Apache authentication: NTLM Single Signon: Difference between revisions

From Alpine Linux
No edit summary
(very minor formatting and reference to Apache page, proposal for merge with Apache page)
 
Line 1: Line 1:
NTLM single sign on under Apache
{{Merge|Apache|Everything in one place seems logical}}
 
NTLM single sign on under [[Apache]]


{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
== Installation and Configuration ==


Install needed packages:
Install needed packages:
Line 12: Line 16:


add to httpd.conf (virtual host):
add to httpd.conf (virtual host):
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf



Latest revision as of 16:46, 14 May 2023

This material is proposed for merging ...

It should be merged with Apache. Everything in one place seems logical (Discuss)

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Installation and Configuration

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" Require user <users>

Ensure that all users requiring authentication are added to the last line.

Alternatively, allow all valid users who are members of the winbind domain with the following:

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" Require valid user

Restart Apache and test:

# rc-service apache2 restart