Table of contents
- 1. Mod_NTLM
- 2. Mod_Auth_Kerb
- 1. Mod_NTLM
- 2. Mod_Auth_Kerb
Mod_NTLM
Disadvantages include no group support and no support for NTLM2, which is default in Vista.
Install Instructions:
From here: (http://ubuntuforums.org/showthread.php?p=1706192)
- mkdir ntlm && cd ntlm
- wget http://www.jamiekerwick.co.uk/modntlm/ntlm2.tar.gz
- tar -zxvf ntlm2.tar.gz
- sudo apt-get update
- sudo apt-get install apache2-prefork-dev gcc-3.4
- sudo ln -fs /usr/bin/gcc-3.4 /usr/bin/gcc
Changes made according to this: http://wiki.bestpractical.com/view/NtlmAuthentication
- cd smbval
- sudo nano smblib.inc.c
- For the two lines that look like this:
static int SMBlib_errno; static int SMBlib_SMB_Error;
- Change to this:
int SMBlib_errno; int SMBlib_SMB_Error;
- For the line that looks like this:
static SMB_State_Types SMBlib_State;
- Change to this:
SMB_State_Types SMBlib_State;
- cd ..
- sudo nano mod_ntlm.c
- Change the line that looks like this:
apr_pool_sub_make(&sp,p,NULL);
- To this:
apr_pool_create_ex(&sp,p,NULL,NULL);
- sudo apxs2 -i -c mod_ntlm.c
- sudo make clean
- sudo echo "LoadModule ntlm_module /usr/lib/apache2/modules/mod_ntlm.so" > /etc/apache2/mods-available/ntlm.load
- sudo a2enmod ntlm
- cd /etc/apache2
- sudo nano httpd.conf
- Paste the following, and modify accordingly:
AuthType NTLM NTLMAuth on NTLMAuthoritative on NTLMDomain YOURDOMAIN NTLMServer yourDomainController NTLMBackup yourBackupDomainController Require valid-user
- sudo /etc/init.d/apache2 restart
Mod_Auth_Kerb
Kerberos authentication. You will need to create a dummy account for credentials. I called mine wikikerb.
Capitilization matters!
Instructions from here: http://twiki.org/cgi-bin/view/TWiki/Windows2003Authentication
- sudo apt-get install krb5-user
- nano /etc/krb5.conf
- Add the following:
[libdefaults]
default_realm = DOMAIN.COM
[domain_realm]
domain.com = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = win2k3.domain.com
admin_server = win2k3.domain.com
}
- Ensure that you can ping between the Windows 2003 server and the linux server in both directions and using both the fully-qualified domain name (win2k3.acme.local) and the IP address.
- On your Domain Controller:
ktpass -princ HTTP/wiki.domain.com@DOMAIN.COM -mapuser wikikerb -crypto DES-CBC-MD5 -pass password -ptype KRB5_NT_PRINCIPAL -out c:\http.keytab
- Copy the http.keytab file from your domain controller, to /etc/apache2 on your wiki
- Test the keytab file like so from your wiki console (This should exit without any error messages):
kinit -k -t /etc/apache2/http.keytab HTTP/wikisvr.domain.com
- sudo apt-get install libapache2-mod-auth-kerb
- nano /etc/apache2/httpd.conf
- Add the following:
<Location />
Allow from all
AuthType Kerberos
KrbAuthRealms DOMAIN.COM
KrbServiceName HTTP
Krb5Keytab /etc/apache2/http.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
Require valid-user
</Location>
- /etc/init.d/apache2 restart
- Tag page
- What links here
