Difference between revisions of "Apache authentication: NTLM Single Signon"

From Alpine Linux
Jump to: navigation, search
m
 
(One intermediate revision by the same user not shown)
Line 12: Line 12:
  
 
add to httpd.conf (virtual host):
 
add to httpd.conf (virtual host):
{{cat|/etc/apache2/httpd.conf|AuthType NTLM
+
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 +
 
 +
AuthType NTLM
 
NTLMauth on
 
NTLMauth on
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
 
Require user <users>
 
Require user <users>
 +
</nowiki>
 
}}
 
}}
  
Line 22: Line 25:
 
Alternatively, allow all valid users who are members of the winbind domain with the following:
 
Alternatively, allow all valid users who are members of the winbind domain with the following:
  
<pre>AuthType NTLM
+
{{cat|/etc/apache2/httpd.conf|<nowiki># /etc/apache2/httpd.conf
 +
 
 +
AuthType NTLM
 
NTLMauth on
 
NTLMauth on
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
 
Require valid user
 
Require valid user
</pre>
+
</nowiki>
 +
}}
  
Restart apache and test:
+
Restart Apache and test:
  
{{cmd|# rc-service apache stop && rc-service apache start}}
+
{{cmd|# rc-service apache2 restart}}
  
  

Latest revision as of 18:08, 7 December 2018

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" Require user <users>

Ensure that all users requiring authentication are added to the last line.

Alternatively, allow all valid users who are members of the winbind domain with the following:

Contents of /etc/apache2/httpd.conf

# /etc/apache2/httpd.conf AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" Require valid user

Restart Apache and test:

# rc-service apache2 restart