[Samba] Authenticating Apache Against Active Directory
James
lingpanda101 at gmail.com
Tue May 12 08:13:09 MDT 2015
On 5/12/2015 8:31 AM, Nico Kadel-Garcia wrote:
> On Mon, May 11, 2015 at 11:24 AM, James <lingpanda101 at gmail.com> wrote:
>> Hello,
>>
>> Using Nagios on Ubuntu 14.04.1 LTS. I'm attempting to authenticate
>> users against Samba 4.2.1. When I edit 'apache2.conf' with
>>
>>
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> Require all granted
>> Allow from all
>> AuthName "AD authentication"
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthLDAPGroupAttribute member
>> AuthLDAPGroupAttributeIsDN On
>> AuthLDAPURL
>> ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*)
>> AuthLDAPBindDN cn=apache-connect,cn=Users,domain
>> AuthLDAPBindPassword password
>> require ldap-group cn=Nagios-Admins,cn=Users,domain
> Why are you bothering to use anything outside of Kerberos? Very few
> web projects actually need any group, uid, or other information and
> are much simplified by simply relying in the inherent Kerberos of a
> modern Samba server or AD based service. It also helps eliminate any
> need for LDAP credentials with which to issue LDAP queries, and lends
> itself much more easily to genuine "single-sign-on" solutions.
>
> Nico Kadel-Garcia
Nico,
Went with Kerberos and everything went smoothly. How do I limit what
users are allowed access?
Here is my Apache config for nagios in case it helps anyone.
<location /"nagios.html">
AuthType Kerberos
AuthName "Network Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms DOMAIN.LOCAL
require valid-user
Krb5KeyTab /etc/apache2/conf-enabled/httpd.keytab
KrbLocalUserMapping On
</Location>
I had to install Kerberos first for Apache(Debian based)on Ubuntu
14.04.1 LTS
apt-get install libapache2-mod-auth-kerb
--
-James
More information about the samba
mailing list