Single Sign On – Active Directory patch (SSO) version 1.1.8

The .htacces file to authenticate against using Kerberos will look the following:

AuthType Kerberos
KrbAuthRealms YOURDOMAIN.LOCAL
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbServiceName HTTP/HOSTNAME.YOURDOMAIN.local
Krb5KeyTab /etc/yourKrb5.keytab
require valid-user

# BEGIN WordPress
# [...]
# END WordPress

Assuming that kerberos is properly configured on the server.
Howto setup kerberos: here

Hello,

I’ve downloaded and installed ;But I’ve an issue. I configure the domain controllers field. But When I use the “Test tool”, the test failed because the domain controllers is empty. Do you know where the issue is coming from?

Test output:
Options for adLDAP connection:
– account_suffix:
– base_dn:
– domain_controllers:
– ad_port: 389
– use_tls: 0
– network timeout: 5
[INFO] Checking domain controller ports:
[ERROR] – :389 – FAILED

Will this work on a Windows server? I see the .htaccess file edits, but our client is using Windows for the site/server.

Thanks!
Craig

Yes , the server is a Windows server.
[INFO] method authenticate() called
[INFO] ——————————————
PHP version: 5.6.3
WP version: 4.1.1
ADI version: 1.1.8
OS Info : Windows NT XSPW11F011B 6.3 build 9200 (Windows Server 2012 R2 Standard Edition) i586
Web Server : apache2handler
adLDAP ver.: 3.3.2 EXTENDED (201302271401)
——————————————
[INFO] LDAP paging: enabled

Do you need more information to debug?

ole1986, I am getting a similar error with the AD information not being passed:

[INFO] method authenticate() called
[INFO] ——————————————
PHP version: 7.0.8
WP version: 4.5.3
ADI version: 1.1.8
OS Info : Windows NT xxxxxx 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
Web Server : cgi-fcgi
adLDAP ver.: 3.3.2 EXTENDED (201302271401)
——————————————
[INFO] LDAP paging: enabled
[NOTICE] username: xxxxxx
[NOTICE] password: **not shown**
[INFO] Options for adLDAP connection:
– account_suffix:
– base_dn:
– domain_controllers:
– ad_port: 389
– use_tls: 0
– network timeout: 5
[INFO] Checking domain controller ports:
[ERROR] – :389 – FAILED
[NOTICE] adLDAP object created.
[INFO] max_login_attempts: 3
[INFO] users failed logins: 0
[NOTICE] trying account suffix “”
[ERROR] Authentication failed

We are getting some pressure to get this done by our client, I would be wiling to donate some money to get some help with this.

Thank you!

Hello to everyone,

what I can tell you I am also using Windows server and it is working just fine.

try using the IP address of the DC instead of the name – Port 389 should be ok
Also enter a BaseDN – Something similar to:
dc=yourDomain,dc=LOCAL

and add the account suffix in “User” tab properly: @yourDomain.local

@ole1986:
Hi there,

I use Apache 2.4 on Windows Server 2012.
LDAP is working fine.
SSO is the thing I’m configuring now while following your instructions.
I created a keytab and I changed my .htaccess file.
But where should I put the keytab file on the server??
Because /etc/… is probably the locaion for a Linux based machine. But where in Windows/Apache should this be saved?

Hope to hear from you asap.

Hi @xindaoict

I havent done it on windows – Maybe this link might help you a bit:

https://www.schaeuffelhut-berger.de/wordpress/apache-single-sign-on-in-windows/

Hi there,

Oh but in your previous reply you said that you are also using Windows server and it was working just fine haha..

Yeah I tried that one, but didn’t help..
where it goes wrong is from step 6 onwards. Where should I get the mod_auth_kerb.so file..?
As soon as I change my httpd file, my Apache doesn’t want to start anymore..