Configuring Apache 2.2 to authenticate users against an NT PDC

Written by NickWal

This post demonstrates how to authenticate Apache 2.2 web users against a Windows NT or Windows 2000 Domain using the PAM module pam_smb instead of perl. This is also useful if, for example, you want to use linux /etc/groups to control access or you do not want to enable perl in your Apache installation

These instructions are for Apache 2.2 - the authentication is slightly different in Apache 2.2, and requires a few extra lines in th httpd.conf which are not needed in Apache 2.0

You will need:

Tested using Gentoo Linux: http://www.gentoo.org/

Configure and install pam_smb

Note pam_smb has a daemon which must be running in order for authentication to occur. pam_smb has one configuration file /etc/pam_smb.conf which contains two lines

<<DOMAINNAME>>  
<<IPOFDOMAINCONTROLLER>>

To run the pam_smb daemon and ensure it starts at bootup use:

rc-update add pamsmbd default  
/etc/init.d pamsmbd start

Configure mod_auth_pam

create the file: /etc/pam.d/apache2

#%PAM-1.0  
auth        required     pam_smb_auth.so debug  
account     include     system-auth  
session     include     system-auth

Configure Apache Virtual Hosts

Inside httpd.conf or similar (such as /etc/apache2/vhosts.d/00_default_vhost.conf)

  
               AuthPAM_Enabled on  
               AuthPAM_FallThrough off  
               AuthBasicAuthoritative Off  
               AuthUserFile /dev/null  
               AuthType Basic  
               AuthName "MyApacheWeb"  
               Require group webuser  
Posted By: Admin;) on Nov 13, 2007 09:35PM Category:PAM SMB Add Comment