Adam H. Lewenberg
2004-Feb-09 18:40 UTC
[Samba] Samba authentication against an NT group in Apache
We would like to have our Apache Linux-based web server use our existing NT domain to authenticate some of our web pages. We are using the Apache module mod_auth_pam to use pam-based authentication and then the winbind pam module to do the actual authentication. We have gotten to the point where we can authenticate using NT _users_, but we have not been able to authenticate using _groups_. For example, we can restrict a web page so that only the NT user "joeuser" can gain access to the page, but we have been unable to configure Apache so that any user of the NT group "SpecialAccess" (of which joeuser is a member) can gain access but no one else. Here is the .htaccess file we used to try to do this: ########################## AuthPAM_Enabled On AuthPAM_FallThrough Off AuthAuthoritative Off AuthType Basic AuthName "test" require group "OURNTDOMAIN\SpecialAccess" ########################## Apache generates the following error: ########################## [Mon Feb 02 16:20:40 2004] [crit] [client 130.126.35.93] configuration error: couldn't check access. No groups file?: /grouptest/index.html ########################## Here are some more details on our setup: --------------------------------------- Linux Redhat Enterprise Linux 3 Samba Version 3.0.0-14.3E Apache 2.0.46 mod_pam_auth 2.0-1.1.1 The configuration file that mod_auth_pam uses is called /etc/pam.d/httpd and contains the lines ########################## auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so ########################## The samba configuration file contains these lines: ########################## [global] workgroup = OURNTDOMAIN encrypt passwords = yes security = domain password server = pdccontroller1 winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes Any ideas or suggestions are very welcome. Thank you. Alan L.
Possibly Parallel Threads
- Samba authentication against an NT group in Apache
- Agile Web Dev unit test fails with fixture instance variable
- Apache auth failing for Active Directory group members
- [Fwd: Apache auth failing for Active Directory group members]
- Centos 5 pam system-auth changes?
Wisdom of the Ancients
