[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?

Adam Tauno Williams adam at morrison-ind.com
Fri Oct 22 18:21:36 GMT 2004

> I don't use MS products at all, so I have very little knowledge with them, 
> but I believe Microsoft has as protocol where Internet Explorer can 
> automatically authenticate against an IIS server, and given that the server 
> and client are on the same NT domain, and the client user is logged in to 
> that domain, the user is automatically logged in without the need to give 
> away the password one more time to the webserver.

You're talking about NTLM.
> What is happening between the web server & the web client? Is the protocol 
> open or reverse engineered? Can this authentication be done using apache @ 
> unix (perhaps by apache interacting with samba somehow)?

On the server side - yes, even current versions of SASL support NTLM.

> Any ideas or links to more info about this would be much appreciated. 

On the UNIX/LINUX client side I think your stuck;  nothing I've found supports
it.  If you in an AD domain or Kerberos environment you can probably do the
same thing with GSSAPI.

More information about the samba mailing list