服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 试图允许在Apache的域pipe理员访问
Intereting Posts
如何使用MSSQL,重build所有表上的所有索引? MSSQL Server 2008 远程桌面在复制时损坏文件 从共享级别的托pipe帐户导出大量的MySQL数据库 我怎么知道数据库索引是好的? 如何创build远程Amazon RDS MySQL数据库的本地备份? 新的CentOS 7服务器 – 从PHP应用程序发送邮件 Apache – 将HTTP:// SITE请求转发到HTTPS:// SITE 有没有办法在2008域中的某台计算机上禁用组策略几分钟? 星号通话文件未被删除 Akamai与小型/中型电子商务stream量的较小CDN? (caching,延迟,NetStorage) Windows 7无法joinsamba域 DHCP或静态寻址? Linux多path+ SASarrays,“设备错误”logging到dmesg的被动path? 可以阻止这个? Debian KVM主机和来宾接口configuration 具有端口80redirect的Squid透明代理:某些站点的空白页面

试图允许在Apache的域pipe理员访问

我正尝试通过apachevalidation域pipe理员,它不工作。 错误我得到如下 

[Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(1432): [client 172.16.0.85] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(915): [client 172.16.0.85] Using HTTP/[email protected] as server principal for password verification [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(655): [client 172.16.0.85] Trying to get TGT for user [email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(569): [client 172.16.0.85] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(994): [client 172.16.0.85] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(561): [client 172.16.0.85] ldap authorize: Creating LDAP req structure [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(573): [client 172.16.0.85] auth_ldap authorise: User DN not found, LDAP: ldap_simple_bind_s() failed

以下是我在我的httpd文件 

 Alias /compass "/data/intranet/html/compass" <Directory "/data/intranet/html/compass"> AuthType Kerberos AuthName KerberosLogin KrbServiceName HTTP/intranet.xxx.com KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms xxx.COM Krb5KeyTab /etc/httpd/conf/intranet.keytab # require valid-user # Options Indexes MultiViews FollowSymLinks # AllowOverride All # Order allow,deny # Allow from all # SetOutputFilter DEFLATE # taken from http://blogs.freebsdish.org/tmclaugh/2010/07/15/mod_auth_kerb-ad-and-ldap-authorization/ # download extra module and install # Strip the kerberos realm from the principle. # MapUsernameRule (.*)@(.*) "$1" AuthLDAPURL "ldap://echo.uk.xxx.com akhutan.usa.xxx.com/dc=xxx,dc=com?sAMAccountName" AuthLDAPBindDN cn=Administrator,ou=Users,dc=xxx,dc=com AuthLDAPBindPassword *** Require ldap-group cn=Domain Admins,ou=Users,dc=xxx,dc=com </Directory>

我遵循这个指南 。 我已经下载并安装了tarball。 当我试图取消注释MapUsernameRule我得到失败的错误,当重新启动Apache 

 Reloading httpd: not reloading due to configuration syntax error

我正在使用centos 5 64bit。

我已经添加了以下行,但我仍然得到语法错误 

 LoadModule mod_map_user modules/mod_map_user.so httpd: Syntax error on line 199 of /etc/httpd/conf/httpd.conf: Can't locate API module structure `mod_map_user' in file /etc/httpd/modules/mod_map_user.so: /etc/httpd/modules/mod_map_user.so: undefined symbol: mod_map_user [root@hero mod_map_user]# ll /etc/httpd/modules/mod_map_user.so -rwxr-xr-x 1 root root 39444 Sep 24 16:23 /etc/httpd/modules/mod_map_user.so

我已经更新了load module一部分,现在它的工作原理,但它仍然不适合我。 错误我得到如下 

 [Mon Sep 24 17:19:05 2012] [debug] src/mod_auth_kerb.c(1432): [client 172.16.0.85] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Sep 24 17:19:05 2012] [debug] src/mod_auth_kerb.c(915): [client 172.16.0.85] Using HTTP/[email protected] as server principal for password verification [Mon Sep 24 17:19:05 2012] [debug] src/mod_auth_kerb.c(655): [client 172.16.0.85] Trying to get TGT for user [email protected] [Mon Sep 24 17:19:05 2012] [debug] src/mod_auth_kerb.c(569): [client 172.16.0.85] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Mon Sep 24 17:19:05 2012] [debug] src/mod_auth_kerb.c(994): [client 172.16.0.85] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic [Mon Sep 24 17:19:05 2012] [info] [client 172.16.0.85] Applying pattern '^(.*)@(.*)$' to user '[email protected]', mech:'Any' [Mon Sep 24 17:19:05 2012] [info] [client 172.16.0.85] Pattern matched [Mon Sep 24 17:19:05 2012] [notice] [client 172.16.0.85] User name '[email protected]' rewritten to 'sharifu' [Mon Sep 24 17:19:05 2012] [debug] mod_authnz_ldap.c(561): [client 172.16.0.85] ldap authorize: Creating LDAP req structure [Mon Sep 24 17:19:05 2012] [debug] mod_authnz_ldap.c(573): [client 172.16.0.85] auth_ldap authorise: User DN not found, LDAP: ldap_simple_bind_s() failed

httdp conf ffile现在有: 

 Alias /compass "/data/intranet/html/compass" <Directory "/data/intranet/html/compass"> AuthType Kerberos AuthName KerberosLogin KrbServiceName HTTP/intranet.xxx.com KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms xxx.COM Krb5KeyTab /etc/httpd/conf/intranet.keytab # require valid-user # Options Indexes MultiViews FollowSymLinks # AllowOverride All # Order allow,deny # Allow from all # SetOutputFilter DEFLATE # taken from http://blogs.freebsdish.org/tmclaugh/2010/07/15/mod_auth_kerb-ad-and-ldap-authorization/ # download extra module and install # Strip the kerberos realm from the principle. MapUsernameRule (.*)@(.*) "$1" AuthLDAPURL "ldap://echo.uk.xxx.com akhutan.usa.xxx.com/cn=users,dc=xxx,dc=com?sAMAccountName" AuthLDAPBindDN cn=Administrator,ou=users,dc=xxx,dc=com AuthLDAPBindPassword xxx Require ldap-group cn=Domain Admins,ou=users,dc=xxx,dc=com </Directory>

正如Chris S所提到的,我的AuthLDAPBindDN是错误的