[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?

Andrew Bartlett abartlet at samba.org
Mon Oct 25 12:03:09 GMT 2004

On Sat, 2004-10-23 at 06:47, awilliam at whitemice.org wrote:
> > What I want is to skip the login prompt and instead authenticate using a
> > NTLM/Kerberos ticket...
> Yes.
> > > > What is happening between the web server & the web client? Is the
> > > > protocol  open or reverse engineered? Can this authentication be done
> > > > using apache @  unix (perhaps by apache interacting with samba somehow)?
> > > On the server side - yes, even current versions of SASL support NTLM.
> > Hmm, but there's no mod_sasl around, so I don't see how that will help?
> No, you don't use SASL for apache, but you might for Cyrus, etc...
> Squid has it's own NTLM support,  several mechanism exist for doing NTLM 
> or GSSAPI via apache.
> http://modntlm.sourceforge.net/

Unfortunately mod_ntlm has problems, and the NTLMSSP it implements is
quite basic.  As such, I've brought mod_ntlm_winbindd up to scratch
(which now uses Samba's ntlm_auth, like Squid does):


That is for Apache 1.3, and someday I'll get some time to write an
apache2 version.  Such a task would start with http://source.grep.no/
but if you look at mod_ntlm_winbind, you can see that a lot of stuff can
be cleaned out.

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041025/844e90dd/attachment.bin

More information about the samba mailing list