I'm using a working WAMP 2.2 install on a Windows 2008R2 x64.
Adding the "LoadModule sspi_auth_module modules/mod_auth_sspi.so" line in the httpd.conf prevent Apache service to start. No info in the apache error log, but i've found this in the windows event manager :
The Apache service named reported the following error:
>>> httpd.exe: Syntax error on line 62 of C:/wamp/bin/apache/Apache2.2.21/conf/httpd.conf: Cannot load C:/wamp/bin/apache/Apache2.2.21/modules/mod_auth_sspi.so into server: The Apache service named n\x92est pas une application Win32 valide. .
Changing the line position does not seems to be the answer, i've tried several localtion without any change.
Is there a incompatibility between Windows 2008R2 x64, Apache 2.2.21 64ed and this mod ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have the same issue - the server is Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.x not 2.2.x - is mod_auth_sspi supported in this configuration?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Did anyone manage to get to the bottom of it. I am trying to upgrade to Apache2.4 and the mod_auth_sspi is not Loading. Does it not work with Apache2.4? Does Apache2.4 has to be 32bit ? Any suggestions most welcome
Thanks
Mandeep
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
we have the same conf :
Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.3.
We try with the 64bit version of mod_auth_sspi, but the apache service still not load.
Thanks for help
DjeDje
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I managed to get it working using a branch of mod_auth_sspi. I posted about it on ApacheLounge, I am copying the post from there to here, follow it and you should be able to get the auto login working.
So, Just to give everyone a refresher on this. With Apache 2.2 the mod_auth_sspi.so module can be used to auto login users by getting their AD credentials ( logged on user on the client machine). This method is very useful when you are working on an intranet.
With Apache2.4 this module is broken and does not work. If you are upgrading to 2.4 and need this to work, you have to make some changes. The below steps are for windows 2008 R2, Running Apache 2.4 (32 bit version)
Follow these steps to get this working:
1: Download the module from here https://www.apachehaus.net/modules/mod_authnz_sspi/
(x86 for 32 bit and x64 for 64 bit apache)
2: Copy the mod_authnz_sspi.so from Apache24>>modules folder and place it in the modules folder of your Apache folder on your webserver
3: Under the httpd.conf file (Config file for your apache) place this line of code. Try to load this as the last module
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
4: Make sure that the following modules are uncommented
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
PS:- both the above modules are required for this to work.
5: Place the following code in your httpd.conf file
<Directory "path/to/your/secure/folder">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
6: Restart your apache servive and hopefully it should restart without any issues.
7: Now in order to recognise the user , use the following code on a php page (index/main page for internal users)
$cred = explode('\\',$_SERVER);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the Windows NT domain <B>$domain</B><BR/>";
You should now be able to see the logged on user. Once this is completed you can write SQL/MYSQL queries to identify the user type and redirect them to their appropriate pages/section of the intranet. I would set the Session variables once I have identified the user and queries their information to personalise their intranet pages.
Hope this will be helpful and save people several hours of effort.
Regards
Mandeep
PS: ( I have used the config from 2.2 as it still works with 2.4 ) Any issues, let me know I will try to be of help!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanksfor the comment, I am glad that the solution worked for you.
With Apache2.4, a different config can be used as well, but for the purpose of familiarity the 2.2 config is fine for now. I will use the 2.4 config once I have more trust on the reliability of the new server and post the updates here.
Don't be afraid to ask any more questions you have on PHP/APache/MYSQL/SQL/SSRS etc. mail me directly on mandeep.chhabra@yahoo.co.in
Good Luck
Mandeep
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all,
I used apache 2.4 with this config:
<Directory "mydir/htdocs">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
$cred = explode('\\',$_SERVER); if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)"); list($domain, $user) = $cred; echo "You appear to be user <B>$user</B><BR/>"; echo "logged into the Windows NT domain <B>$domain</B><BR/>";
The result is
"You appear to be user
logged into the Windows NT domain (no domain info - perhaps SSPIOmitDomain is On)"
The config dosen't work….. :(
Do you have any suggestions? Thank you a lot
Roxy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm using a working WAMP 2.2 install on a Windows 2008R2 x64.
Adding the "LoadModule sspi_auth_module modules/mod_auth_sspi.so" line in the httpd.conf prevent Apache service to start. No info in the apache error log, but i've found this in the windows event manager :
Changing the line position does not seems to be the answer, i've tried several localtion without any change.
