The goal here is to setup an Apache server so that it will authenticate any user that connects to it with a separately configured Windows Active Directory server.
This approach entails making use of winbind as the under laying windows authentication mechanism. That needs to already be configured and working. The wiki page regarding setting up Samba for Active Directory Authentication sufficiently covers setting that up. Also, note that this is performed using PAM. The PAM module for Apache has apparently fallen out of development. As such, one may wish to make use of Kerberos Authentication. The ADAuthentication page referenced above will get you setup to also go with the Kerberos approach.
This approach entails apache using the PAM for it's authentication. Thus PAM needs to be aware of apache. Thus one must install "libapache2-mod-auth-pam" (as the package is called for Ubuntu 8.04).
sudo apt-get install libapache2-mod-auth-pam
Installing that pam module should enable pam for Apache2 (can check in /etc/apache2/mods-enabled).
As of Ubuntu 8.04, the defaults for this file worked sufficiently well. The file should look like:
@include common-auth @include common-account
Note of course that "default" is the default virtual host file and therefore those of us enjoying apache's awesome Virtual Host abilities can apply this authentication to our various virtual host config files as well.
Under the <Directory [something]> section of your choice (I used <Directory />) add/change to the following lines:
AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user
Reload the Apache config
sudo /etc/init.d/apache2 reload
That's all folks - should now be working. Of course watch /var/log/apache2/error.log for any awesome error messages should you find yourself stuck.
My /etc/apache2/sites-available/default looks like:
NameVirtualHost * <VirtualHost *> ServerAdmin webmaster@localhost ServerName www ServerAlias www.example.local DocumentRoot /var/www/ <Directory /> AuthType basic AuthName "Recall - HTTP is NOT HTTPS" AuthPAM_Enabled on AuthBasicAuthoritative off Require valid-user Options FollowSymLinks AllowOverride None </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost>