||<>|| The goal here is to setup an Apache server so that it will authenticate any user that connects to it with a separately configured Windows Active Directory server. = Pre-requisite Services = This approach entails making use of winbind as the under laying windows authentication mechanism. That needs to already be configured and working. The [[ADAuthentication | wiki page]] regarding setting up Samba for Active Directory Authentication sufficiently covers setting that up. Also, note that this is performed using PAM. The PAM module for Apache has apparently fallen out of development. As such, one may wish to make use of Kerberos Authentication. The ADAuthentication page referenced above will get you setup to also go with the [[ApacheAuthViaKerberos | Kerberos approach]]. = Pre-requisite Packages = This approach entails apache using the PAM for it's authentication. Thus PAM needs to be aware of apache. Thus one must install "libapache2-mod-auth-pam" (as the package is called for Ubuntu 8.04). {{{ sudo apt-get install libapache2-mod-auth-pam }}} Installing that pam module should enable pam for Apache2 (can check in /etc/apache2/mods-enabled). = Config = == /etc/pam.d/apache2 == As of Ubuntu 8.04, the defaults for this file worked sufficiently well. The file should look like: {{{ @include common-auth @include common-account }}} == /etc/apache2/sites-available/default == Note of course that "default" is the default virtual host file and therefore those of us enjoying apache's awesome Virtual Host abilities can apply this authentication to our various virtual host config files as well. Under the section of your choice (I used '''''') add/change to the following lines: {{{ AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user }}} = Reload the Apache config = {{{ sudo /etc/init.d/apache2 reload }}} = Done = That's all folks - should now be working. Of course watch /var/log/apache2/error.log for any awesome error messages should you find yourself stuck. = References = * [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412981 | Rather Helpful Post]] * [[http://svn.haxx.se/users/archive-2005-03/0068.shtml | The initial helpful bread crumb]] = Appendix = My '''/etc/apache2/sites-available/default''' looks like: {{{ NameVirtualHost * ServerAdmin webmaster@localhost ServerName www ServerAlias www.example.local DocumentRoot /var/www/ AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user Options FollowSymLinks AllowOverride None ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On }}} ---- CategorySystem CategoryInstallation CategoryInternet