[Samba] Authenticating Apache Against Active Directory

Nico Kadel-Garcia nkadel at gmail.com
Tue May 12 06:31:34 MDT 2015

On Mon, May 11, 2015 at 11:24 AM, James <lingpanda101 at gmail.com> wrote:
> Hello,
>     Using Nagios on Ubuntu 14.04.1 LTS. I'm attempting to authenticate
> users against Samba 4.2.1. When I edit 'apache2.conf' with
> <Directory />
>         Options FollowSymLinks
>         AllowOverride None
>         Require all granted
>         Allow from all
>         AuthName "AD authentication"
>         AuthBasicProvider ldap
>         AuthType Basic
>         AuthLDAPGroupAttribute member
>         AuthLDAPGroupAttributeIsDN On
>         AuthLDAPURL
> ldap://dc1.domain.local/,dc=domain?sAMAccountName?sub?(objectClass=*)
>         AuthLDAPBindDN cn=apache-connect,cn=Users,domain
>         AuthLDAPBindPassword password
>         require ldap-group cn=Nagios-Admins,cn=Users,domain

Why are you bothering to use anything outside of Kerberos? Very few
web projects actually need any group, uid, or other information and
are much simplified by simply relying in the inherent Kerberos of a
modern Samba server or AD based service. It also helps eliminate any
need for LDAP credentials with which to issue LDAP queries, and lends
itself much more easily to genuine "single-sign-on" solutions.

                        Nico Kadel-Garcia

More information about the samba mailing list