Authentication

The only thing that comes to mind is checking that you are actually coming from 10.0.0.0/255.255.0.0. Are there any proxies or routers doing NAT between your client machine and the Moodle server? Any reverse-proxy in from of it? (this may incluso ISA Server boxes and so on)

If Moodle thinks that you are coming from a different subnet, then it won't try NTLM SSO at all.

Saludos, Iñaki.

We got that far too and had the same problem. Then somebody asked if we were going through a fire wall. Our Moodle sits in a DMZ, it is the DMZ that stopped it working as you anticipated.
At the time I was trying to make ours work it was suggested that to put that many holes in the firewall was not a good thing so we abandoned it. That might have changed by now I don't know. But if you are going into a DMZ then that might be your issue, you would have to make sure appropriate ports were open for it.
Regards

I have the same problem with you.

My Moodle Environment is as follows:

• Moodle 1.9.7+
  
• PHP Version 5.3
• MySQL 5.1.37
• Apache 2.2.12
• windows 2003 server IP:10.165.1.63 DNS:10.165.1.12
  

DNS and LDAP(windows AD) server :10.165.1.12

I have the exact same problem as listed by Brian.  I am using moodle 1.9.7+ with Apache and have successfully configured LDAP authentication.

In the same way as above, I have LDAP SSO working if I visit ntlmsso_attempt.php directly but when I visit any page that requires authentication, Moodle does not attempt single sign-on.  I must then login manually.

I have heard suggestions that this could be caused by incorrectly set subnet mask settings.  We have three subnets in the ranges 10.0.0.x, 10.0.1.x, 10.0.2.x and I have set the settings accordingly.  The settings currently are:

Subnet: 10.0.0.0/255.0.0.0, 10.0.1.0/255.0.0.0, 10.0.2.0/255.0.0.0

...but I have also tried many permutations of the syntax (such as 10.0.0.0/8 or 10.0.0/8 and many others).

I am attempting this test from client 10.0.0.135.  As suggested in a post by Iñaki Arenaza, I have added the following line to auth.php to determine that Moodle is definitely receiving the authentication request from 10.0.0.135:

error_log ('Client IP address as seen by NTLM SSO hook: ' . getremoteaddr());

When I check the Apache logs, I can see the request is received from the correct client so I don't think this is the issue.

(As a side issue, I am using IE8 for the test and if I enable MS IE Fastpath, NTLM SSO doesn't work at all; I receive an authentication failed error from ntlmsso_attempt.php.  I have also tried this with IE6 with the same results)

Any help on this would be appreciated.

Cheers, Dean.

I spoke too soon.  While this has fixed the problem partially and now NTLM SSO is working to log users in automatically, I require the login process to be seemless and as we use IE the only way to achieve this is to use the MS IE Fastpath option.

The problem is that when I enable MS IE Fastpath I receive a 'Server error 500... server is overloaded or there was an error in a CGI script'.  This occurs everytime ntlmsso_magic.php is called.  I have checked the Apache logs and no errors are recorded.

Have been trying to get this functioning for a couple of days now.  Any help much appreciated.

Cheers, Dean.