troubleshooting Question

Issues With mod_auth_sspi Getting a User's Domain Name

Avatar of damijim
damijimFlag for United States of America asked on
PHPApache Web ServerWeb Applications
10 Comments1 Solution2739 ViewsLast Modified:
I'm running Apache 2.x, PHP 5 with the mod_auth_sspi module and adLDAP ( http://adldap.sourceforge.net/ ). I can use adLDAP against AD to authenticate a user, but I'm trying to do seamless authentication (using FAQ #6 on http://adldap.sourceforge.net/faq.php ). This will be used on the internal domain cobbworld.com.

The problem is the sample code (attached as a snippet) always returns, ProWEBDEV-VM/admin as the user when I try hitting the server (from another box where I am logged into the domain). I check the $_SERVER['REMOTE_USER'] variable and it is always ProWEBDEV-VM/admin.

I am logged into my VM web server through VCenter, and this response is coming from my desktop where I am using my company username/password (both on cobbworld). When other users try to access the test page, they recieve a message box prompting them for a username and password.

I'm confused as to what is going on. Help? Please let me know what information would be helpful.

Also - from the documentation of mod_auth_sspi, it seems like it could do the seamless authentication w/o the need for adLDAP. I've done this much easier before with ASP, but I need to do it w/ PHP now. Thanks!
$cred = explode('\\',$_SERVER['REMOTE_USER']);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
 
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the domain <B>$domain</B>";
 
 
Here's my output (from my local machine on the domain w/ my user ID):
You appear to be user admin
logged into the domain PROWEBDEV-VM
 
(Note: I log on to my dev server as admin/PROWEBDEV-VM... and httpd.exe is running as a SYSTEM service.)
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros