Apache - Invalid Command 'Auth' error 500 - apache

I'm trying to implement pass directory authentication using:
Auth Name "Restricted Area"
AuthType Basic
AuthUserFile /home/.htpasswd
AuthGroupFile /dev/null
require valid-user
It's 100% correct.
Seems like issue lies in apache modules?
I'm using Apache2 and Ubuntu 13.04
Gives me error:
[Wed Sep 11 22:40:07 2013] [alert] [client xxx.xx.xxx.xx] /home/somebody/public_html/somewebsite/.htaccess: Invalid command 'Auth', perhaps misspelled or defined by a module not included in the server configuration
How can it be fixed?

It should be AuthName instead Auth Name.
Apache documentation for AuthName Directive.

Related

Apache2 LDAPS configuration fails to bind/accept credentials

This is my first time posting so sorry in advance if I do things incorrectly. I will substitute ip's and usernames.
I have a windows Active Directory setup and I am trying to use this for authentication to a webpage I have on a separate Ubuntu 18.04 server. I am attempting to use apache2 (2.4.18) in order to set this up. Documentation online seems fairly straight forward but I have not been successful. First, I cannot use the <Location "/auth"> tags as it seems to simply not work at all. I have to use the <Directory /auth> tag.
The AD server uses a self signed certificate and I have had trouble getting it to trust it with LDAPTrustedGlobalCert. I was getting [Can't contact LDAP server] but LDAPVerifyServerCert Off seems to let me get past that hurdle for now.
The biggest issue that I have is I do not think the bind is working. When just loading the webpage I see this show up in the error log:
[authz_core:debug] [pid 2397] mod_authz_core.c(809): [client <myclientIP>:56969] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[authz_core:debug] [pid 2397] mod_authz_core.c(809): [client <myclientIP>:56969] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
From there I enter credentials to try and authenticate and I get:
[Thu Aug 27 08:36:22.831527 2020] [authnz_ldap:debug] [pid 2396] mod_authnz_ldap.c(520): [client <myClientIP>:56887] AH01691: auth_ldap authenticate: using URL ldaps://<myLDAPIP>/dc=my,dc=example,dc=com?uid
[Thu Aug 27 08:36:22.888784 2020] [authnz_ldap:info] [pid 2396] [client <myClientIP>:56887] AH01695: auth_ldap authenticate: user <myUser> authentication failed; URI /auth/ [LDAP: ldap_simple_bind() failed][Invalid credentials]
[Thu Aug 27 08:36:22.888825 2020] [auth_basic:error] [pid 2396] [client <myClientIP>:56887] AH01617: user <myUser>: authentication failure for "/auth/": Password Mismatch
This is my configuration for apache. I left commented lines in so you can see a couple of the many variations that I have tried:
LDAPVerifyServerCert Off
<Directory "/var/www/html/auth">
AuthType Basic
AuthName "Authentication required"
AuthBasicProvider ldap
AuthLDAPURL ldaps://<myLDAPIP>/dc=my,dc=example,dc=com?uid
#AuthLDAPURL ldaps://<myLDAPIP>:636/cn=Users,dc=my,dc=example,dc=com
AuthLDAPBindDN <myUser>
#AuthLDAPBindDN cn=<myUser>,dc=my,dc=example,dc=com
AuthLDAPBindPassword <myPassword>
Require valid-user
#require ldap-group cn=Users,dc=my,dc=example,dc=com
#require ldap-group cn=Users
LogLevel debug
</Directory>
I have searched all over and tried many configurations but I do not see why it does not work with this one. I have at least three other programs that use LDAPS with this Active Directory server. The difference is they all had built in support for it and I did not have to do anything with apache.
Any help would be appreciated!
Thanks in advance
I actually continued trying multiple configurations and finally found one that worked. Below Is the functioning code:
<Directory "/var/www/html/auth">
AuthType Basic
AuthName "Authentication required"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://<myLDAPIP>/dc=my,dc=example,dc=com?sAMAccountName"
AuthLDAPBindDN "myUser#my.example.com"
AuthLDAPBindPassword "<Password>"
Require valid-user
LogLevel debug
</Directory>
*If your certificate is not trusted you can add LDAPVerifyServerCert Off which should be outside of the virtualhost block

