[Gllug] Authentication in apache2 against a Windows domain

John Edwards john at cornerstonelinux.co.uk
Thu Jun 30 10:09:34 UTC 2005

On Thu, Jun 30, 2005 at 10:39:42AM +0100, Jon Dye wrote:
> Hi,
> Does anyone know if it is possible to setup apache to authenticate users 
> against a Windows domain controller?
> We have a Windows network here at work and we have a linux machine 
> running apache that we want to put in our DMZ for access by employees 
> externally.  We'd like to only allow access to authenticated users over 
> https but we'd rather not keep a separate set of usernames and passwords 
> on the box because we can't sync them with the domain controller.
> One thought I had was using apache against PAM and then using PAM to 
> authenticate using Samba against the domain controller but I have very 
> limited knowledge of PAM and don't know how easy this is.
> Any ideas appreciated.
> JD

Debian has the libapache-authensmb package, which could be used as an 
alternative to PAM:

I don't know if it works with Active Directory though.

If you go down the PAM route then have a look at winbind, which 
is a Samba package to allow PAM and NSS to use user information 
in Active Directory or NT domain controllers:

In both cases you will probably need to join the domain before 
the Windows server will allow you access.

|    John Edwards   Email: john at cornerstonelinux.co.uk    |
|                                                         |
| A. Because it breaks the logical sequence of discussion |
| Q. Why is top posting bad ?                             |
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list