On Sep 17, 2008, at 11:12 PM, Lars Müller wrote:
On Wed, Sep 17, 2008 at 10:04:18PM +0200, Roger Oberholtzer wrote:
I guess it had to come to this. I have gotten Linux login authentication working against the local Windows AD. I would next like to get apache authentication working in a similar fashion. In reading the docs on this, the first obvious thing I do not know is the user and password needed for accessing the AD server when doing the authentication. This must exist somewhere, as openSUSE is doing this. I joined the AD via YAST. So, I am guessing, this information exists somewhere on my system.
You need a fitting mod_* module for Apache. There are two ways.
a) apache2-mod_auth_ntlm_winbind b) apache2-mod_auth_kerb
I've used a) in the past but had some trouble with keepalive and https. This is generic and known.
Therfore I appreciate if any reports sucess with apache2- mod_auth_kerb.
I was looking at this description: http://blog.chadwestfall.com/2007/11/subversion-apache-active-directory.html and http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_w... Both use mod_ldap and mod_authnz_ldap In fact, I found the second link after my post. But both show that you need to define AuthLDAPBindPassword. In the Apache docs (http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html#authldapbindpassword ) they say this is only needed if you need to search the directory. Is logging in a directory search? Geesh. Of course, I do not need to use LDAP. I am 'only' after authentication in other places than login/PAM against the AD that I joined via Yast. I will be playing with this. But as I do not have any authority over the AD, and needed a user/password to allow my machine to be added, I don't have high hopes. But I will surely give it a good try! -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Kapellgränd 7 P.O. Box 4205 SE-102 65 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org