https://wiki.davical.org/api.php?action=feedcontributions&user=122.216.67.155&feedformat=atomDavical - User contributions [en]2024-03-28T22:56:04ZUser contributionsMediaWiki 1.40.1https://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/Active_Directory_(with_NTLM)&diff=1551Configuration/Authentication Settings/Active Directory (with NTLM)2008-02-26T08:16:29Z<p>122.216.67.155: </p>
<hr />
<div>To make DAViCal authenticate from Active Directory please read [[Configuration/AD]] first.<br />
<br />
This page takes off from where [[Configuration/AD]] leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.<br />
<br />
Please note that though the NTLMv3 protocal is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure <br />
environment such as a firewall protected LAN.<br />
<br />
Please also note that doing all this may '''NOT''' be worth the effort if your client of choice does not support NTLM. <br />
<br />
At the time of writing (Feb 26, 2008) the following have been confirmed to work;<br />
* IE6<br />
* Firefox2 (See the end of Apache Configuration below for how to get NTLM working on Firefox)<br />
* Lightning0.7 (Calendar Add-in for Thunderbird)<br />
<br />
<br />
===mod_ntlm===<br />
<br />
mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: [http://modntlm.sourceforge.net/ mod_ntlm].<br />
<br />
The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).<br />
<br />
Based on instructions found at [http://wiki.bestpractical.com/view/NtlmAuthentication Ntlm Authentication] I was able to compile the module. <br />
<br />
At this point let me review my environment just in case and for reference;<br />
* Ubuntu 7.10 Gutsy<br />
* Apache2.2<br />
* DAViCal 0.9.4<br />
* PostgreSQL 8.2<br />
* PHP5<br />
* mod_ntlm 2.0.1<br />
<br />
To compile the mod_ntlm module;<br />
<br />
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)<br />
diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c<br />
25,26c25,26<br />
< static int SMBlib_errno;<br />
< static int SMBlib_SMB_Error;<br />
---<br />
> int SMBlib_errno;<br />
> int SMBlib_SMB_Error;<br />
35c35<br />
< static SMB_State_Types SMBlib_State;<br />
---<br />
> SMB_State_Types SMBlib_State;<br />
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)<br />
diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile<br />
20c20<br />
< $(APXS) -i -a -n 'ntlm' mod_ntlm.so<br />
---<br />
> $(APXS) -i -a -n 'ntlm' mod_ntlm.la<br />
3. Finally edit '''mod_ntlm.c'''<br />
diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c<br />
590c590,596<br />
< apr_pool_sub_make(&sp,p,NULL);<br />
---<br />
> /*<br />
> * apr_pool_sub_make(&sp,p,NULL);<br />
> *<br />
> * This function call is not longer available with apache 2.2<br />
> * Try replacing it with apr_pool_create_ex()<br />
> */<br />
> apr_pool_create_ex(&sp,p,NULL,NULL);<br />
<br />
After doing these edits, the standard "make" and "make install" should run without mishap.<br />
<br />
===Apache Configuration===<br />
Now that mod_ntlm has been installed we need to configure Apache to use the module.<br />
Add the following to the file '''site-available/default''';<br />
<br />
AuthType NTLM<br />
NTLMAuth on<br />
NTLMAuthoritative on<br />
NTLMDomain mydomain.com<br />
NTLMServer dc1.mydomain.com<br />
NTLMBackup dc2.mydomain.com<br />
Require valid-user<br />
Satisfy all<br />
<br />
The above should be within the <directory> directive. Now restart your Apache Daemon.<br />
<br />
Now your Apache web server should be running NTLM authentication. Here's a test PHP page you can try to see if it is working.<br />
<br />
<?php<br />
echo "You have logged in as <nowiki><b></nowiki>". $_SERVER['REMOTE_USER']. "</b>";<br />
?><br />
<br />
If you see the page NTLM is working, if not you should get prompted to login.<br />
<br />
