Hi All, I have an issue with .htaccess files that has be pulling my hair out. I am trying to get Radius OTP authentication to work. I have the PAM modules working fine and can get the authentication to do its thing with no problems. My issue is that when I type in a full URL for a page that exists authentication works fine: http://www.mydomain.com/reallyapage.php <--- This works fine When I type a hanging URL which has an index.html page in the directory it works fine: http://www.mydomain.com/ <-- This works fine if 'index.html' is in the directory However, when I type a hanging URL when there is an index.php file, I get some sort of infinite authentication loop: http://www.mydomain.com/ <-- This does not work fine if 'index.php' is in the directory (and there is no index.html) The obvious answer is that the server isn't setup to find index.php files, but if I remove my .htaccess file then the server loads an index.php page for a hanging URL quite happily. Does anyone know what setting I need to drop into an Apache config file or my .htaccess file? I've lost a day on this thinking authentication wasn't working at all until I realized that I was getting this behavior. I appreciate any help!
Hi, I have a partial fix for this. For posterity, if it happens to anyone else this is how I got around it.... DirectoryIndex index.php <Files index.php> Satisfy all AuthType Basic AuthBasicProvider xradius AuthName "Please enter your username and RADIUS one-time passcode." AuthXRadiusAddServer "localhost:1812" "testing123" AuthXRadiusTimeout 7 AuthXRadiusRetries 2 require valid-user </Files> Basically I directed the server to load the php page and then required authentication. This isn't ideal though as there are other files which could be loaded and will be given up by the server with no argument. Anyone got a better solution?
Hello, How do we spell aggravating? Those damned .htaccess files are the major culprit. Simply delete your httaccess file from your site files. Then, simply backup your database and your system will auto install a newly appropriate .htaccess file so everything will work as planned. When the situation is hair pullingly aggravating, its best to just STEP AWAY FROM THE PC. Best wishes!
Too True. I've solved it though and it wasn't .htaccess's fault. I hadn't enabled RADIUS authorization caching, so every time the server requested a different object it was re-authenticating me, hence the appearance of a loop. So to enhance posterity (googlers)... Remove those <Files> sections and enable the radius cache with "AuthXRadiusCache dbm /tmp/radcache" (or similar) in your main apache2 configuration file.