Windows server: Auto-login using Kerberos

Windows server: Auto-login using Kerberos

David Boyko írta időpontban
Válaszok szám: 1

Hi,

I have Moodle 2.0 + IIS7.5 + MSSQL 2008 R2 running in my environment. If I use SSO via NTLM I don't have any problems with auto-login. If I switch to Kerberos, auto-login fails. I know the LDAP settings are right because I can log in using my domain account using the manual login process. I know Kerberos is working because I have a valid ticket visible using Kerbtray and the security logs on the server show my domain account successfully logging (Audit Success) with notification of Logon Process = Kerberos.

So far I've double-checked the apppool account folder permissions and they all seem fine. Even tried giving full access to everyone and that didn't solve anything.

My authentication settings in IIS are:

  • Authentication  Providers: Negotiate, NTLM  
  • Kernel-mode authentication: Disabled

I'm pretty much stumped on this one. Any ideas?

Értékelések átlaga: -
Válasz erre: David Boyko

Re: Windows server: Auto-login using Kerberos

David Boyko írta időpontban

The problem was the login code:

switch ($this->config->ntlmsso_type) {
                case 'ntlm':
                    // Format is DOMAIN\username
                    $username = substr(strrchr($username, '\\'), 1);
                    break;
                case 'kerberos':
                    // Format is username@DOMAIN         
                    $username = substr($username, 0, strpos($username, '@'));
                    break;
                default:
                    error_log($this->errorlogtag.get_string ('ntlmsso_unknowntype', 'auth_ldap'));
                    return false; // Should never happen!
            }

It wasn't always the case that the format would be username@domain, so I just modified the code a bit and it works.

Értékelések átlaga: -