NTLM not working with moodle 3.4 and IIS 8.5

Re: NTLM not working with moodle 3.4 and IIS 8.5

by Guybrush Threepwood -
Number of replies: 1

No, NTLM SSO is not even attempted.

For the subnet field, i choose the B class subnet that we own. I even tried empty. The client IP falls in the range.

Here's the log:

When opening the page and clicking on Login

2018-05-25 05:56:15 157.26.166.46 GET / - 80 - 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 401 2 5 109
2018-05-25 05:56:15 157.26.166.46 GET / - 80 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 303 0 0 484
2018-05-25 05:56:15 157.26.166.46 GET / - 443 - 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 401 2 5 0
2018-05-25 05:56:17 157.26.166.46 GET / - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 200 0 0 828
2018-05-25 05:56:17 157.26.166.46 GET /theme/image.php/more/theme/1526288275/favicon - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 200 0 0 15
2018-05-25 05:56:17 157.26.166.46 POST /lib/ajax/service.php sesskey=chGGzRFpJ9&info=core_fetch_notifications 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/ 200 0 0 62
2018-05-25 05:56:21 157.26.166.46 GET /login/index.php - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/ 200 0 0 234
2018-05-25 05:56:21 157.26.166.46 GET /theme/image.php/more/core/1526288275/help - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/login/index.php 200 0 0 0
2018-05-25 05:56:21 157.26.166.46 POST /lib/ajax/service.php sesskey=chGGzRFpJ9&info=core_fetch_notifications 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/login/index.php 200 0 0 31


When entering the credentials and click OK:

2018-05-25 05:57:47 157.26.166.46 POST /login/index.php - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/login/index.php 303 0 0 531
2018-05-25 05:57:47 157.26.166.46 GET /login/index.php testsession=15 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/login/index.php 303 0 0 46
2018-05-25 05:57:48 157.26.166.46 GET / - 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/login/index.php 200 0 0 1249
2018-05-25 05:57:48 157.26.166.46 POST /lib/ajax/service.php sesskey=Hfma2wkTVv&info=core_message_get_unread_conversations_count 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/ 200 0 0 78
2018-05-25 05:57:48 157.26.166.46 POST /lib/ajax/service.php sesskey=Hfma2wkTVv&info=core_fetch_notifications 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/ 200 0 0 187
2018-05-25 05:57:48 157.26.166.46 POST /lib/ajax/service.php sesskey=Hfma2wkTVv&info=message_popup_get_unread_popup_notification_count 443 domain\user 157.26.165.37 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://learn-dev.s2.rpn.ch/ 200 0 0 218

I replaced the credentials by "domain\user"

Average of ratings: -
In reply to Guybrush Threepwood

Re: NTLM not working with moodle 3.4 and IIS 8.5

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Unfortunately I don't have a working environment to compare this with but the first four lines of the first excerpt indicate that the environment isn't configured in line with the documentation.

  1. Line 1 is a request on port 80 for the Moodle home page being rejected by IIS as unauthenticated with the response code 401 Unauthorized.
  2. Line 2 is IE automatically sending the NTLM authentication for its user and being redirected to port 443 for HTTPS access with response code 303 See Other.
  3. Line 3 is IE following that redirect to the HTTPS site but since HTTPS and HTTP count as different sites it again gets rejected by IIS as authenticated with 401 Unauthorized.
  4. Line 4 is IE again sending the NTLM authentication and finally getting the Moodle home page with a 200 OK response.

The Moodle documentation for NTLM single sign-on says to configure the file /auth/ldap/ntlmsso_magic.php for authenticated access but these lines indicate that access to /index.php has also been configured in this way, thus the unexpected 401 responses.

Maybe this is something you've done deliberately and maybe it doesn't actually affect the issue but it's worth looking into. You may have inadvertently configured the whole Moodle folder for authenticated access.

Average of ratings: Useful (1)