Users can also login with their AD creds to view ticket status, post replys, etc... by clicking the sign in link in the upper right of the splash page. 

>CentOS 7.1Are you running SELinux?If so try disabling it and see what happend.  If it works then you are running afoul a SELinux rule.

We are not.  sestatus is disabled

@[deleted]Sorry for late response, but in your case, I'd look at the log files of apache. Maybe change loglevel to debug ;)Beside, you can try to setup directory protected with SSO login and try login there. If that works osTicket should work too.Also maybe your apache config regarding SSO would be helpful.

@[deleted]

I used the following guide to get Apache SSO working on my webserver and worked like a charm:

http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/

Before I had tried some other guides, but that one worked best and also has a section what errors can happen and how to fix them ;)

The link is not working. Please give us another one if possible. Thanks!

@[deleted]Works fine here. I attached 5 screenshots showing the whole instructions from the linked page.Cheers,Michael

In addition, since the screenshots cannot be scrolled:ktpass -princ HOST/webserver.yourdomain.com@YOURDOMAIN.COM -mapuser tukerberos@YOURDOMAIN.COM -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass Kerber0s -out c:\krb5.keytab

ktpass -princ HTTP/webserver.yourdomain.com@YOURDOMAIN.COM -mapuser tukerberos@YOURDOMAIN.COM -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass Kerber0s -out c:\krb5.keytab -in c:\krb5.keytabwebserver:~# ktutil

ktutil: addent -password -p HOST/webserver.yourdomain.com@YOURDOMAIN.COM -k 18 -e rc4-hmac

Password for HTTP/webserver.yourdomain.com@YOURDOMAIN.COM: Kerber0s

ktutil: addent -password -p HTTP/webserver.yourdomain.com@YOURDOMAIN.COM -k 18 -e rc4-hmac

Password for HTTP/webserver.yourdomain.com@YOURDOMAIN.COM: Kerber0s

ktutil: wkt /etc/krb5.keytab

ktutil: q

HimCan this be done on windows+wamp environment ?

I have and error in my apache  PHP Notice:  Undefined index: REMOTE_USER in /var/www/index.php on line 18, referer: http://osticket/open.phpBut i can't see where i have made a mistake.

Another error.root@osTicket:~# kinit -k -t /etc/krb5.keytabkinit: Client 'host/osticket.diakonissen.local@DIAKONISSEN.LOCAL' not found in Kerberos database while getting initial credentialsDunno if this helps, but wbinfo seems to be working atleast.root@osTicket:~# wbinfo -tchecking the trust secret for domain DIAKONISSEN via RPC calls succeededroot@osTicket:~#Info about my system.Server InformationosTicket Versionv1.9.9-1-gbe2f138 (be2f138)Web Server SoftwareApache/2.2.22 (Debian)MySQL Version5.5.43PHP Version5.4.39-0+deb7u2PHP Extensionsgdlib Used for image manipulation and PDF printingimap Used for email fetchingxml XML APIxml-dom Used for HTML email processingjson Improves performance creating and processing JSONmbstring Highly recommended for non western european language contentphar Highly recommended for plugins and language packsfileinfo Used to detect file types for uploads

@[deleted] - Maybe you have the answer?

@[deleted]Not really. I'd suggest to take a closer look at the kerberos error message and find the solution. I know I struggled also with the kerberos stuff for a while and once I solved all errors on that end, other things (who also did not work) started working then, so my suggestion is to search the web and fix kerberos related stuff before trying to fix other issues like "Undefined index: REMOTE_USER in /var/www/index.php on line 18, referer: http://osticket/open.php" which I guess is related to kerberos since the authentication cannot be done correctly and so the REMOTE_USER var stays empty/unset.

I've followed the instructions in order to get SSO working with Apache, however I am getting initially prompted for the user/password upon arriving to website then automatically signed in (without having to enter credentials) when clicking "Sign In" or "Open new Ticket". What could I have misconfigured? Should this have anything to do with the placement of my .htaccess file? I am operating on CentOS 7, osticket v1.9.12, apache v2.4.6, and php v5.416. I successfully installed the LDAP plugin, which is working fine. Also if SSO is implemented how should I be able to access the agent/admin panel? 

Figured it out (:

Hi all,I'm using IIS with osTicket and I had to disable Anonymous authentication and make sure Windows Authentication is Enabled for the HTTP Pass Through plug-in to work.

FYI, I got this working in an entirely Windows network environment with a Windows 2012 R2 server doing Active Directory, running the newest stable version of osTicket (version 10.4) on Apache webserver on an Ubuntu 16.04 server.I got the client login to work flawlessly on Chrome and IE, for whatever reason, its broke on Firefox. Firefox keeps prompting for what looks like an .htaccess login which makes no sense cause I didn't do it with .htaccess but with the <Location /> options in virtual-host configuration file for my osticket. Looks like this:<Location />        AuthType Kerberos        AuthName “osticket-webserver”        KrbAuthRealms domainname.com        KrbServiceName HTTP        Krb5Keytab /etc/krb5.keytab        KrbMethodNegotiate On        KrbMethodK5Passwd On        require valid-user        </Location> Whatever reason though won't work on the Agent portal "/scp" not sure why... i think its a apache config issue. Looking into it.

- Another important step: Make sure SSO is working and you get authenticated against the webserver with you windows user account and don't get asked for you password or get any other kind of error.This part is not working, Chrome, IE and Firefox ask for credentials. Can someone give some tips?

So my client side is working great still but completely stuck on my /scp page. Can't get my agents to auto-login, still prompted for password and hitting "login" doesn't start the Kerberos authentication process either.I'm not getting any errors on kerberos or apache, and my apache access log reads as follows:10.1.10.28 - username@DOMAIN.COM "POST /scp/login.php HTTP/1.1" 422 3377 "http://osticket.domain.com/scp/login.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"So its using the kerberos authentication as you can see by username@domain.com but doesn't seem to work? Not sure why...Here's my Virtual Host config:<VirtualHost osticket.domain.com>        RewriteEngine On        RedirectMatch ^/view.php$ /tickets.php        RedirectMatch ^/account.php$ /tickets.php        ServerName osticket.domain.com        ServerAlias osticket        ServerAdmin webmaster@domain.com        DocumentRoot /var/www/osticket/upload        ErrorLog ${APACHE_LOG_DIR}/osticket_error.log        CustomLog ${APACHE_LOG_DIR}/osticket_access.log combined        <Location />                AuthType Kerberos                AuthName "Kerberos Login"                KrbAuthRealms DOMAIN.COM                KrbServiceName HTTP/osticket.domain.com                Krb5Keytab /etc/krb5.keytab                KrbMethodNegotiate On                KrbMethodK5Passwd On                Require valid-user        </Location></VirtualHost>What am I missing here?

@[deleted] this is happening to me on Firefox; but it does work for me on IE and Chrome HOWEVER the auto-logon with Kerberos authentication only works on the Client Portal. Whenever my agents and I go to the /scp agent portal login, the auto-login does not happen, not even if you click "Login". I still am required to put in my username+password in order to get into the Agent portal.If anyone knows why, I'd much appreciative.Im running Ubuntu 16.04 and running osTicket 1.10.4 (035fd0a)