-
-
Notifications
You must be signed in to change notification settings - Fork 18
NTLM support
epicmonkey edited this page May 27, 2015
·
4 revisions
- Update /etc/nsswitch:
- Add realm to /etc/krb.conf
- Update samba config
- Join domain: net ads join -U
- Ensure wbinfo -t returns: "checking the trust secret for domain via RPC calls succeeded."
- Add NTLM module to httpd (or nginx) and use it as a reverse proxy.
- Change Pepyatka "remoteUser" config option from "false" to "true".
Example configuration for httpd below:
LoadModule auth_ntlm_winbind_module modules/mod_auth_ntlm_winbind.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
<VirtualHost *:80>
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
AuthType NTLM
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set X-Remote-User "%{RU}e" env=RU
</Location>
</VirtualHost>