SSO permission denied
Issue #662
on hold
I'm getting the 'permission denied' error for SSO authentication. Below I'll show my logfiles and config files. Also note that I added the DNS name (piler.mydomain.nl) to the intranet zone in IE, as well as the network.negotiate-auth.trusted-uris config in Firefox. Note too that LDAP authentication is working..
site-config.php:
$config['ENABLE_SSO_LOGIN'] = 1;
$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_HOST'] = 'skdc02.domain.local';
$config['LDAP_BASE_DN'] = 'DC=domain,DC=local';
$config['LDAP_HELPER_DN'] = 'CN=LDAP_SA,OU=Service Accounts,OU=Accounts,DC=domain,DC=local';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxxxxxxxx';
$config['LDAP_MAIL_ATTR'] = 'mail';
Logs after login attempt with permission denied result:
==> ./access.log <==
==> ./error.log <==
==> ./other_vhosts_access.log <==
==> ./piler.yourdomain.com-access_log <==
172.16.6.214 - - [04/Mar/2016:10:18:38 +0100] "GET / HTTP/1.1" 302 415
172.16.6.214 - - [04/Mar/2016:10:18:38 +0100] "GET /sso.php HTTP/1.1" 200 378
172.16.6.214 - - [04/Mar/2016:10:19:46 +0100] "GET /sso.php HTTP/1.1" 200 379
172.16.6.214 - - [04/Mar/2016:10:20:07 +0100] "GET / HTTP/1.1" 302 415
172.16.6.214 - - [04/Mar/2016:10:20:07 +0100] "GET /sso.php HTTP/1.1" 200 378
==> ./piler.yourdomain.com-error_log <==
[Fri Mar 04 10:19:46.697491 2016] [:error] [pid 7202] [client 172.16.6.214:55841] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:19:46.697933 2016] [:error] [pid 7202] [client 172.16.6.214:55841] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:20:07.570578 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.570599 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.570624 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.570629 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.577718 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of Require all granted: granted
[Fri Mar 04 10:20:07.577725 2016] [authz_core:debug] [pid 7194] mod_authz_core.c(802): [client 172.16.6.214:55857] AH01626: authorization result of <RequireAny>: granted
[Fri Mar 04 10:20:07.577839 2016] [:error] [pid 7194] [client 172.16.6.214:55857] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
[Fri Mar 04 10:20:07.578087 2016] [:error] [pid 7194] [client 172.16.6.214:55857] PHP Notice: A session had already been started - ignoring session_start() in /var/www/piler/system/request.php on line 30
Comments (5)
-
repo owner
-
repo owner
Any update?
-
reporter
Hi Janos, currently I'm busy with other projects. I think when I've some time to spend on Piler I'll opt for the installation service. However I would like it to be via Teamviewer so I can see what it takes to install Piler.
-
repo owner
OK, deal :-)
-
repo owner
- changed status to on hold
Be sure to reopen the issue when the time comes.
- Log in to comment
Please confirm that all the steps at http://www.mailpiler.org/wiki/current:single-sign-on are properly done. Also I'd like to see some info proving that the archive host has joined the domain. Eg. net ads info, net ads lookup, wbinfo -g and wbinfo -u