Difference between revisions of "Apache authentication: NTLM Single Signon"
Line 15: | Line 15: | ||
NTLMauth on | NTLMauth on | ||
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" | NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" | ||
− | Require user <user | + | Require user <users> |
+ | </pre> | ||
+ | |||
+ | Ensure that all users requiring authentication are added to the last line. | ||
+ | |||
+ | Alternatively, allow all valid users who are members of the winbind domain with the following: | ||
+ | |||
+ | <pre>AuthType NTLM | ||
+ | NTLMauth on | ||
+ | NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" | ||
+ | Require valid user | ||
</pre> | </pre> | ||
− | |||
Restart apache and test: | Restart apache and test: |
Revision as of 17:52, 7 December 2018
NTLM single sign on under Apache
Note: This guide assumes you have Samba configured and connected to a Windows domain
Install needed packages:
# apk add apache2 apache-mod-auth-ntlm-winbind
Add apache user to winbind group:
# addgroup <user> winbind
add to httpd.conf (virtual host):
AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" Require user <users>
Ensure that all users requiring authentication are added to the last line.
Alternatively, allow all valid users who are members of the winbind domain with the following:
AuthType NTLM NTLMauth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users"" Require valid user
Restart apache and test:
# rc-service apache stop && rc-service apache start