[Moin-user] Issue with SSPI auth

Thomas Waldmann tw-public at gmx.de
Fri Mar 13 11:46:47 EDT 2009


> we have a working MoinMoin wiki where users are authenticated with
> mod_auth_sspi against our AD domain.

Moin version?

> This is working fine for several users. Now I added some more users to
> our user group access page. Some of them always get the message that
> they are not allowed to access the Wiki.
> 
> In my Apache logs I only see entries of the form
> 172.28.140.45 - p1add\\firstname.lastname [13/Mar/2009:14:20:58 +0100]
> "GET /rd_wiki/AJN HTTP/1.1" 403 4149
> but no reason why the access was denied.

Does the 403 come from Moin (is the MoinMoin user interface visible?) or
from Apache?

If it comes from moin, how do your config and page ACLs look like?
How does your page_group_regex look like (see also docs/CHANGES)?

> My apache.conf section looks like this:
> 
> <Location /rd_wiki>
> 		SetHandler python-program
> 		PythonPath "['D:/moin/rd_wiki'] + sys.path"
> 		PythonHandler MoinMoin.request.request_modpython::Request.run
> 		AuthType SSPI
> 		AuthName "rd_wiki"
> 		Require valid-user
> 		SSPIAuth On
> 		SSPIAuthoritative On
> 		SSPIDomain p1add.radd.lan
> 		SSPIUsernameCase lower
> 		SSPIOfferBasic On
> </Location>

Oh, you are still using mod_python? I can't tell whether this is one of
the cases, but in some cases mod_python triggered weird effects.

Please use mod_wsgi next time you do an upgrade (it will work fine with
moin 1.8.2 and it will be the easiest way of deployment for upcoming
moin 1.9).

> Does anybody have an idea how to further debug the issue?

Moin 1.8 has very good logging configurability (see the adaptor script).

You can set auth/session stuff to debug logging, while keeping the rest
at info or warning level.

You might get some hints from the log output then. If not, you can add
additional logging to the code to get more information.






More information about the Moin-user mailing list