apache authentication not working

I am trying to implement apache authentication, but getting following error when giving correct password
access to /webalizer/ failed, reason: require directives present and no Authoritative handler.
If i give incorrect password it shows me
user testusr: authentication failure for "/webalizer/": Password Mismatc
Following is my apache configs
<Directory /var/www/html/webalizer>
Order allow,deny
AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
Satisfy Any
</Directory>
apache is running with apache user, following is file permissions of htpasswd
-rw-r--r-- 1 apache apache 46 Nov 2 14:46 /etc/httpd/conf/.htpasswd
What do i missing?
OS is AWS linux instance.

httpd authentication - LDAP group

I have a restricted section of a website that I want to restrict to two LDAP groups. Here are the pertinent lines from httpd.conf:
<AuthnProviderAlias ldap our-ldap>
AuthLDAPBindDN CN=example,OU=example,OU=example,DC=example,DC=com
AuthLDAPBindPassword LamePassword
AuthLDAPURL ldaps://dc4.example.com:636/dc=example,dc=com?sAMAccountName?sub
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
<Directory /var/www/html/restricted>
Order deny,allow
Allow from all
AuthBasicProvider our-ldap
AuthType Basic
AuthName "Restricted Files"
Require ldap-group CN=group1,OU=example,OU=example,DC=example,DC=com
Require ldap-group CN=group2,OU=example,OU=example,DC=example,DC=com
</Directory>
If I comment out those two "Require ldap-group" lines, it works flawlessly, but with any LDAP user, which I don't want. When I add those lines back in, despite the fact that I'm a member of one of those groups, I can't get in, and ssl_error_log gives me this:
[Sat Jun 28 21:34:53 2014] [error] [client 198.51.100.156] access to /restricted/restricted.html failed, reason: require directives present and no Authoritative handler.
My LDAP server is an Active Directory domain controller, so usernames are sAMAccountName, DNs are distinguishedName, and group member attributes are member, using DNs.
Here's what I'm running:
Server version: Apache/2.2.15 (Unix)
Server built: Mar 20 2014 06:21:02
Any thoughts?
You're requiring the user to be a member of both groups. You need a Satisfy Any.

Invalid command 'auth_basic'

I recently added this to a htaccess file:
AuthUserFile /var/www/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
now I get the error
'.htaccess: Invalid command 'auth_basic', perhaps misspelled or defined by a module not included in the server configuration'
Does this mean my host doesnt have basic authentication turned on??
-Edit I have just checked using apache2ctl -M and auth_basic_module DOES appear in the list

Apache "authentication failure for "/": Password Mismatch"

I am a newbie to Apache, using Apache 2.2.22. I am trying to password protect my whole localhost website using .htaccess; .htaccess is located in /Apache/htdocs and the password file is in /Apache/passwd. Trying to access the site I get prompted for a username/password but it always fails with the error (from error.log) [error] [client 127.0.0.1] user myuser: authentication failure for "/": Password Mismatch.
The password file was created with:
htpasswd -c /Apache/passwd/passwords myuser
My .htaccess file:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile c:/Apache/passwd/passwords
AuthGroupFile /dev/null
require valid-user
My httpd.conf file was modifed with:
<Directory "C:/Apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
The Apache doc for Authentication and Authroization states to make sure that the modules mod_authn_core and mod_authz_core have either been built into the httpd binary or loaded by the httpd.conf configuration file. But I don't know how to do this; they are not listed in the Modules section of my httpd.conf file. mod_auth_basic.so, mod_authn_file.so, and mod_authz_groupfile.so are loaded via the httpd.conf file.
Thank you for any help or ideas.