You are not logged in.
Pages: 1
I am trying to enable single sign on in glpi
Server is ubuntu 14.04.
Glpi version 9.1.2
Configuration i followed
https://www.johnthedeveloper.co.uk/sing … php-ubuntu
+
http://forum.glpi-project.org/viewtopic.php?id=33381
My configuration
<VirtualHost *:80>
Alias /glpi /usr/share/glpi
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName glpi.clarebout.com
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/glpi
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/glpinieuwerror.log
CustomLog ${APACHE_LOG_DIR}/glpinieuwaccess.log combined
<Directory /usr/share/glpi>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Allow from all
</Directory>
<IfModule !auth_kerb_module>
<Directory "/usr/share/glpi">
Require all denied
</Directory>
</IfModule>
<IfModule auth_kerb_module>
<Directory "/usr/share/glpi">
AuthType Kerberos
AuthName "glpi"
Krb5Keytab /etc/kerberos.keytab
KrbAuthRealms clarebout.local
Require valid-user
</Directory>
</IfModule>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
Error
[auth_kerb:error] [pid 10553] [client 10.20.96.161:64193] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, No key table entry found matching HTTP/localhost@)
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Anybody have an idea why its not working?
Offline
Nobody who has any experience with this?
Offline
Sure you registered the SPN for your server?
Offline
Do you mean craeting a keytab?
I created a keytab with this command on the active directory server.
I alltered the login info.
ktpass -princ HTTP/alpha.ncl.johnthedeveloper.co.uk@NCL.JOHNTHEDEVELOPER.CO.UK -mapuser kerberos@NCL.JOHNTHEDEVELOPER.CO.UK -pass password -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\Temp\kerberos.keytab
Offline
KrbAuthRealms clarebout.local
must be identical domain for alpha.ncl.johnthedeveloper.co.uk@NCL.JOHNTHEDEVELOPER.CO.UK
must be:
KrbAuthRealms NCL.JOHNTHEDEVELOPER.CO.UK
and
KrbServiceName HTTP/alpha.ncl.johnthedeveloper.co.uk@NCL.JOHNTHEDEVELOPER.CO.UK
Offline
I'm sorry i just copyed the command from the guide.
The command i used to create the keytab was this:
ktpass -princ HTTP/glpi@clarebout.local -mapuser glpi@clarebout.local -pass xxxx -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\tmp\kerberos.keytab
Offline
try
-crypto ALL -ptype KRB5_NT_SRV_HST +rndpass -out c:\keytab.it
Offline
Ok when i try this i get this screen:
Then i enter my ad credentials glpi then proceeds to this screen.
Offline
may be this?
Offline
We are making progress.
Now when we go to our glpi we get this login screen.
There we can login with our active directory login and passwd.
I allready added the url to the intranet zone.
What should i do to bypass the login and passwd screen?
Thx
Offline
i'm used this article (sorry, but article in russian lang)
http://docs.ipi-manager.ru/Administrato … ry/Apache/
after this steps in GLPI
Setup/Authentication/Others/Other authentication sent in the HTTP request
Field storage of the login in the HTTP request: REMOTE_USER
Offline
Hi small75,
Did you get your GLPI working with SSO Kerberor?
Offline
Pages: 1