[Samba] samba/winbind/apache/sso question

Turner,Jonas JOTURNER at hcr-manorcare.com
Thu Jun 30 17:30:31 UTC 2016

I have been trying to get SSO to work correctly with the following packages, and I appear I am missing something and I was wondering if anyone can help me or point me in the right direction?

I am currently using the "auth_ntlm_winbind_module" for apache to try and authenticate and was hoping to get SSO to work.

I have gone through all the steps on SEVERAL sites trying to figure out how to auth to the website if the user is in the domain.
Steps Taken:

·         Added the server running Apache (2.2.15) to the domain

·         Can see the server name in AD

·         Can use "wbinfo -t" and get the following "checking the trust secret for domain DOMAINSERVER via RPC calls succeeded"

·         Can use "wbinfo -n username" and it returns me the SID_USER

When I go to the website using the config below, I go to the website but I am being prompted for credentials.  I enter my AD credentials (tried several accounts), it allows me to authenticate and I am shown the page.  It appears it's checking to see if the user is authenticated to access the page, but curious on why I can't get SSO to work automatically.

Any help or suggestions would be great!


LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so
<Directory "/var/www/html/test">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "NTLM Authentication"
AuthType NTLM
Require valid-user
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
NegotiateAuth on

Jonas Turner │ Security Analyst II
Ph: 419.254.4890│Fax: 419.252.5557
E-mail:  joturner at hcr-manorcare.com<mailto:joturner at hcr-manorcare.com>

More information about the samba mailing list