UbuntuHelp:LinuxApache2ActiveDirectoryAuthentication
来自Ubuntu中文
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
The goal here is to setup an Apache server so that it will authenticate any user that connects to it with a separately configured Windows Active Directory server.
目录
Pre-requisite Services
This approach entails making use of winbind as the under laying windows authentication mechanism. That needs to already be configured and working. The wiki page regarding setting up Samba for Active Directory Authentication sufficiently covers setting that up.
Pre-requisite Packages
This approach (as has been used on Hellboy) entails apache using the PAM for it's authentication. Thus PAM needs to be aware of apache. Thus one must install "libapache2-mod-auth-pam" (as the package is called for Ubuntu 8.04). Installing that pam module should enable pam for Apache2 (can check in /etc/apache2/mods-enabled).
Config
/etc/pam.d/apache2
As of Ubuntu 8.04, the defaults for this file worked sufficiently well. The file should look like:
@include common-auth @include common-account
/etc/apache2/sites-available/default
Note of course that "default" is the default virtual host file and therefore those of us enjoying apache's awesome Virtual Host abilities can apply this authentication to our various virtual host config files as well. Under the <Directory [something]> section of your choice (I used <Directory />) add/change to the following lines:
AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user
Reload the Apache config
sudo /etc/init.d/apache2 reload
Done
That's all folks - should now be working. Of course watch /var/log/apache2/error.log for any awesome error messages should you find yourself stuck.
References
Appendix
My /etc/apache2/sites-available/default looks like:
NameVirtualHost * <VirtualHost *> ServerAdmin webmaster@localhost ServerName www ServerAlias www.example.local DocumentRoot /var/www/ <Directory /> AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user Options FollowSymLinks AllowOverride None </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost>