Apache authentication: NTLM Single Signon: Difference between revisions

From Alpine Linux
No edit summary
(very minor formatting and reference to Apache page, proposal for merge with Apache page)
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
NTLM single sign on under Apache
{{Merge|Apache|Everything in one place seems logical}}
 
NTLM single sign on under [[Apache]]


{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
== Installation and Configuration ==


Install needed packages:
Install needed packages:
Line 12: Line 16:


add to httpd.conf (virtual host):
add to httpd.conf (virtual host):
<pre>AuthType NTLM
 
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 
AuthType NTLM
NTLMauth on
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <user>
Require user <users>
</pre>
</nowiki>
Don't forget to customize the final line with the username(s) that you wish to limit usage to. Alternatively, make the final line "Require valid user" and change the helper line to include something like {{cmd|"-require-membership-of="WORKGROUP\Domain Users""}}
}}
 
Ensure that all users requiring authentication are added to the last line.
 
Alternatively, allow all valid users who are members of the winbind domain with the following:
 
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 
AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
Require valid user
</nowiki>
}}


Restart apache and test:
Restart Apache and test:


{{cmd|# rc-service apache stop && rc-service apache start}}
{{cmd|# rc-service apache2 restart}}





Latest revision as of 16:46, 14 May 2023

This material is proposed for merging ...

It should be merged with Apache. Everything in one place seems logical (Discuss)

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Installation and Configuration

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" Require user <users>

Ensure that all users requiring authentication are added to the last line.

Alternatively, allow all valid users who are members of the winbind domain with the following:

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" Require valid user

Restart Apache and test:

# rc-service apache2 restart