Internet Explorer reports "Can't display web page" when authorization fails on a linux server using kerberos authentication

Not reproducible Issue #104880

Details

Created
Apr 27, 2014
Privacy
This issue is public.
Found in build #
0.0011
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

Reduced Steps:

  1. From a REDMOND domain joined session, go to https://ieta-web-linux/ldap/

Expected Result: The page with the following text is displayed:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

Actual Result: The default “The page can’t be displayed” error page is displayed by IE.


Repro Steps:

Steps to reproduce the problem:

  1. Server Ubuntu 12.04.3, Apache 2.2.22, mod_auth_kerb, mod_authnz_ldap
  1. Linux joins the domain and sets up standard keytab and kerberos config
  1. Configure apache authentication using Kerberos Authentication and LDAP Authorization via group.

Suggested auth config for apache

        SSLRequireSSL
        AuthName "Kerberos Login"
        AuthType Kerberos
        KrbMethodNegotiate On
        KrbMethodK5Passwd On
        KrbSaveCredentials On
        KrbAuthRealms DOMAIN.NET
        Krb5Keytab /etc/krb5.keytab
        KrbLocalUserMapping on
        KrbAuthoritative off
        KrbServiceName HTTP/host
        require valid-user



        AuthzLDAPAuthoritative on
        AuthLDAPUrl "ldap://dc.domain.net:389/OU=company,DC=domain,DC=net?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "CN=ADUSER,OU=System Accounts,OU=Services,OU=company,DC=domain,DC=net"
        AuthLDAPBindPassword somepassword
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPGroupAttribute memberUid
        Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=NESTED_GROUP,ou=Programs,ou=Services,ou=Company,dc=domain,dc=net

Expected Results:

Report 401 Authorization Required ErrorDocument

Actual Results:

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Rajat J.”

      Changed Assigned To from “Rajat J.” to “Rajat J.”

      Changed Steps to Reproduce

      Changed Status to “Confirmed”

      Changed Assigned To from “Rajat J.” to “IPBS P.”

      Changed Status from “Confirmed” to “Not reproducible”

      Changed Assigned To from “IPBS P.” to “Venkat K.”

      Changed Steps to Reproduce

      Changed Steps to Reproduce

    You need to sign in to your Microsoft account to add a comment.

    Sign in