Hi every one
I'm using LDAP for authentication and we have about 2000 users in our site. now we need to use windows authentication for authenticating. I have tried to config NTLM but there was not module for apache2.4. So I must use another solution. would you help me what must i do?
OS=windows server 2012- 64 bit
any suggestion would be apreciated
have you already read https://docs.moodle.org/29/en/NTLM_authentication ?
Why using Apache under Windows? IIS + PHP via FastCGI is in your case a nicer solution: https://docs.moodle.org/29/en/Internet_Information_Services#IIS_configuration_steps.
Otherwise, you could give https://github.com/YvesR/mod_authn_ntlm#build-instructions a try.
BTW, please update to a Moodle supported version: it will be better for future issues .
Hi Mr Matteo
First of all, thank you for your prompt response. according to your hint I have migrated to IIS, now my config is:
os=windows server 2012 R2
Moodle=2.9+ ( I will update moodle in future)
would you help me what must i do in next step?
Hi Mr Scaramuccia
I fallowed document for iis 7.5 and ntlm is working now but have some issues:
1. in any browser (even IE) first show popup login box to ask username and password like this:
our users maybe click on cancel button and get error! so I want to dont see this popup login box.
2- if users enter acount info and click on login take too time for show content.and see this message for about 5 minute.. they will get bored!
fallowing image is our ntlm config in moodle:
would you help me how can I fix that?
Windows Authentication requires that the folders and files served by a Webapp, here Moodle, will be readable and traversable by the Users i.e. you need to create a Windows Group for the Users accessing Moodle - maybe the whole, so just use Domain Users - and apply those permission, including the possbility to traverse - just it, even not read - the folder in the path starting from the disk unit (e.g. D:\)
There are some other docs in the net like e.g. http://www.wicher.co.uk/ldap-ntlm/ which describes in a different manner what you read at https://docs.moodle.org/34/en/NTLM_authentication#IIS_7.x. Did you perform at least these steps including IIS configuration?
Besides, to define multiple subnets you need to separate them using "," and not " ".
I performed all steps including IIS configuration according to link. and subnets are seprated by "," and I applied permission that you saied, but still show popup login box. someone said me I must use ssl for solving this issue. are you agree?
you don't tell us which browser(s) you are using to test NTLM SSO. The thing is NTLM SSO credential exchange is not attempted by default by any of the tier-1 browsers (IE/Edge, Chrome, Firefox). You need to explicitly configure them to send the credentials as part of the connection negotiation exchange (e.g., IE doesn't send the user credentials unless the Moodle server is part of the 'trusted zone' or the 'intranet zone' the client browser security settings: https://moodle.org/mod/forum/discuss.php?d=80104#p416040).
If all your Moodle users are using Micrososft browsers from machines that are part of your Active Directory domain, you can use Group Policies to configure the needed settings automatically (see https://moodle.org/mod/forum/discuss.php?d=115726#p615067).
Otherwise, each user will need to configure their own browser following the browser documentation.
By the way, using SSL was not mandatory for NTLM SSO to work last time I checked (but that was on IE 8.x, so things might have changed), but it's still a very good idea