If i enable SSO with authad and kerberos i get "Access denied". With SSO disabled and "normal" login i have access.
Without SSO, in the line "logged in as" you can see displayname(samaccountname).
With SSO, in the line "logged in as" you can see samaccountname(samaccountname). ???
What could cause this behaviour? I tried many things and googled the whole day but without luck.
This is my Config:
DokuWiki 2013-12-08 "Binky"
Apache2-Config:
<Directory "/srv/www/iwiki">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Kerberos Auth
AuthType Kerberos
AuthName "WIKI Login"
KrbAuthRealms DOMAIN.LOCAL
KrbServiceName HTTP/wiki.domain.local@DOMAIN.LOCAL
Krb5Keytab /etc/apache2/conf/dokuwiki.HTTP.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbLocalUserMapping on
require valid-user
</Directory>
DokuWiki-Config:
// general DokuWiki options
$conf['useacl'] = 1;
$conf['authtype'] = 'authad';
$conf['disableactions'] = 'register,profile,index';
// configure your Active Directory data here
$conf['superuser'] = '@wiki_admin';
$conf['manager'] = '@wiki_manager';
$conf['plugin']['authad']['account_suffix'] = '@domain.local';
$conf['plugin']['authad']['base_dn'] = 'DC=DOMAIN,DC=local';
$conf['plugin']['authad']['domain_controllers'] = 'dc1.domain.local,dc2.domain.local';
$conf['plugin']['authad']['sso'] = 1;
From a ?do=check with SSO i get:
No ACL setup yet! Denying access to everyone.
PHP version 5.3.10-1ubuntu3.9
More than 32MB RAM (134217728 bytes) available.
Changelog is writable
conf directory is writable
mb_string extension is available and will be used
Your locale C seems not to be a UTF-8 locale, you should fix this if you encounter problems.
Debugging support is disabled
You are currently logged in as user(user)
You are part of the groups
Your current permission for this page is 0
The current page is writable by the webserver
The current page is not writable by you
The search index seems to be working
There are no groups listed, so with SSO DokuWiki can't get the permissions by the groups.
Pleas help me, i'm lost.
EDIT: I forgot the config of the OS and webserver:
OS: Ubuntu Server 12.04
Webserver: Apache 2.2.22
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
ticket_lifetime = 24h
forwardable = yes
[realms]
DOMAIN.LOCAL = {
kdc = dc1.domain.local
kdc = dc2.domain.local
admin_server = dc1.domain.local
default_domain = domain.local
}
[domain_realm]
wiki.domain.local = DOMAIN.LOCAL
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}