Note that if you are a Firefox user NTLM authentication is '''not''' enabled by default. To enable NTLM on Firefox;<br />
<br />
# Enter "about:config" at the address bar of your Firefox browser.<br />
# Type "ntlm" in the filter bar.<br />
# Double click on '''network.automatic-ntlm-auth.trusted-uris''' and enter the hostname of your DAViCal server here. (just the hostname, don't add "http://")<br />
<br />
===DAViCal===<br />
<br />
Now that Apache is setup for NTLM authentication, you need to setup DAViCal to do the same. This part is actually really simple.<br />
<br />
# Download the "drivers_ldap_sso.php" and "HTTPAuthSession.php" file from [http://sourceforge.net/tracker/index.php?func=detail&aid=1901804&group_id=179845&atid=890787 here].<br />
# Put the files in '''/usr/share/rsdcs/inc/'''. (The '''HTTPAuthSession.php''' will replace the original one so backing it up before-hand might be prudent.)<br />
# In your '''servername-conf.php''' file under '''/etc/davical''' replace the line ''''' include_once('drivers_ldap.php'); ''''' with '''''include_once('drivers_ldap_sso.php');'''''</div>122.216.67.155https://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/Active_Directory_(with_NTLM)&diff=1550Configuration/Authentication Settings/Active Directory (with NTLM)2008-02-26T08:00:09Z<p>122.216.67.155: </p>
<hr />
<div>To make DAViCal authenticate from Active Directory please read [[Configuration/AD]] first.<br />
<br />
This page takes off from where [[Configuration/AD]] leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.<br />
<br />
Please note that though the NTLMv3 protocal is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure <br />
environment such as a firewall protected LAN.<br />
<br />
Please also note that doing all this may '''NOT''' be worth the effort if your client of choice does not support NTLM. <br />
<br />
At the time of writing (Feb 26, 2008) the following have been confirmed to work;<br />
* IE6<br />
* Firefox2<br />
* Lightning0.7 (Calendar Add-in for Thunderbird)<br />
<br />
<br />
===mod_ntlm===<br />
<br />
mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: [http://modntlm.sourceforge.net/ mod_ntlm].<br />
<br />
The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).<br />
<br />
Based on instructions found at [http://wiki.bestpractical.com/view/NtlmAuthentication Ntlm Authentication] I was able to compile the module. <br />
<br />
At this point let me review my environment just in case and for reference;<br />
* Ubuntu 7.10 Gutsy<br />
* Apache2.2<br />
* DAViCal 0.9.4<br />
* PostgreSQL 8.2<br />
* PHP5<br />
* mod_ntlm 2.0.1<br />
<br />
To compile the mod_ntlm module;<br />
<br />
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)<br />
diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c<br />
25,26c25,26<br />
< static int SMBlib_errno;<br />
< static int SMBlib_SMB_Error;<br />
---<br />
> int SMBlib_errno;<br />
> int SMBlib_SMB_Error;<br />
35c35<br />
< static SMB_State_Types SMBlib_State;<br />
---<br />
> SMB_State_Types SMBlib_State;<br />
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)<br />
diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile<br />
20c20<br />
< $(APXS) -i -a -n 'ntlm' mod_ntlm.so<br />
---<br />
> $(APXS) -i -a -n 'ntlm' mod_ntlm.la<br />
3. Finally edit '''mod_ntlm.c'''<br />
diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c<br />
590c590,596<br />
< apr_pool_sub_make(&sp,p,NULL);<br />
---<br />
> /*<br />
> * apr_pool_sub_make(&sp,p,NULL);<br />
> *<br />
> * This function call is not longer available with apache 2.2<br />
> * Try replacing it with apr_pool_create_ex()<br />
> */<br />
> apr_pool_create_ex(&sp,p,NULL,NULL);<br />
<br />
After doing these edits, the standard "make" and "make install" should run without mishap.<br />
