Domain Authentication with NT

Anon

How can I authenticate a user from a particular NT domain with PHP? I've read a few ways to do this from linux using a samba client, but how does one do it if PHP is running in Apache, in WindowsNT?

ame12

Easiest way to do it (esp. since you're running NT) is to run PHP using IIS. If you do that and simply provide code like this:

if (!isset($REMOTE_USER)) {
header("status 401 unauthorized");
}

it will force IIS to authenticate and authorize using the NT SAM. You can also use standard NT ACLs to protect the pages. I don't know of any way to get the equivalent effect in Apache without doing serious (C/C++ extensions, CGI or Apache) work.

Dave

===========================================
http://badblue.com/helpphp.htm
Free small footprint web server for Windows

P2P file-sharing, PHP, wireless apps & more

Anon

Ok, I set up PHP with IIS, works fine, and here is the code that I tried :

<?php
if(!isset($REMOTE_USER)) {
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
} else {
echo "Hello. You made it in.";
}
?>

However, I never get the dialog box asking for the username/password, only the echo. I switched to Apache, and it went into the loop (since the login/password sets $PHP_AUTH_USER, it seems), and I hadn't changed a line of code. Is there some setting within IIS that I have to set so that it starts to recognize (and send) the headers?

SCT

Anon

And yes, gentlemen, I am a moron.

Had PHP setup as CGI instead of module.

Please, no applause.

Anon

One more question:

Netscape has trouble with NT Challenge/Response, so I switched the IIS server to Basic Authentication. What I'm wondering now is what do I need to do to log into a domain that the server isn't a part of. If I set the default domain in the basic authentication to the one that the machine is a part of, everything works perfectly, but if I set it to another (the one where I usually log into), it never accepts my password. The user I'm logging in as has Full Control to the file that I'm trying to protect, so shouldn't he be able to log in?

Is there something I can do, or am I limited to my machine's domain? That sounds kinda fishy.

SCT

Anon

I forgot to mention. The domain I'm trying to log into, if I use Challenge/Response, I get in fine.

Plus, it's a trusted domain, but not a trusting domain.

I have tried TRUSTEDDOMAIN\username, to no avail. MACHINEDOMAIN\username or MACHINENAME\username both allow me to log in.

Just hate forgetting to put all the information in one post.

SCT