Hello Russell, Smithies, Russell wrote, On 07/17/2012 05:41 PM:
It appears that NTLM isn't passing the HTTP_REMOTE_USER through for us. Anyone else struck this and found a solution?
Our apache config looks like this:
<Location "/"> AuthName "Galaxy" NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user
# Take the $REMOTE_USER environment variable and set it as a header in the proxy request. RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE_USER %{RU}e
</Location>
<snip>
HTTP_REMOTE_USER '(null)'
One voodoo solution that worked for me (not with NTLM, but exactly with the same '(null)' symptom) is to take the entire "RewriteCond" part outside of the <Location> block. Put it in the global configuration file, after the <Location> part, but before the proxy statement. Also, the exact incantation that worked for me (after many many trials and errors) is: === RewriteRule . - [E=RU:%{LA-U:REMOTE_USER}] RequestHeader set REMOTE_USER %{RU}e === It's voodoo (to me) because it probably has something to do with deep apache internals, relating to execution order of the authentication module vs the "mod_rewrite" parts (and the "LA-U" [Look-ahead] thing sure doesn't help to make it clearer...). -gordon