Apache authentication: NTLM Single Signon: Difference between revisions
(Updated since this has been packaged) |
(very minor formatting and reference to Apache page, proposal for merge with Apache page) |
||
(12 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
NTLM single sign on under Apache | {{Merge|Apache|Everything in one place seems logical}} | ||
Install needed packages | |||
NTLM single sign on under [[Apache]] | |||
{{Note|This guide assumes you have Samba configured and connected to a Windows domain}} | |||
add to httpd.conf (virtual host):< | == Installation and Configuration == | ||
Install needed packages: | |||
{{cmd|# apk add apache2 apache-mod-auth-ntlm-winbind}} | |||
Restart | Add apache user to winbind group: | ||
{{cmd|# addgroup <user> winbind}} | |||
add to httpd.conf (virtual host): | |||
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf | |||
AuthType NTLM | |||
NTLMauth on | |||
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" | |||
Require user <users> | |||
</nowiki> | |||
}} | |||
Ensure that all users requiring authentication are added to the last line. | |||
Alternatively, allow all valid users who are members of the winbind domain with the following: | |||
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf | |||
AuthType NTLM | |||
NTLMauth on | |||
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" | |||
Require valid user | |||
</nowiki> | |||
}} | |||
Restart Apache and test: | |||
{{cmd|# rc-service apache2 restart}} | |||
[[Category:Authentication]] | |||
[[Category:Web Server]] |
Latest revision as of 16:46, 14 May 2023
This material is proposed for merging ... It should be merged with Apache. Everything in one place seems logical (Discuss) |
NTLM single sign on under Apache
Note: This guide assumes you have Samba configured and connected to a Windows domain
Installation and Configuration
Install needed packages:
# apk add apache2 apache-mod-auth-ntlm-winbind
Add apache user to winbind group:
# addgroup <user> winbind
add to httpd.conf (virtual host):
Contents of /etc/apache2/httpd.conf
# /etc/apache2/httpd.conf
AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <users>
Ensure that all users requiring authentication are added to the last line.
Alternatively, allow all valid users who are members of the winbind domain with the following:
Contents of /etc/apache2/httpd.conf
# /etc/apache2/httpd.conf
AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
Require valid user
Restart Apache and test:
# rc-service apache2 restart