Authentication under Windows 2000/IIS 5 ?

I'm running MRBS on Windows 2000 Server/IIS 5 and it works just as it
should do but I'm having problems with authentication.

The IP based authentication works perfectly but even though I know it's
not the best solution I would like to get MRBS working with the
'badpw.pl' method. I've tried to set it up as detailed in the various
readme files and when clicking on a link in MRBS a password dialogue box
appears (username/password/domain) but it does not like the details I
enter.

Any help would be greatly appreciated (or reccomendations for better
authentication methods that are simple to setup).

Thank you.

Clive Arnold - IT Co-ordinator
White and Bowker Solicitors.
***********************************************************************
Confidentiality: This e-mail message and any attachments may contain
confidential and/or legally privileged information.  It is intended for
the addressee only and if you are not the intended recipient you should
not copy or use the contents nor disclose them to anybody else.
In such a case please notify the sender by return e-mail immediately
and delete this message and its attachments together with all copies
in whatever form.

Security: In the case of a client contacting White and Bowker by
e-mail, White and Bowker will assume that they have the clients'
implied consent to communicate (with the client) using e-mail, in the
clients full knowledge that e-mail is not a secure mode of

Re: Authentication under Windows 2000/IIS 5 ?

> I'm running MRBS on Windows 2000 Server/IIS 5 and it works just as it
> should do but I'm having problems with authentication.
>
> The IP based authentication works perfectly but even though I know it's
> not the best solution I would like to get MRBS working with the
> 'badpw.pl' method. I've tried to set it up as detailed in the various
> readme files and when clicking on a link in MRBS a password dialogue box
> appears (username/password/domain) but it does not like the details I
> enter.
>
> Any help would be greatly appreciated (or reccomendations for better
> authentication methods that are simple to setup).
>

Since you're running on Windows, with IIS, I'd suggest NT authentication. 
Then you can control access via NTFS and/or IIS security.  You'll need
auth_nt.inc, and set $auth["type"]   = "nt";  I don't think auth_nt.inc is
included in the MRBS archive, but should be available for download. 
Search the list.

Works perfectly here, and this way users aren't even prompted for a
username/password...The NTLM authentication just looks at who's logged in
on the workstation, and if they're a member of the appropriate group,
grants access.

--

-- 
- Matt -

Re: Authentication under Windows 2000/IIS 5 ?

I played a bit with the authentication part or mrbs.

First, if you can rely on NT user accounts, follow MPayton advice.

Second, for badpw.pl script using aut_ext authentication, even if it is not written, :
 - it seems obvious you need to install a perl interprer on windows!
 - you need to write you OWN script (with perl or another language), badpw.pl in only an example.
 - all authentication mode using basic authentication need PHP beeing used as a SAPI module, not as CGI
(ISAPI for windows, module for Apache).

This said, I ran into difficulties to run this simple script. I have not used perl before, so it is normal it
does not work the first time, but I can only run this script on linux if I remove the escapeshellarg function
from the line 
"preg_replace('/#USERNAME#/',escapeshellarg($user),$cmd);" 
and 
" $cmd = preg_replace('/#PASSWORD#/',escapeshellarg($pass),$cmd); 
in aut_ext.inc. 

The added quotes to the username and password seems to be considered as part of them, thus authentication
fail. I think there is something tricky on my system, as this script should work as this I think.

On windows, I installed free ActivePerl, and I ran some sample demo script successfully, but PHP seems to
completely ignore the return code of the exec function. I ran some tests and the returned code exec($cmd,
$output, $ret); is always 0, even if I change all exit 0 to exit 1 in the perl script. I don't know if this is an
ActivePerl or PHP on Windows issue.

----Message d'origine----
>De: "Clive Arnold" <Clive.Arnold <at> wandb.co.uk>
>A: <mrbs-general <at> lists.sourceforge.net>
>Sujet: [MRBS-general] Authentication under Windows 2000/IIS 5 ?

Errors

Re: Errors

You have an old version of config.inc. Remove the quotes surrounding LC_ALL in the setlocale functions.

By the way, it is just a warning that should not be displayed with a default php.ini-dist or
php.ini-recommended with error logging turn on and display error turn off as it should be.

