无法使用apache 2.4和NTML模块与AD用户一起实现bitrix无密码身份验证

编程问答 2022-06-13

问题描述

我对将AD用户集成到自托管Bitrix中有问题。 我想在不提示输入密码的情况下向AD用户验证bitrix网站吗? 这可能吗 ?我已经完成了将广告集成到bitrix中的操作,但是当我尝试访问网站时,提示用户输入以下图片

enter image description here

我的ntml模块配置:

<VirtualHost *:8890>

ServerAdmin webmaster@localhost
ServerName xxxxxx.lt
ServerAlias *.xxxxxx.lt
    DocumentRoot /home/bitrix/www
    KeepAlive On

    # Possible values include: debug,info,notice,warn,error,crit,alert,emerg.
    LogLevel debug
    ErrorLog logs/default_error_log
#CustomLog logs/default_access_log combined
#


<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<DirectoryMatch .*\.(svn|git|hg)/.*>
Require all denied
    </DirectoryMatch>

<DirectoryMatch /home/bitrix/www/bitrix/(cache|managed_cache|local_cache|stack_cache)>
    AllowOverride none
    AddType text/plain PHP,PHP3,PHP4,PHP5,PHP6,phtml,pl,asp,aspx,cgi,dll,exe,ico,shtm,shtml,fcg,fcgi,fpl,asmx,pht
    PHP_value engine off
</DirectoryMatch>

<DirectoryMatch /home/bitrix/www/(upload|bitrix/images|bitrix/tmp)>
    AllowOverride none
    AddType text/plain PHP,pht
    PHP_value engine off
</DirectoryMatch>

    <Directory /home/bitrix/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            DirectoryIndex index.PHP index.html index.htm

            AuthName "NTLM Authentication thingy"
            NTLMAuth on
            NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
            NTLMBasicAuthoritative on
            AuthType NTLM
            Require valid-user

            PHP_admin_value session.save_path /tmp/PHP_sessions/www
            PHP_admin_value upload_tmp_dir /tmp/PHP_upload/www
    </Directory>

<Directory /home/bitrix/www/upload/support/not_image>
    AllowOverride none
    Require all denied
        </Directory>

它应该重定向到8890端口,并且在身份验证成功后重定向到80端口。有什么建议?如果需要更多信息,请告诉我

解决方法

所有作品..

Internet Explorer 

Open "Tools" -> "Internet Options".
On the "Advanced" tab make sure the option "Security -> Enable Integrated Windows Authentication" is checked.
Only for FQDN ex. http://intranet.domain.com (http://intranet is ok)
On the "Security" tab select "Local Intranet" -> "Sites" -> "Advanced" and add your server URL to the list.

Google Chrome 

On Windows Chrome normally uses IE's behaviour,see more information here.

Mozilla Firefox 

Type about:config in the browser's address bar.
Add your server URL to network.automatic-ntlm-auth.trusted-uris property.
apachebitrixcentoscentosconfigurationconfigurationconfigurationhttphttp