[Gllug] Authentication in apache2 against a Windows domain
John Edwards
john at cornerstonelinux.co.uk
Thu Jun 30 10:09:34 UTC 2005
On Thu, Jun 30, 2005 at 10:39:42AM +0100, Jon Dye wrote:
> Hi,
>
> Does anyone know if it is possible to setup apache to authenticate users
> against a Windows domain controller?
>
> We have a Windows network here at work and we have a linux machine
> running apache that we want to put in our DMZ for access by employees
> externally. We'd like to only allow access to authenticated users over
> https but we'd rather not keep a separate set of usernames and passwords
> on the box because we can't sync them with the domain controller.
>
> One thought I had was using apache against PAM and then using PAM to
> authenticate using Samba against the domain controller but I have very
> limited knowledge of PAM and don't know how easy this is.
>
> Any ideas appreciated.
>
> JD
Debian has the libapache-authensmb package, which could be used as an
alternative to PAM:
http://packages.debian.org/stable/web/libapache-authensmb
http://search.cpan.org/~speeves/Apache-AuthenSmb-0.72/
I don't know if it works with Active Directory though.
If you go down the PAM route then have a look at winbind, which
is a Samba package to allow PAM and NSS to use user information
in Active Directory or NT domain controllers:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
In both cases you will probably need to join the domain before
the Windows server will allow you access.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
| |
| A. Because it breaks the logical sequence of discussion |
| Q. Why is top posting bad ? |
#---------------------------------------------------------#
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list