Mailinglist Archive: opensuse (1695 mails)

< Previous Next >
Re: [opensuse] OpenSUSE 11.0, Windows AD and LDAP
  • From: Moby <moby@xxxxxxxxxxxxxx>
  • Date: Thu, 18 Sep 2008 16:01:18 -0500
  • Message-id: <48D2C19E.7090101@xxxxxxxxxxxxxx>


Roger Oberholtzer wrote:

On Sep 17, 2008, at 11:12 PM, Lars Müller wrote:

On Wed, Sep 17, 2008 at 10:04:18PM +0200, Roger Oberholtzer wrote:

I guess it had to come to this. I have gotten Linux login authentication
working against the local Windows AD. I would next like to get apache
authentication working in a similar fashion. In reading the docs on this,
the first obvious thing I do not know is the user and password needed
for accessing the AD server when doing the authentication. This must
exist somewhere, as openSUSE is doing this. I joined the AD via YAST.
So, I am guessing, this information exists somewhere on my system.

You need a fitting mod_* module for Apache. There are two ways.

a) apache2-mod_auth_ntlm_winbind
b) apache2-mod_auth_kerb

I've used a) in the past but had some trouble with keepalive and https.
This is generic and known.

Therfore I appreciate if any reports sucess with apache2-mod_auth_kerb.

I was looking at this description:

http://blog.chadwestfall.com/2007/11/subversion-apache-active-directory.html

and

http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_with_microsoft_active_directory/

Both use mod_ldap and mod_authnz_ldap

In fact, I found the second link after my post. But both show that you need to define
AuthLDAPBindPassword. In the Apache docs (http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html#authldapbindpassword)
they say this is only needed if you need to search the directory. Is logging in a
directory search? Geesh.

Of course, I do not need to use LDAP. I am 'only' after authentication in other places than
login/PAM against the AD that I joined via Yast.

I will be playing with this. But as I do not have any authority over the AD, and
needed a user/password to allow my machine to be added, I don't have
high hopes. But I will surely give it a good try!

--

Roger Oberholtzer

OPQ Systems / Ramböll RST

Ramböll Sverige AB
Kapellgränd 7
P.O. Box 4205
SE-102 65 Stockholm, Sweden

Office: Int +46 8-615 60 20
Mobile: Int +46 70-815 1696

And remember:

It is RSofT and there is always something under construction.
It is like talking about large city with all constructions finished.
Not impossible, but very unlikely.


I do it using pwauth through pam winbind - works great against AD.

--
--Moby

They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety. -- Benjamin Franklin


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups