Apache Webserver - Domain Controller Authentication
One of the huge annoyances at work is every internal system having it’s own user database, apache webservers being no exception. In light of this I figured out how to get apache to authenticate against an active directory domain using samba, winbind, and pam.
At this point I’ll assume that winbind/samba are both already configured and working properly.
You can test this using wbinfo -g, which should list all domain groups:
[root@felix ericb]# wbinfo -g|more BUILTIN\System Operators BUILTIN\Replicators BUILTIN\Guests BUILTIN\Power Users BUILTIN\Print Operators BUILTIN\Administrators BUILTIN\Account Operators BUILTIN\Backup Operators BUILTIN\Users Domain Computers Domain Users Domain Guests ...etc...
- Install mod_auth_pam, which can be downloaded from http://pam.sourceforge.net/mod_auth_pam/
LoadModule auth_pam_module modules/mod_auth_pam.so
- Enable PAM authentication for each directory you want
Options +Indexes +FollowSymLinks AuthType Basic AuthName "LIONIMTS" AuthPAM_Enabled on require valid-user Order deny,allow - Edit /etc/pam.d/httpd so it looks as follows:
#%PAM-1.0 auth required /lib/security/pam_winbind.so account required pam_permit.so
Note: On my Gentoo systems this file was called /etc/pam.d/apache2.
- Restart apache, everything should be a go!
Categorized as Technology, Me/Work