Apache authentication: NTLM Single Signon: Difference between revisions

From Alpine Linux
(initial page creation)
 
(very minor formatting and reference to Apache page, proposal for merge with Apache page)
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
NTLM single sign on under Apache<br />
{{Merge|Apache|Everything in one place seems logical}}
Prereqs:<br />
From http://samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/:<br />
mod_auth_ntlm_winbind.c<br />
configure.in<br />
Makefile.in<br />
<br />
autoconf<br />
alpine-sdk<br />
apache-dev<br />
apr-util-dev<br />
apr-dev<br />
samba (joined to a Windows Domain) with winbind running<br />
<br />
Steps:<br />
working dir is where the above 3 source files are<br />
autoconf<br />
./configure<br />
make<br />
add to httpd.conf (module section):<br />
LoadModule auth_ntlm_winbind_module lib/apache2/mod_auth_ntlm_winbind.so<br />
add to httpd.conf (virtual host):<br />
AuthType NTLM<br />
NTLMauth on<br />
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"<br />
Require user jbilyk<br />


Restart apache and test<br />
NTLM single sign on under [[Apache]]
 
{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
 
== Installation and Configuration ==
 
Install needed packages:
 
{{cmd|# apk add apache2 apache-mod-auth-ntlm-winbind}}
 
Add apache user to winbind group:
 
{{cmd|# addgroup <user> winbind}}
 
add to httpd.conf (virtual host):
 
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 
AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <users>
</nowiki>
}}
 
Ensure that all users requiring authentication are added to the last line.
 
Alternatively, allow all valid users who are members of the winbind domain with the following:
 
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 
AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
Require valid user
</nowiki>
}}
 
Restart Apache and test:
 
{{cmd|# rc-service apache2 restart}}
 
 
 
[[Category:Authentication]]
[[Category:Web Server]]

Latest revision as of 16:46, 14 May 2023

This material is proposed for merging ...

It should be merged with Apache. Everything in one place seems logical (Discuss)

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Installation and Configuration

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" Require user <users>

Ensure that all users requiring authentication are added to the last line.

Alternatively, allow all valid users who are members of the winbind domain with the following:

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" Require valid user

Restart Apache and test:

# rc-service apache2 restart

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Apache_authentication:_NTLM_Single_Signon&oldid=23431"