[Samba] Authenticating Apache Against Active Directory
Nico Kadel-Garcia
nkadel at gmail.com
Tue May 12 06:31:34 MDT 2015
On Mon, May 11, 2015 at 11:24 AM, James <lingpanda101 at gmail.com> wrote:
> Hello,
>
> Using Nagios on Ubuntu 14.04.1 LTS. I'm attempting to authenticate
> users against Samba 4.2.1. When I edit 'apache2.conf' with
>
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Require all granted
> Allow from all
> AuthName "AD authentication"
> AuthBasicProvider ldap
> AuthType Basic
> AuthLDAPGroupAttribute member
> AuthLDAPGroupAttributeIsDN On
> AuthLDAPURL
> ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*)
> AuthLDAPBindDN cn=apache-connect,cn=Users,domain
> AuthLDAPBindPassword password
> require ldap-group cn=Nagios-Admins,cn=Users,domain
Why are you bothering to use anything outside of Kerberos? Very few
web projects actually need any group, uid, or other information and
are much simplified by simply relying in the inherent Kerberos of a
modern Samba server or AD based service. It also helps eliminate any
need for LDAP credentials with which to issue LDAP queries, and lends
itself much more easily to genuine "single-sign-on" solutions.
Nico Kadel-Garcia
More information about the samba
mailing list