TB

----Message d'origine----
>De: "Corey Dean" <cdean <at> firstcitizensbank.com>
>A: <mrbs-general <at> lists.sourceforge.net>
>Sujet: [MRBS-general] Errors
>Date: Mon, 2 Jun 2003 08:17:06 -0400
>
>I am receiving these errors All of a sudden.  This is an older version
>of MRBS, I also tried a newer version and am receiving the same
>errors...
>
>Warning: setlocale() [function.setlocale
><http://www.php.net/function.setlocale> ]: Passing locale category name
>as string is deprecated. Use the LC_* -constants instead. in
>/usr/local/apache/htdocs/mrbs.old/web/config.inc on line 121
>
>Warning: setlocale() [function.setlocale
><http://www.php.net/function.setlocale> ]: Passing locale category name
>as string is deprecated. Use the LC_* -constants instead. in
>/usr/local/apache/htdocs/mrbs.old/web/config.inc on line 142
>
>Warning: setlocale() [function.setlocale
><http://www.php.net/function.setlocale> ]: Passing locale category name
>as string is deprecated. Use the LC_* -constants instead. in
>/usr/local/apache/htdocs/mrbs.old/web/config.inc on line 121
>
>Warning: setlocale() [function.setlocale
><http://www.php.net/function.setlocale> ]: Passing locale category name
>as string is deprecated. Use the LC_* -constants instead. in
>/usr/local/apache/htdocs/mrbs.old/web/config.inc on line 142
>
>Anyone give me a hand with this?  All I did was update apache and PHP...
>Last time I updated them both to the latest version I didn't have this
>problem...
>Corey
>
>
>
>CONFIDENTIALITY NOTICE
>_______________________________________________________________________
>
>The information contained in this ELECTRONIC MAIL transmission
>is confidential.  It may also be privileged work product of proprietary
>information.  This information is intended for the exclusive use of the
>addressee(s).  If you are not the intended recipient, you are hereby
>notified that any use, disclosure, dissemination, distribution [other
>than to the addressee(s)], copying or taking of any action because
>of this information is strictly prohibited.
>_______________________________________________________________________
>
>

-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Téléphone/Fax : 08 92 69 00 21 (0,34 € TTC/min)
Minitel: 3615 NETCOURRIER (0,15 € TTC/min)

Re: Errors

sorry,

warnings are displayed, not notices.

>By the way, it is just a warning that should not be displayed with a >default php.ini-dist 
>TB

----Message d'origine----
>De: "Corey Dean" <cdean <at> firstcitizensbank.com>

-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Téléphone/Fax : 08 92 69 00 21 (0,34 € TTC/min)
Minitel: 3615 NETCOURRIER (0,15 € TTC/min)

RE: Authentication under NT/Win2000/IIS5

>Since you're running on Windows, with IIS, I'd suggest NT authentication. 
>Then you can control access via NTFS and/or IIS security.  You'll need
>auth_nt.inc, and set $auth["type"]   = "nt";  I don't think auth_nt.inc is
>included in the MRBS archive, but should be available for download. 
>Search the list.

As long as your users are running Internet Explorer you don't have to bother
with any of this.  When PHP is running on a Win2K server and access to the
web share is restricted to domain users IE will automatically authenticate
against IIS and populate the $AUTH_USER PHP global variable with the
logged-in user's name.  You can then just use the simple "user" auth type
and add any admin usersnames to the admin array.

The $AUTH_USER variable has the domain prepended so I strip it out with:
	return substr( $AUTH_USER,strrpos($AUTH_USER,"\\")+1)

This may need some tweaking for current versions of PHP and MRBS if you
haven't got REGSITER GLOBALS turned on.  

Other tweaks I've done include displaying pre-filled mailto: links for
everyone except admins who get the regular links to add or edit entries.

The whole thing also runs against an MS SQL 2000 database.  I modified the
sybase table generation scripts and used the mssql php module with a custom
mssql.inc.

I'll document and post all of this to the list one of these days. As soon as
this *&! <at> #$% accounting system upgrade is done!

RE: Authentication under NT/Win2000/IIS5

Thanks for the info Gregory :)

Clive.

>>> "SMITH Gregory C." <gsmith <at> ahbl.ca> 03/06/2003 16:59:25 >>>

>Since you're running on Windows, with IIS, I'd suggest NT
authentication. 
>Then you can control access via NTFS and/or IIS security.  You'll
need
>auth_nt.inc, and set $auth["type"]   = "nt";  I don't think
auth_nt.inc is
>included in the MRBS archive, but should be available for download. 
>Search the list.

