+ Post New Thread
Results 1 to 7 of 7
Virtual Learning Platforms Thread, Moodle on IIS7.5 SSO fails in Technical; Hello, I've got LDAP authentication working. Now I'm stuck on NTLM SSO. I've worked through NTLM authentication - MoodleDocs . ...
  1. #1
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,013
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    Moodle on IIS7.5 SSO fails

    Hello,

    I've got LDAP authentication working. Now I'm stuck on NTLM SSO. I've worked through NTLM authentication - MoodleDocs.

    Now SSO fails every time.

    With IE fast path disabled, users see:-
    Attempting Single Sign On via NTLM...
    Auto-login failed, try the normal login page...
    then Moodle goes to the normal login screen, and they can log in with their LDAP credentials


    With IE fat path enabled, it's worse. User just see a blank white screen with:-
    Fatal error: $CFG->dataroot is not writable, admin has to fix directory permissions! Exiting.
    Then it's impossible to log on.

    Any ideas?

    Thanks.

  2. #2
    iceman85's Avatar
    Join Date
    Jan 2012
    Location
    Solihull
    Posts
    57
    Thank Post
    7
    Thanked 7 Times in 7 Posts
    Rep Power
    7
    Is this still happening? Have you got a screen shot of your LDAP settings in moodle you can post?

  3. #3
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,013
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Thanks for replying and sorry for my late response.

    I think I've found the reqason for the problem - LDAP is only partially working. I've had a lot of trouble getting accounts to log on - some would and some wouldn't.

    It appears that Moodle LDAP auth checks the user's cn attribute, not the Windows logon name.

    Most of our AD accounts have a cn attribute like "Fred Smith", but a user login name like "09fblogg".

    They can log on to Moodle with Fred Smith + password, but not 09fblogg.

    I think this is why SSO fails.

    How do I make Moodle check against the Windows logon name, instead of the cn attribute?

    I've just spent nearly a whole day experimenting to find this!

  4. #4
    Butters's Avatar
    Join Date
    Jun 2008
    Location
    London
    Posts
    534
    Thank Post
    15
    Thanked 51 Times in 45 Posts
    Rep Power
    60
    Quote Originally Posted by OverWorked View Post
    Thanks for replying and sorry for my late response.

    I think I've found the reqason for the problem - LDAP is only partially working. I've had a lot of trouble getting accounts to log on - some would and some wouldn't.

    It appears that Moodle LDAP auth checks the user's cn attribute, not the Windows logon name.

    Most of our AD accounts have a cn attribute like "Fred Smith", but a user login name like "09fblogg".

    They can log on to Moodle with Fred Smith + password, but not 09fblogg.

    I think this is why SSO fails.

    How do I make Moodle check against the Windows logon name, instead of the cn attribute?

    I've just spent nearly a whole day experimenting to find this!
    You can set the user attribute to sAMAccountName in the Moodle LDAP settings to use the windows logon name.

    The document says CN by default but in nearly all cases this should be sAMAccountName.
    Last edited by Butters; 1st February 2012 at 03:02 PM.

  5. Thanks to Butters from:

    OverWorked (1st February 2012)

  6. #5
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,013
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Quote Originally Posted by Butters View Post
    You can set the user attribute to sAMAccountName in the Moodle LDAP settings to use the windows logon name.

    The document says CN by default but in nearly all cases this should be sAMAccountName.
    Thank you. Thank you. Thank you!

    LDAP is working properly now for Windows logon names, not the common names.

    Now I've just got to get SSO set up again.

  7. #6
    Butters's Avatar
    Join Date
    Jun 2008
    Location
    London
    Posts
    534
    Thank Post
    15
    Thanked 51 Times in 45 Posts
    Rep Power
    60
    NTLM is harder to diagnose as it largely is based on the setup locally. Could your printscreen your NTLM settings in Moodle and PM me with them and I'll take a look.

  8. #7
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,013
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    I've fixed SSO.

    Fatal error: $CFG->dataroot is not writable, admin has to fix directory permissions! Exiting.
    I changed the permissions on \moodledata\ to give the relevant users modify permission. Because SSO uses Windows authentication, instead of anonymous, the NTFS directory permisions have to be changed.

    Thanks very much.

SHARE:
+ Post New Thread

Similar Threads

  1. Moodle on IIS7 Problems
    By FN-GM in forum Virtual Learning Platforms
    Replies: 3
    Last Post: 8th April 2009, 10:08 AM
  2. My "How to" Guide on Installing Moodle on Ubuntu 6.06
    By darknova in forum Virtual Learning Platforms
    Replies: 11
    Last Post: 8th May 2008, 03:40 PM
  3. "How To" Guide for installing moodle on Windows 2003
    By darknova in forum Virtual Learning Platforms
    Replies: 6
    Last Post: 6th May 2008, 01:25 PM
  4. Moodle on a stick
    By beeswax in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 23rd November 2007, 09:47 AM
  5. Joomla and Moodle on same server
    By bensewell in forum Web Development
    Replies: 2
    Last Post: 14th June 2007, 02:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •