[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?

Palle Girgensohn girgen at pingpong.net
Fri Oct 22 22:07:29 GMT 2004

Thanks a lot for these links!

Best regards,

--On fredag 22 oktober 2004 16.47 -0400 awilliam at whitemice.org wrote:

>> What I want is to skip the login prompt and instead authenticate using a
>> NTLM/Kerberos ticket...
> Yes.
>> > > What is happening between the web server & the web client? Is the
>> > > protocol  open or reverse engineered? Can this authentication be done
>> > > using apache @  unix (perhaps by apache interacting with samba
>> > > somehow)?
>> > On the server side - yes, even current versions of SASL support NTLM.
>> Hmm, but there's no mod_sasl around, so I don't see how that will help?
> No, you don't use SASL for apache, but you might for Cyrus, etc...
> Squid has it's own NTLM support,  several mechanism exist for doing NTLM
> or GSSAPI via apache.
> http://modntlm.sourceforge.net/
> http://modauthkerb.sourceforge.net/configure.html
>> > > Any ideas or links to more info about this would be much appreciated.
>> > On the UNIX/LINUX client side I think your stuck;  nothing I've found
>> > supports it.  If you in an AD domain or Kerberos environment you can
>> > probably do the same thing with GSSAPI.
>> This time I'm really not interested in unix client, only unix as server,
>> so this is OK, although someone here wrote about Mozillla handling at
>> least Kerberos...
> http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html

More information about the samba mailing list