[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?

Andrew Bartlett abartlet at samba.org
Mon Oct 25 12:08:59 GMT 2004

On Sat, 2004-10-23 at 05:03, John H Terpstra wrote:
> On Friday 22 October 2004 10:49, Palle Girgensohn wrote:
> > Hi!
> >
> > I don't use MS products at all, so I have very little knowledge with them,
> > but I believe Microsoft has as protocol where Internet Explorer can
> > automatically authenticate against an IIS server, and given that the server
> > and client are on the same NT domain, and the client user is logged in to
> > that domain, the user is automatically logged in without the need to give
> > away the password one more time to the webserver.
> Squid + ntlm-auth can handle the SPNEGO protocol. 

Sorry, Squid only handles NTLMSSP.  SPNEGO is not defined for HTTP
proxies, but it's guessed that Microsoft will eventually implement it,
and I hope to get Mozilla/Squid there first (it would dramatically
decrease the authentication load on a proxy).

> If you want this from Apache 
> you should check out www.vintela.com.

For NTLMSSP, which is all you need in the intranet, then my preference
is mod_ntlm_winbind: 

I have SPNEGO support there too, and by hook or by crook, we will have a
Samba helper to support this shortly (I have some work commitments that
require it).  This may be by means of Samba4 or work on the more cludgy
Samba3 SPNEGO helper (both are exposed via ntlm_auth).

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041025/1214a6fb/attachment.bin

More information about the samba mailing list