Is there a incompatibility between Windows 2008R2 x64, Apache 2.2.21 64ed and this mod ?
The module is built for 32-bit Apache not 64-bit Apache. Unless you have some special memory requirement use Apache 32-bit.
I have the same issue - the server is Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.x not 2.2.x - is mod_auth_sspi supported in this configuration?
Hello All,
Did anyone manage to get to the bottom of it. I am trying to upgrade to Apache2.4 and the mod_auth_sspi is not Loading. Does it not work with Apache2.4? Does Apache2.4 has to be 32bit ? Any suggestions most welcome
Thanks
Mandeep
You must use a 64 bit version of mod_auth_sspi, I was able to use this one http://strawberryperl.com/package/kmx/mod_auth_sspi/x64/ and it loaded no problem.
Hello,
we have the same conf :
Win 2008 R2 x64 - Apache is 32 bit though the version is 2.4.3.
We try with the 64bit version of mod_auth_sspi, but the apache service still not load.
Thanks for help
DjeDje
Hi DjeDje
I managed to get it working using a branch of mod_auth_sspi. I posted about it on ApacheLounge, I am copying the post from there to here, follow it and you should be able to get the auto login working.
So, Just to give everyone a refresher on this. With Apache 2.2 the mod_auth_sspi.so module can be used to auto login users by getting their AD credentials ( logged on user on the client machine). This method is very useful when you are working on an intranet.
With Apache2.4 this module is broken and does not work. If you are upgrading to 2.4 and need this to work, you have to make some changes. The below steps are for windows 2008 R2, Running Apache 2.4 (32 bit version)
Follow these steps to get this working:
1: Download the module from here
https://www.apachehaus.net/modules/mod_authnz_sspi/
(x86 for 32 bit and x64 for 64 bit apache)
2: Copy the mod_authnz_sspi.so from Apache24>>modules folder and place it in the modules folder of your Apache folder on your webserver
3: Under the httpd.conf file (Config file for your apache) place this line of code. Try to load this as the last module
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
4: Make sure that the following modules are uncommented
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
PS:- both the above modules are required for this to work.
5: Place the following code in your httpd.conf file
<Directory "path/to/your/secure/folder">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
6: Restart your apache servive and hopefully it should restart without any issues.
7: Now in order to recognise the user , use the following code on a php page (index/main page for internal users)
$cred = explode('\\',$_SERVER);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the Windows NT domain <B>$domain</B><BR/>";
You should now be able to see the logged on user. Once this is completed you can write SQL/MYSQL queries to identify the user type and redirect them to their appropriate pages/section of the intranet. I would set the Session variables once I have identified the user and queries their information to personalise their intranet pages.
Hope this will be helpful and save people several hours of effort.
Regards
Mandeep
PS: ( I have used the config from 2.2 as it still works with 2.4 ) Any issues, let me know I will try to be of help!
hi mandeep06,
YOU ARE THE BEST!!!!!
Thanks a lot for the solution, it works perfectly with Apache 2.4.
DjeDje7
Hi DjeDje7,
Thanksfor the comment, I am glad that the solution worked for you.
With Apache2.4, a different config can be used as well, but for the purpose of familiarity the 2.2 config is fine for now. I will use the 2.4 config once I have more trust on the reliability of the new server and post the updates here.
Don't be afraid to ask any more questions you have on PHP/APache/MYSQL/SQL/SSRS etc. mail me directly on mandeep.chhabra@yahoo.co.in
Good Luck
Mandeep
Hi all,
I used apache 2.4 with this config:
<Directory "mydir/htdocs">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
Require valid-user
</Directory>
$cred = explode('\\',$_SERVER); if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)"); list($domain, $user) = $cred; echo "You appear to be user <B>$user</B><BR/>"; echo "logged into the Windows NT domain <B>$domain</B><BR/>";
The result is
"You appear to be user
logged into the Windows NT domain (no domain info - perhaps SSPIOmitDomain is On)"
The config dosen't work….. :(
Do you have any suggestions? Thank you a lot
Roxy
Hi ,
I have the same issue than Roxy.
Nobody have the solution ?
Thanks for the answer.
Miss Fe