Palle Girgensohn
2004-Oct-22 16:50 UTC
[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?
Hi! I don't use MS products at all, so I have very little knowledge with them, but I believe Microsoft has as protocol where Internet Explorer can automatically authenticate against an IIS server, and given that the server and client are on the same NT domain, and the client user is logged in to that domain, the user is automatically logged in without the need to give away the password one more time to the webserver. What is happening between the web server & the web client? Is the protocol open or reverse engineered? Can this authentication be done using apache @ unix (perhaps by apache interacting with samba somehow)? Any ideas or links to more info about this would be much appreciated. Thanks! /Palle
Adam Tauno Williams
2004-Oct-22 18:29 UTC
[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?
> I don't use MS products at all, so I have very little knowledge with them, > but I believe Microsoft has as protocol where Internet Explorer can > automatically authenticate against an IIS server, and given that the server > and client are on the same NT domain, and the client user is logged in to > that domain, the user is automatically logged in without the need to give > away the password one more time to the webserver.You're talking about NTLM.> What is happening between the web server & the web client? Is the protocol > open or reverse engineered? Can this authentication be done using apache @ > unix (perhaps by apache interacting with samba somehow)?On the server side - yes, even current versions of SASL support NTLM.> Any ideas or links to more info about this would be much appreciated.On the UNIX/LINUX client side I think your stuck; nothing I've found supports it. If you in an AD domain or Kerberos environment you can probably do the same thing with GSSAPI.
John H Terpstra
2004-Oct-22 19:11 UTC
[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?
On Friday 22 October 2004 10:49, Palle Girgensohn wrote:> Hi! > > I don't use MS products at all, so I have very little knowledge with them, > but I believe Microsoft has as protocol where Internet Explorer can > automatically authenticate against an IIS server, and given that the server > and client are on the same NT domain, and the client user is logged in to > that domain, the user is automatically logged in without the need to give > away the password one more time to the webserver.Squid + ntlm-auth can handle the SPNEGO protocol. If you want this from Apache you should check out www.vintela.com. -- John T.> > What is happening between the web server & the web client? Is the protocol > open or reverse engineered? Can this authentication be done using apache @ > unix (perhaps by apache interacting with samba somehow)? > > Any ideas or links to more info about this would be much appreciated. > Thanks! > > /Palle-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production.
Possibly Parallel Threads
- automatically authenticate domain logged-on users ina pache with AD/NTDOM?
- samba-des has bad performance
- fxp0: device timeout | SCB already complete (me too)
- 2.0.4, still oplock_break failures
- Ldapsearch against Samba AD returns records outside the search base