I hope you can help me with my problem.
I initially had a vhost config with Basic Authentication with "AuthUserFile" which works fine. Now I wanted to use Radius for certain sites and installed "mod_auth_radius" according to the instructions. Since then, the other sites try also authentication via radius instead of "AuthUserFile", although no radius is configured there.
[001mgm ~]$ grep LoadModule /etc/httpd/conf/httpd.conf
# have to place corresponding `LoadModule' lines at this location so the
# LoadModule foo_module modules/mod_foo.so
LoadModule radius_auth_module /usr/lib64/httpd/modules/mod_auth_radius.so
[001mgm ~]$
[001mgm ~]$
[001mgm ~]$ sudo httpd -M | egrep '(rad|basic|core|file)' core_module (static)
radius_auth_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_groupfile_module (shared)
Here the 1st vhos1-site.conf with AuthUserFile authentication
# domain name
Define SERVER_NAME site1.x.x.x
Define ROOTDIR /..../site1
Define LOCATION site1
# HTPASSWD File
<AuthnProviderAlias file allowed-users>
AuthUserFile ${ROOTDIR}/.htpasswd
</AuthnProviderAlias>
<VirtualHost *:80>
ServerName ${SERVER_NAME}
ServerAdmin ${SERVER_ADMIN}
CustomLog ${APACHE_LOG_DIR}/${SERVER_NAME}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/${SERVER_NAME}/error.log
RedirectMatch (.*) https://${SERVER_NAME}$1
</VirtualHost>
<VirtualHost *:443>
ServerName ${SERVER_NAME}
ServerAdmin ${SERVER_ADMIN}
DocumentRoot ${ROOTDIR}
LogLevel debug rewrite:trace6
#LogLevel error ssl:warn
CustomLog ${APACHE_LOG_DIR}/${SERVER_NAME}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/${SERVER_NAME}/error.log
SSLEngine on
SSLCertificateFile ${SSL_CERT}
SSLCertificateKeyFile ${SSL_KEY}
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite @SECLEVEL=3:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-AES128:-SHA256:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
SSLCompression Off
<Directory ${ROOTDIR}>
Options Indexes MultiViews FollowSymlinks SymLinksIfOwnerMatch
DirectoryIndex index.php
<RequireAll>
Require ip ....
Require ip ....
Require ip ....
</RequireAll>
SSLRequireSSL
AuthType Basic
AuthName "Auth for ${Location}"
AuthBasicProvider allowed-users
Require valid-user
</Directory>
</VirtualHost>
And the 2nd vhost-site2.conf with radius authentication:
# domain name
Define SERVER_NAME site2.x.x.x
Define ROOTDIR /..../site2
Define LOCATION site2
# RADIUS
Define RADIUS_HOST x.x.x.x:1812
<IfModule mod_auth_radius.c>
AddRadiusAuth ${RADIUS_HOST} xxxxsecretxxxx 5:3
AddRadiusCookieValid 5
</IfModule>
<VirtualHost *:80>
ServerName ${SERVER_NAME}
ServerAdmin ${SERVER_ADMIN}
CustomLog ${APACHE_LOG_DIR}/${SERVER_NAME}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/${SERVER_NAME}/error.log
RedirectMatch (.*) https://${SERVER_NAME}$1
</VirtualHost>
<VirtualHost *:443>
ServerName ${SERVER_NAME}
ServerAdmin ${SERVER_ADMIN}
DocumentRoot ${ROOTDIR}
LogLevel debug rewrite:trace6
#LogLevel error ssl:warn
CustomLog ${APACHE_LOG_DIR}/${SERVER_NAME}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/${SERVER_NAME}/error.log
SSLEngine on
SSLCertificateFile ${SSL_CERT}
SSLCertificateKeyFile ${SSL_KEY}
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite @SECLEVEL=3:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-AES128:-SHA256:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
SSLCompression Off
<Directory ${ROOTDIR}>
Options Indexes MultiViews FollowSymlinks SymLinksIfOwnerMatch
DirectoryIndex index.php
<RequireAll>
Require ip ....
Require ip ....
Require ip ....
</RequireAll>
SSLRequireSSL
AuthType Basic
AuthName "Auth for ${Location}"
AuthBasicProvider radius
AuthBasicAuthoritative Off
AuthRadiusAuthoritative on
AuthRadiusActive On
AddRadiusCallingStationID ${Location}
AuthRadiusCookieValid 15
AuthRadiusDebug on
Require valid-user
</Directory>
</VirtualHost>
The Logs show (debug) following:
AH02034: Initial (No.1) HTTPS request received for child 146 (server site1.x.x.x.x:443)
[Thu Jul 20 15:31:44.459561 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1308): Radius Auth for: site1.x.x.x.x requests / : file=/.../site1/
[Thu Jul 20 15:31:44.459587 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1338): No cookie found. Trying RADIUS authentication.
[Thu Jul 20 15:31:44.460186 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1037): Sending packet on x.x.x.x:1812
[Thu Jul 20 15:31:44.516263 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1196): RADIUS authentication failed for user "user_in_AuthFile"
[Thu Jul 20 15:31:44.516284 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1355): RADIUS authentication for user=user_in_AuthFile password=yyyyyy failed
[Thu Jul 20 15:31:44.516293 2023] [:debug] [pid 10342:tid 139805463598848] mod_auth_radius.c(1361): Sending failure message to user=user_in_AuthFile
As you can see, even radius is not configured i vhost-site1.conf, authentication is checked via radius and not to the local file.
When i disabled "radius_auth_module" and restart apache, authentication on site1 works again.
What's wrong with my vhosts-config or httpd.conf?
Many thanks for any hints or suggestions
