The .htacces file to authenticate against using Kerberos will look the following:
AuthType Kerberos
KrbAuthRealms YOURDOMAIN.LOCAL
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbServiceName HTTP/HOSTNAME.YOURDOMAIN.local
Krb5KeyTab /etc/yourKrb5.keytab
require valid-user
# BEGIN WordPress
# [...]
# END WordPress
Assuming that kerberos is properly configured on the server.
Howto setup kerberos: here
Hello,
I’ve downloaded and installed ;But I’ve an issue. I configure the domain controllers field. But When I use the “Test tool”, the test failed because the domain controllers is empty. Do you know where the issue is coming from?
Test output:
Options for adLDAP connection:
– account_suffix:
– base_dn:
– domain_controllers:
– ad_port: 389
– use_tls: 0
– network timeout: 5
[INFO] Checking domain controller ports:
[ERROR] – :389 – FAILED
Will this work on a Windows server? I see the .htaccess file edits, but our client is using Windows for the site/server.
Thanks!
Craig
Yes , the server is a Windows server.
[INFO] method authenticate() called
[INFO] ——————————————
PHP version: 5.6.3
WP version: 4.1.1
ADI version: 1.1.8
OS Info : Windows NT XSPW11F011B 6.3 build 9200 (Windows Server 2012 R2 Standard Edition) i586
Web Server : apache2handler
adLDAP ver.: 3.3.2 EXTENDED (201302271401)
——————————————
[INFO] LDAP paging: enabled
Do you need more information to debug?
ole1986, I am getting a similar error with the AD information not being passed:
[INFO] method authenticate() called
[INFO] ——————————————
PHP version: 7.0.8
WP version: 4.5.3
ADI version: 1.1.8
OS Info : Windows NT xxxxxx 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
Web Server : cgi-fcgi
adLDAP ver.: 3.3.2 EXTENDED (201302271401)
——————————————
[INFO] LDAP paging: enabled
[NOTICE] username: xxxxxx
[NOTICE] password: **not shown**
[INFO] Options for adLDAP connection:
– account_suffix:
– base_dn:
– domain_controllers:
– ad_port: 389
– use_tls: 0
– network timeout: 5
[INFO] Checking domain controller ports:
[ERROR] – :389 – FAILED
[NOTICE] adLDAP object created.
[INFO] max_login_attempts: 3
[INFO] users failed logins: 0
[NOTICE] trying account suffix “”
[ERROR] Authentication failed
We are getting some pressure to get this done by our client, I would be wiling to donate some money to get some help with this.
Thank you!
Hello to everyone,
what I can tell you I am also using Windows server and it is working just fine.
try using the IP address of the DC instead of the name – Port 389 should be ok
Also enter a BaseDN – Something similar to:
dc=yourDomain,dc=LOCAL
and add the account suffix in “User” tab properly: @yourDomain.local
@ole1986:
Hi there,
I use Apache 2.4 on Windows Server 2012.
LDAP is working fine.
SSO is the thing I’m configuring now while following your instructions.
I created a keytab and I changed my .htaccess file.
But where should I put the keytab file on the server??
Because /etc/… is probably the locaion for a Linux based machine. But where in Windows/Apache should this be saved?
Hope to hear from you asap.
Hi there,
Oh but in your previous reply you said that you are also using Windows server and it was working just fine haha..
Yeah I tried that one, but didn’t help..
where it goes wrong is from step 6 onwards. Where should I get the mod_auth_kerb.so file..?
As soon as I change my httpd file, my Apache doesn’t want to start anymore..
