Automatically authenticating windows users on an apache/Linux server

If I wanna authenticate windows accounts to AD when a user browses to an apache-running site on a Linux server, here are the usual suspects:  

  • List item
  • mod_ntlm (which I used in a distant past) - last update on 2003
  • mod_auth_ntlm_winbind - last update on 04/2007
  • mod_auth_kerb - last update on 12/2008

No luck getting any of those to work with a recent, fully patched, windows 2000 AD server.

Do you have any clues as to a recipe that does work? 

-Peter

-- UPDATE

my current build environment is this:

  • OS: Ubuntu Lucid
  • Apache 2.2.14 (from repos)

the auth modules I recompiled from source.

Answers


Did you just try to drop binary modules onto an existing apache binary, or did you rebuild Apache and the modules from source on your system?

The last time I did this (admittedly 3+ years ago), I found a combination of Apache+mod_ntlm that worked, but I ended up using a less-than-current version of Apache, in order to match the version of mod_ntlm that I found. My conclusion at the time was that if I wanted current, I was going to have to rebuild Apache and mod_ntlm from source, and I didn't have the time to do that.

Unfortunately, that was two jobs ago, and I don't have access to the configuration details.


LDAP. Active Directory should speak the LDAP protocol well enough (although, I believe Novell's eDirectory sticks to the spec better) that you can use LDAP authentication setups to communicate with it. It'll be a lot easier than fussing around with the Windows-centric NTLM garbage.

See this site for an example: http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_with_microsoft_active_directory/

The other, likely costly option, is to invest in an identity manager product. Novell, Sun (now Oracle), and IBM all make one. I suspect that, unless you're designing something for a mid-size corporate project, you won't need these. But, they are an option to consider.


Need Your Help

how to keep server-side ReadTimeoutHandler in Netty from firing while server is preparing the response?

netty

since a server-side ReadTimeoutHandler in Netty doesn't know why the client isn't writing any data, it may happen that it throws a ReadTimeoutException while the server is still working on preparin...

Multiplication with juxtaposed terms in Jison?

javascript jison

I've recently been experimenting with Jison, and I thought I would try to create a grammar which is able to (at least partially) parse some math expressions.