[Samba] samba/winbind/apache/sso question

[Rowland penny]

On 30/06/16 18:30, Turner,Jonas wrote:
> I have been trying to get SSO to work correctly with the following packages, and I appear I am missing something and I was wondering if anyone can help me or point me in the right direction?
>
> I am currently using the "auth_ntlm_winbind_module" for apache to try and authenticate and was hoping to get SSO to work.
>
> I have gone through all the steps on SEVERAL sites trying to figure out how to auth to the website if the user is in the domain.
> Steps Taken:
>
> ·         Added the server running Apache (2.2.15) to the domain
>
> ·         Can see the server name in AD
>
> ·         Can use "wbinfo -t" and get the following "checking the trust secret for domain DOMAINSERVER via RPC calls succeeded"
>
> ·         Can use "wbinfo -n username" and it returns me the SID_USER
>
> When I go to the website using the config below, I go to the website but I am being prompted for credentials.  I enter my AD credentials (tried several accounts), it allows me to authenticate and I am shown the page.  It appears it's checking to see if the user is authenticated to access the page, but curious on why I can't get SSO to work automatically.
>
> Any help or suggestions would be great!
>
> Thanks!
>
> LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so
> <Directory "/var/www/html/test">
> Options ExecCGI
> AllowOverride None
> Order allow,deny
> Allow from all
> AuthName "NTLM Authentication"
> AuthType NTLM
> Require valid-user
> NTLMAuth on
> NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
> NTLMBasicAuthoritative on
> NegotiateAuth on
> </Directory>
>
> Jonas Turner │ Security Analyst II
> Ph: 419.254.4890│Fax: 419.252.5557
> E-mail:  joturner at hcr-manorcare.com<mailto:joturner at hcr-manorcare.com>
>
>
>

Have you tried reading this wiki page: 
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory

Rowland