($domain, $user) = $cred;

    echo "You appear to be user <B>$user</B><BR/>";
    echo "logged into the Windows NT domain <B>$domain</B><BR/>";

    You should now be able to see the logged on user. Once this is completed you can write SQL/MYSQL queries to identify the user type and redirect them to their appropriate pages/section of the intranet. I would set the Session variables once I have identified the user and queries their information to personalise their intranet pages.

    Hope this will be helpful and save people several hours of effort.

    Regards
    Mandeep

    PS: ( I have used the config from 2.2 as it still works with 2.4 ) Any issues, let me know I will try to be of help!

     
  • DjeDje_zr7
    DjeDje_zr7
    2012-10-18

    hi mandeep06,
    YOU ARE THE BEST!!!!!
    Thanks a lot for the solution, it works perfectly with Apache 2.4.
    DjeDje7

     
  • Mandeep
    Mandeep
    2012-10-18

    Hi DjeDje7,

    Thanksfor the comment, I am glad that the solution worked for you.

    With Apache2.4, a different config can be used as well, but for the purpose of familiarity the 2.2 config is fine for now. I will use the 2.4 config once I have more trust on the reliability of the new server and post the updates here.

    Don't be afraid to ask any more questions you have on PHP/APache/MYSQL/SQL/SSRS etc. mail me directly on mandeep.chhabra@yahoo.co.in

    Good Luck
    Mandeep

     
  • Roxy
    Roxy
    2013-03-19

    Hi all,
    I used apache 2.4 with this config:
    <Directory "mydir/htdocs">
    Options None
    AllowOverride All
    Order allow,deny
    Allow from all
    #AuthName "SSPI Protected Place"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIOfferBasic On
    SSPIOmitDomain On
    Require valid-user
    </Directory>

    $cred = explode('\\',$_SERVER); if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)"); list($domain, $user) = $cred; echo "You appear to be user <B>$user</B><BR/>"; echo "logged into the Windows NT domain <B>$domain</B><BR/>";

    The result is
    "You appear to be user
    logged into the Windows NT domain (no domain info - perhaps SSPIOmitDomain is On)"

    The config dosen't work….. :(

    Do you have any suggestions? Thank you a lot
    Roxy

     
  • Miss Fe
    Miss Fe
    2013-10-14

    Hi ,

    I have the same issue than Roxy.
    Nobody have the solution ?

    Thanks for the answer.

    Miss Fe