Apache authentication: NTLM Single Signon: Difference between revisions

Revision as of 17:48, 7 December 2018

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <user>

Don't forget to customize the final line with the username(s) that you wish to limit usage to. Alternatively, make the final line "Require valid user" and change the helper line to include something like

{{{1}}}

Restart apache and test:

# rc-service apache stop && rc-service apache start

@@ Line 1: / Line 1: @@
-NTLM single sign on under Apache<br />
+NTLM single sign on under Apache
-Install needed packages (you will need both the main and testing repositories from edge):<br />
- apache2<br />
+{{Note|This guide assumes you have Samba configured and connected to a Windows domain}}
- apache-mod-auth-ntlm-winbind<br />
- samba (joined to a Windows Domain) with winbind running<br />
+Install needed packages:
-<br />
-add apache user to winbind group<br />
+{{cmd|# apk add apache2 apache-mod-auth-ntlm-winbind}}
-Note: This howto does not show how to join Samba to a Windows domain, only how to setup the Apache authentication helper that uses the NTLM protocol while authenticating to such a domain.
-add to httpd.conf (virtual host):<br />
+Add apache user to winbind group:
- AuthType NTLM<br />
- NTLMauth on<br />
+{{cmd|# addgroup <user> winbind}}
- NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"<br />
- Require user jbilyk<br />
+add to httpd.conf (virtual host):
-Don't forget to customize the final line with the username(s) that you wish to limit usage to.  Alternatively, make the final line "Require valid user" and change the helper line to inlude something like "-require-membership-of="WORKGROUP\Domain Users"".<br />
+<pre>AuthType NTLM
-Restart apache and test<br />
+NTLMauth on
+NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
+Require user <user>
+</pre>
+Don't forget to customize the final line with the username(s) that you wish to limit usage to.  Alternatively, make the final line "Require valid user" and change the helper line to include something like {{cmd|"-require-membership-of="WORKGROUP\Domain Users""}}
+Restart apache and test:
+{{cmd|# rc-service apache stop && rc-service apache start}}
 [[Category:Authentication]]
 [[Category:Web Server]]