<br />
===Apache Configuration===<br />
Now that mod_ntlm has been installed we need to configure Apache to use the module.<br />
Add the following to the file '''site-available/default''';<br />
<br />
AuthType NTLM<br />
NTLMAuth on<br />
NTLMAuthoritative on<br />
NTLMDomain mydomain.com<br />
NTLMServer dc1.mydomain.com<br />
NTLMBackup dc2.mydomain.com<br />
Require valid-user<br />
Satisfy all<br />
<br />
The above should be within the <directory> directive. Now restart your Apache Daemon.<br />
<br />
Now your Apache web server should be running NTLM authentication. Here's a test PHP page you can try to see if it is working.<br />
<br />
<?php<br />
echo "You have logged in as <nowiki><b></nowiki>". $_SERVER['REMOTE_USER']. "</b>";<br />
?><br />
<br />
If you see the page NTLM is working, if not you should get prompted to login.<br />
<br />
Note that if you are a Firefox user NTLM authentication is '''not''' enabled by default. To enable NTLM on Firefox;<br />
<br />
# Enter "about:config" at the address bar of your Firefox browser.<br />
# Type "ntlm" in the filter bar.<br />
# Double click on '''network.automatic-ntlm-auth.trusted-uris''' and enter the hostname of your DAViCal server here. (just the hostname, don't add "http://")<br />
<br />
===DAViCal===<br />
<br />
Now that Apache is setup for NTLM authentication, you need to setup DAViCal to do the same. This part is actually really simple.<br />
<br />
# Download the "drivers_ldap_sso.php" and "HTTPAuthSession.php" file from [http://sourceforge.net/tracker/index.php?func=detail&aid=1901804&group_id=179845&atid=890787 here].<br />
# Put the files in '''/usr/share/rsdcs/inc/'''. (The '''HTTPAuthSession.php''' will replace the original one so backing it up before-hand might be prudent.)<br />
# In your '''servername-conf.php''' file under '''/etc/davical''' replace the line ''''' include_once('drivers_ldap.php'); ''''' with '''''include_once('drivers_ldap_sso.php');'''''</div>122.216.67.155https://wiki.davical.org/index.php?title=Configuration/Authentication_Settings/Active_Directory_(with_NTLM)&diff=1549Configuration/Authentication Settings/Active Directory (with NTLM)2008-02-26T06:24:19Z<p>122.216.67.155: </p>
<hr />
<div>To make DAViCal authenticate from Active Directory please read [[Configuration/AD]] first.<br />
<br />
This page takes off from where [[Configuration/AD]] leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.<br />
<br />
Please note that though the NTLMv3 protocal is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure <br />
environment such as a firewall protected LAN.<br />
<br />
Please also note that doing all this may '''NOT''' be worth the effort if your client of choice does not support NTLM. At the time of writing only accessing DAViCal through the IE browser and Firefox browser have been successfully tested.<br />
<br />
(Later testing has proven that the Lightning add-in for Thunderbird works well with NTLM authentication.)<br />
<br />
===mod_ntlm===<br />
<br />
mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: [http://modntlm.sourceforge.net/ mod_ntlm].<br />
<br />
The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).<br />
<br />
Based on instructions found at [http://wiki.bestpractical.com/view/NtlmAuthentication Ntlm Authentication] I was able to compile the module. <br />
<br />
At this point let me review my environment just in case and for reference;<br />
* Ubuntu 7.10 Gutsy<br />
* Apache2.2<br />
* DAViCal 0.9.4<br />
* PostgreSQL 8.2<br />
* PHP5<br />
* mod_ntlm 2.0.1<br />
<br />
To compile the mod_ntlm module;<br />
<br />
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)<br />
diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c<br />
25,26c25,26<br />
< static int SMBlib_errno;<br />
< static int SMBlib_SMB_Error;<br />
