401 Unauthorized Error After adding certificate
Hi community,
I am getting a 401 Unauthorized error on my WordPress website, which worked fine before. I am integrating LDAP (freeIPA) with the WordPress website. The LDAP server is working fine; I already integrated it with servers, including the web server. I thought having a single-user directory would be a good idea, so I tried integrating it with the website. When type https with hostname/IP address it show “Red Hat Enterprise Linux Test Page (I am using RHEL9 Developer version).” But when using http a sign window popup and it never accept any credentials. When run “curl -I http://web.homelab.local” I get below 401 unauthorized error.
HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1
When I check the error log I see below error message.
[Tue May 28 16:45:33.091143 2024] [auth_gssapi:error] [pid 367897:tid 368054] [client 192.168.1.22:56339] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!, referer: http://web.homelab.local/
[Tue May 28 16:45:49.837895 2024] [auth_gssapi:error] [pid 367897:tid 368057] [client 192.168.1.211:60322] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!
Here are the steps I took to configure it.
- Installed “HTTP Authentication” plugin to the website.
- Installed packages on server such as mod_auth_gssapi. mod_ssl and php-ldap
- Generate http.ketab file from ldap server by running this command “ipa-getkeytab -s ipa.homelab.local -p HTTP/web.homelab.local -k /etc/httpd/conf.d/http.keytab”
- Copied the http.ketab to website server /etc/httpd/conf.d/ and changed owner user:root and group: apache.
- Generate an internal ssl certificate by running command “openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt.”
- Updated wordpress.conf file with below content
ServerAdmin [email protected]
ServerName web.homelab.local
ServerAlias www.web.homelab.local
DocumentRoot /var/www/html/wordpress/
RewriteEngine On
# Redirect to HTTPS
RewriteCond %{SERVER_NAME} =web.homelab.local [OR]
RewriteCond %{SERVER_NAME} =www.web.homelab.local
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Options -Indexes
AllowOverride All
Require all granted
ServerAdmin [email protected]
ServerName web.homelab.local
ServerAlias www.web.homelab.local
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
DocumentRoot /var/www/html/wordpress/
DirectoryIndex index.php
Options -Indexes
AllowOverride All
Require all granted
AuthType GSSAPI
AuthName "Kerberos Login"
GssapiCredStore keytab:/etc/httpd/conf.d/http.keytab
GssapiSSLonly On
GssapiLocalName On
Require valid-user
7. Created .htaccess in the WordPress directory with the below content.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
8. Enabled (on) httpd_can_connect_ldap and httpd_mod_auth_pam from sebool
9. Restarted httpd service
I can’t figure it out. I appreciate if someone can help mw this.
Thank you
The page I need help with: [log in to see the link]
مشاهده پاسخ های این مطلب
———————————————
این مطلب از سایت انجمن وردپرس گردآوری شده است و کلیه حقوق مطلق به انجمن وردپرس می باشد در صورت مغایرت و یا بروز مشکل اطلاع دهید تا حذف گردد
منبع: انجمن وردپرس