I've revised the below after more testing today.
I'm using Apache 2.2.6 on a Windows 2003 Server, and am authenticating users with mod_auth_sspi 1.0.4 for certain parts of our intranet site. I'm simply requiring them to provide valid AD credentials so we can grab things like their user name and email address.
When I visit http://server/dev/
, SSPI works perfectly, seemlessly authenticating IE users, and providing a login box for users on Firefox. However, when I visit http://server.uk.domain.com/dev/ (giving the FQDN of the Apache server) SSPI gives a login box even on IE, and users have to login with their full domain and user name rather than just the user name.
Is there any way to get SSPI to ignore the domain OF THE SERVER? It's as if it's wanting the domain "uk.domain.com", whereas the client is proving UK\username. SSPIOmitDomain seems to omit the domain from the resulting server variables, rather than ignoring it altogether.
Any help would be much appreciated!
The relevant setup in my apache.conf is:
Allow from all
AuthName "Windows Passthrough"
Any ideas where I'm going wrong?