The goal here is to setup an Apache server so that it will authenticate any user that connects to it with a separately configured Windows Active Directory server.

Pre-requisite Services

This approach entails making use of winbind as the under laying windows authentication mechanism. That needs to already be configured and working. The wiki page regarding setting up Samba for Active Directory Authentication sufficiently covers setting that up. Also, note that this is performed using PAM. The PAM module for Apache has apparently fallen out of development. As such, one may wish to make use of Kerberos Authentication. The ADAuthentication page referenced above will get you setup to also go with the Kerberos approach.

Pre-requisite Packages

This approach entails apache using the PAM for it's authentication. Thus PAM needs to be aware of apache. Thus one must install "libapache2-mod-auth-pam" (as the package is called for Ubuntu 8.04).

sudo apt-get install libapache2-mod-auth-pam

Installing that pam module should enable pam for Apache2 (can check in /etc/apache2/mods-enabled).



As of Ubuntu 8.04, the defaults for this file worked sufficiently well. The file should look like:

@include common-auth
@include common-account


Note of course that "default" is the default virtual host file and therefore those of us enjoying apache's awesome Virtual Host abilities can apply this authentication to our various virtual host config files as well.

Under the <Directory [something]> section of your choice (I used <Directory />) add/change to the following lines:

                AuthType basic
                AuthName "Recall - HTTP is NOT HTTPS"
                AuthPAM_Enabled on
                AuthBasicAuthoritative off 
                Require valid-user

Reload the Apache config

sudo /etc/init.d/apache2 reload


That's all folks - should now be working. Of course watch /var/log/apache2/error.log for any awesome error messages should you find yourself stuck.


* Rather Helpful Post * The initial helpful bread crumb


My /etc/apache2/sites-available/default looks like:

NameVirtualHost *
<VirtualHost *>
        ServerAdmin webmaster@localhost
        ServerName www
        ServerAlias www.example.local
        DocumentRoot /var/www/

        <Directory />
                AuthType basic
                AuthName "Recall - HTTP is NOT HTTPS"
                AuthPAM_Enabled on
                AuthBasicAuthoritative off
                Require valid-user

                Options FollowSymLinks
                AllowOverride None
        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On


CategorySystem CategoryInstallation CategoryInternet

LinuxApache2ActiveDirectoryAuthentication (last edited 2011-04-09 01:16:48 by D9784B24)