As long as your users are running Internet Explorer you don't have to
bother
with any of this.  When PHP is running on a Win2K server and access to
the
web share is restricted to domain users IE will automatically
authenticate
against IIS and populate the $AUTH_USER PHP global variable with the
logged-in user's name.  You can then just use the simple "user" auth
type
and add any admin usersnames to the admin array.

The $AUTH_USER variable has the domain prepended so I strip it out
with:
	return substr( $AUTH_USER,strrpos($AUTH_USER,"\\")+1)

This may need some tweaking for current versions of PHP and MRBS if
you
haven't got REGSITER GLOBALS turned on.  

Other tweaks I've done include displaying pre-filled mailto: links for
everyone except admins who get the regular links to add or edit
entries.

The whole thing also runs against an MS SQL 2000 database.  I modified
the
sybase table generation scripts and used the mssql php module with a
custom
mssql.inc.

I'll document and post all of this to the list one of these days. As
soon as
this *&! <at> #$% accounting system upgrade is done!

***********************************************************************
Confidentiality: This e-mail message and any attachments may contain
confidential and/or legally privileged information.  It is intended for
the addressee only and if you are not the intended recipient you should
not copy or use the contents nor disclose them to anybody else.
In such a case please notify the sender by return e-mail immediately
and delete this message and its attachments together with all copies
in whatever form.

Security: In the case of a client contacting White and Bowker by
e-mail, White and Bowker will assume that they have the clients'
implied consent to communicate (with the client) using e-mail, in the
clients full knowledge that e-mail is not a secure mode of
communication. 

Business Use: Any views or opinions expressed in this message (and any
attachments) that do not relate to the official business of White &
Bowker are neither given nor endorsed by it.

Viruses: This e-mail and any attachments has been checked for viruses
using Guinevere but White & Bowker accepts no responsibility for any
viruses not revealed by such check and in accordance with good
computing practice recipients should ensure that they are actually
virus free.

In case of any query relating to this message or its content please
contact the Sender or the System Manager by return e-mail or telephone
+44 (0)1962 844440 or by post at White & Bowker 19 St. Peter Street
Winchester SO23  8BU  United Kingdom
***********************************************************************

Integrate MRBS authentication with existing single-sign-on Web authentication

Thought some folks might be interested in how I got MRBS to work with my
existing cookie-based single-sign-on Web authentication service.

I'm running MRBS on Unix/Apache with MySQL, and my institution has developed
an authentication service called Pubcookie (more info available at
http://pubcookie.org/).

I turned on pubcookie authentication in the directory that contains the MRBS
.php and .inc files. Then I set config.inc so MRBS would use IP
authentication. Then I changed auth_ip.inc as follows:

function getUserName()
{
        global $REMOTE_ADDR;
        return $REMOTE_ADDR;
}

became

function getUserName()
{
        global $REMOTE_USER;
        return $REMOTE_USER;
}

This puts the user logon handle (instead of the IP address) in the "added
by" field of room bookings.

Then I had to add the user logon handles I wanted as administrators into
config.inc, as MRBS was no longer looking at IP addresses for authorization.

So, a big thanks for making MRBS authentication modular enough-- and for
providing the simple IP authentication-- that I could adapt it to my needs.
Many other PHP scripts I've looked at go too far in providing a turnkey
authentication/authorization solution that's a much bigger headache to
integrate with an existing service.

----------------------------------------------------------------------
John Burkhardt
Manager of Online Services
University of Washington Alumni Association
1415 NE 45th St.
Seattle, Wash., 98105
(206)  685-9272
johnbjr at u dot washington dot edu

n-weekly bookings not working

n-weekly bookings don't appear to be working on my installation of MRBS. 
The booking for the current week shows up, but not in any other week.  I
try booking the times in the following weeks and there is no conflict.  I
tried the MRBS demo at http://mrbs.sourceforge.net/mrbs/ and got the same
results.

I read a few messages about n-weekly booking problems, but did not see a
solution.  Is this a bug or am I doing something silly?

Thanks in advance, and thanks for making MRBS.

teedog