401 Unauthorized Error After adding certificate

Hi community,

I am getting a 401 Unauthorized error on my WordPress website, which worked fine before. I am integrating LDAP (freeIPA) with the WordPress website. The LDAP server is working fine; I already integrated it with servers, including the web server. I thought having a single-user directory would be a good idea, so I tried integrating it with the website. When type https with hostname/IP address it show “Red Hat Enterprise Linux Test Page (I am using RHEL9 Developer version).” But when using http a sign window popup and it never accept any credentials. When run “curl -I http://web.homelab.local” I get below 401 unauthorized error.
HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 401 Unauthorized
Date: Wed, 29 May 2024 00:34:24 GMT
Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 mod_auth_gssapi/1.6.3
WWW-Authenticate: Negotiate
Content-Type: text/html; charset=iso-8859-1

When I check the error log I see below error message.

[Tue May 28 16:45:33.091143 2024] [auth_gssapi:error] [pid 367897:tid 368054] [client 192.168.1.22:56339] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!, referer: http://web.homelab.local/
[Tue May 28 16:45:49.837895 2024] [auth_gssapi:error] [pid 367897:tid 368057] [client 192.168.1.211:60322] AUTH NOT ALLOWED Not a TLS connection, refusing to authenticate!

Here are the steps I took to configure it.

Installed “HTTP Authentication” plugin to the website.
Installed packages on server such as mod_auth_gssapi. mod_ssl and php-ldap
Generate http.ketab file from ldap server by running this command “ipa-getkeytab -s ipa.homelab.local -p HTTP/web.homelab.local -k /etc/httpd/conf.d/http.keytab”
Copied the http.ketab to website server /etc/httpd/conf.d/ and changed owner user:root and group: apache.
Generate an internal ssl certificate by running command “openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt.”
Updated wordpress.conf file with below content

ServerAdmin [email protected]
ServerName web.homelab.local
ServerAlias www.web.homelab.local

DocumentRoot /var/www/html/wordpress/

RewriteEngine On
# Redirect to HTTPS
RewriteCond %{SERVER_NAME} =web.homelab.local [OR]
RewriteCond %{SERVER_NAME} =www.web.homelab.local
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


    Options -Indexes
    AllowOverride All
    Require all granted


ServerAdmin [email protected]
ServerName web.homelab.local
ServerAlias www.web.homelab.local

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

DocumentRoot /var/www/html/wordpress/
DirectoryIndex index.php


    Options -Indexes
    AllowOverride All
    Require all granted



    AuthType GSSAPI
   AuthName "Kerberos Login"
    GssapiCredStore keytab:/etc/httpd/conf.d/http.keytab
    GssapiSSLonly On
    GssapiLocalName On
    Require valid-user

7. Created .htaccess in the WordPress directory with the below content.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

8. Enabled (on) httpd_can_connect_ldap and httpd_mod_auth_pam from sebool

9. Restarted httpd service

I can’t figure it out. I appreciate if someone can help mw this.

Thank you

The page I need help with: [log in to see the link]

این خبر را در ایران وب سازان مرجع وب و فناوری دنبال کنید

مشاهده پاسخ های این مطلب
———————————————
این مطلب از سایت انجمن وردپرس گردآوری شده است و کلیه حقوق مطلق به انجمن وردپرس می باشد در صورت مغایرت و یا بروز مشکل اطلاع دهید تا حذف گردد

منبع: انجمن وردپرس