[Samba] samba/winbind/apache/sso question

Turner,Jonas JOTURNER at hcr-manorcare.com
Thu Jun 30 17:55:38 UTC 2016 

I have.  The only issue is that we are using the Windows AD environment, so the "samba-tool" doesn't apply.  I wasn't for sure if anyone was able to get it to work without Kerberos.

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny
Sent: Thursday, June 30, 2016 1:45 PM
To: samba at lists.samba.org
Subject: Re: [Samba] samba/winbind/apache/sso question

On 30/06/16 18:30, Turner,Jonas wrote:
> I have been trying to get SSO to work correctly with the following packages, and I appear I am missing something and I was wondering if anyone can help me or point me in the right direction?
>
> I am currently using the "auth_ntlm_winbind_module" for apache to try and authenticate and was hoping to get SSO to work.
>
> I have gone through all the steps on SEVERAL sites trying to figure out how to auth to the website if the user is in the domain.
> Steps Taken:
>
> ·         Added the server running Apache (2.2.15) to the domain
>
> ·         Can see the server name in AD
>
> ·         Can use "wbinfo -t" and get the following "checking the trust secret for domain DOMAINSERVER via RPC calls succeeded"
>
> ·         Can use "wbinfo -n username" and it returns me the SID_USER
>
> When I go to the website using the config below, I go to the website but I am being prompted for credentials.  I enter my AD credentials (tried several accounts), it allows me to authenticate and I am shown the page.  It appears it's checking to see if the user is authenticated to access the page, but curious on why I can't get SSO to work automatically.
>
> Any help or suggestions would be great!
>
> Thanks!
>
> LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so
> <Directory "/var/www/html/test">
> Options ExecCGI
> AllowOverride None
> Order allow,deny
> Allow from all
> AuthName "NTLM Authentication"
> AuthType NTLM
> Require valid-user
> NTLMAuth on
> NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
> NTLMBasicAuthoritative on
> NegotiateAuth on
> </Directory>
>
> Jonas Turner │ Security Analyst II
> Ph: 419.254.4890│Fax: 419.252.5557
> E-mail:  joturner at hcr-manorcare.com<mailto:joturner at hcr-manorcare.com>
>
>
>

Have you tried reading this wiki page: 
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list