Getting NTLM SSO to work with Moodle - Apache issue?

[TheFopp]

Trying to get SSO working on our WAMP Moodle box. LDAP is fine and has been working since we started using moodle, but would be nice if we could use it as the kids homepage without them having to sign in each time.

The setup so far:
Moodle 1.9.4+ (Build: 20090325)
PHP 5.2
Apache 2.2.3 (with mod_auth_sspi 1.0.4 v2.2.2)

on Windows 2003 server R2 SP2

LDAP Authentication is working fine (and has been since I set it up 1 1/2 years ago)

NTLM SSO is now enabled
Subnet set to 10.0.

Have edited httpd.conf to include

<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>

<Directory "C:\moodle\auth\ldap">
<Files ntlmsso_magic.php>
AuthName "MoodleAtChets"
AuthType SSPI
SSPIAuth On
SSPIOfferBasic Off
SSPIAuthoritative On
SSPIDomain csm.local
require valid-user
</Files>
</Directory>

Restarted Apache

When I go to my moodle homepage it redirects and I get the 'Attempting Single Sign On via NTLM' page as I would expect but it brings up a windows authentication box asking for username and password for the site.

Both the Username and Password fields are blank.

Interestingly if I put my username in as just AdrianH@csm.local and my password it authenticates, but if I just put AdrianH and my password it won't authenticate and passes my to the normal login page.... which will accept AdrianH (without the csm.local) as my username.

So I'm guessing the NTLMSSO is either just picking up AdrianH as my username (without the csm.local), or, as the fields in the Windows style authentication box are blank when it comes (and I think this more likely) then it isn't picking up a username and password at all.

So I created a PHP file with following in the moodle directory which should print on screen my Username:

<?php
echo $_SERVER['REMOTE_USER'];
?>

but when I run it I get nothing on screen. So I can only presume that either PHP or more likely Apache are at fault (not moodle) as they aren't able to show my credentials.

Has anyone got this working before? Or can anyone see what I might need to do within Apache to get this working....

.... or do I need to do something else?!

I've tried over at the Moodle forums and not had any luck (but I'm not the only one to have had similar problems.

Any help would be appreciated.

[nutso]

What browser are you using? I think there's an additional change that you need to make on each Firefox installation to make that work with NTLM. The only other thing I can think of is to check that the path c:\moodle\auth\ldap is correct.. I'm sure that it is, but I thought I should ask since you might have copied/pasted that part from the Moodle NTLM guide.

[TheFopp]

What browser are you using? I think there's an additional change that you need to make on each Firefox installation to make that work with NTLM. The only other thing I can think of is to check that the path c:\moodle\auth\ldap is correct.. I'm sure that it is, but I thought I should ask since you might have copied/pasted that part from the Moodle NTLM guide.

We are using IE. The path I have in my config file is correct (but yes I had just copied the one in the example from the Moodle guide!)

[nutso]

When you log in to Moodle, does IE see it as being in the Intranet zone or the Internet zone? If I remember rightly, by default IE only does NTLM in the Intranet zone.

[TheFopp]

When you log in to Moodle, does IE see it as being in the Intranet zone or the Internet zone? If I remember rightly, by default IE only does NTLM in the Intranet zone.

nutso... you are a genius. Worked a treat. Got it in the Intranet Zone settings for IE using GPO now.
Many thanks