Difference between revisions of "Apache authentication: NTLM Single Signon"

From Alpine Linux
Jump to: navigation, search
Line 15: Line 15:
 
NTLMauth on
 
NTLMauth on
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
 
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <user>
+
Require user <users>
 +
</pre>
 +
 
 +
Ensure that all users requiring authentication are added to the last line.
 +
 
 +
Alternatively, allow all valid users who are members of the winbind domain with the following:
 +
 
 +
<pre>AuthType NTLM
 +
NTLMauth on
 +
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
 +
Require valid user
 
</pre>
 
</pre>
Don't forget to customize the final line with the username(s) that you wish to limit usage to.  Alternatively, make the final line "Require valid user" and change the helper line to include something like -require-membership-of="WORKGROUP\Domain Users"
 
  
 
Restart apache and test:
 
Restart apache and test:

Revision as of 17:52, 7 December 2018

NTLM single sign on under Apache

Note: This guide assumes you have Samba configured and connected to a Windows domain

Install needed packages:

# apk add apache2 apache-mod-auth-ntlm-winbind

Add apache user to winbind group:

# addgroup <user> winbind

add to httpd.conf (virtual host):

AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
Require user <users>

Ensure that all users requiring authentication are added to the last line.

Alternatively, allow all valid users who are members of the winbind domain with the following:

AuthType NTLM
NTLMauth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="WORKGROUP\Domain Users""
Require valid user

Restart apache and test:

# rc-service apache stop && rc-service apache start