---<br />
> int SMBlib_errno;<br />
> int SMBlib_SMB_Error;<br />
35c35<br />
< static SMB_State_Types SMBlib_State;<br />
---<br />
> SMB_State_Types SMBlib_State;<br />
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)<br />
diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile<br />
20c20<br />
< $(APXS) -i -a -n 'ntlm' mod_ntlm.so<br />
---<br />
> $(APXS) -i -a -n 'ntlm' mod_ntlm.la<br />
3. Finally edit '''mod_ntlm.c'''<br />
diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c<br />
590c590,596<br />
< apr_pool_sub_make(&sp,p,NULL);<br />
---<br />
> /*<br />
> * apr_pool_sub_make(&sp,p,NULL);<br />
> *<br />
> * This function call is not longer available with apache 2.2<br />
> * Try replacing it with apr_pool_create_ex()<br />
> */<br />
> apr_pool_create_ex(&sp,p,NULL,NULL);<br />
<br />
After doing these edits, the standard "make" and "make install" should run without mishap.<br />
<br />
===Apache Configuration===<br />
Now that mod_ntlm has been installed we need to configure Apache to use the module.<br />
Add the following to the file '''site-available/default''';<br />
<br />
AuthType NTLM<br />
NTLMAuth on<br />
NTLMAuthoritative on<br />
NTLMDomain mydomain.com<br />
NTLMServer dc1.mydomain.com<br />
NTLMBackup dc2.mydomain.com<br />
Require valid-user<br />
Satisfy all<br />
<br />
The above should be within the <directory> directive. Now restart your Apache Daemon.<br />
<br />
Now your Apache web server should be running NTLM authentication. Here's a test PHP page you can try to see if it is working.<br />
<br />
<?php<br />
echo "You have logged in as <nowiki><b></nowiki>". $_SERVER['REMOTE_USER']. "</b>";<br />
?><br />
<br />
If you see the page NTLM is working, if not you should get prompted to login.<br />
<br />
Note that if you are a Firefox user NTLM authentication is '''not''' enabled by default. To enable NTLM on Firefox;<br />
<br />
# Enter "about:config" at the address bar of your Firefox browser.<br />
# Type "ntlm" in the filter bar.<br />
# Double click on '''network.automatic-ntlm-auth.trusted-uris''' and enter the hostname of your DAViCal server here. (just the hostname, don't add "http://")<br />
<br />
===DAViCal===<br />
<br />
Now that Apache is setup for NTLM authentication, you need to setup DAViCal to do the same. This part is actually really simple.<br />
<br />
# Download the "drivers_ldap_sso.php" and "HTTPAuthSession.php" file from [http://sourceforge.net/tracker/index.php?func=detail&aid=1901804&group_id=179845&atid=890787 here].<br />
# Put the files in '''/usr/share/rsdcs/inc/'''. (The '''HTTPAuthSession.php''' will replace the original one so backing it up before-hand might be prudent.)<br />
# In your '''servername-conf.php''' file under '''/etc/davical''' replace the line ''''' include_once('drivers_ldap.php'); ''''' with '''''include_once('drivers_ldap_sso.php');'''''</div>122.216.67.155https://wiki.davical.org/index.php?title=Installation_Stuff&diff=373Installation Stuff2008-02-26T04:11:18Z<p>122.216.67.155: /* Configuration of DAViCal */</p>
<hr />
<div>{{TOCright}}<br />
This page is kind of a table of contents for installation related details.<br />
<br />
== Installation Overview ==<br />
* [[Installation Guide Update]] <br />
* [[Installation Experiences]]<br />
* [[Installation Guide Update (Feb 2008)]]<br />
<br />
== Configuring Supporting Software ==<br />
* [[Apache Config]] <br />
* [[PHP Config]] <br />
* [[PostgreSQL Config]]<br />
* [[Nginx Config]] (unsupported)<br />
<br />
== Configuration of DAViCal ==<br />
* [[Configuration|DAViCal Config]] <br />
* [[Problems And Solutions]] <br />
* [[How Do Relationships Work]] <br />
* [[Configuration/LDAP|Config for LDAP]] <br />
* [[Configuration/AD|Config for Active Directory]]<br />
* [[Configuration/AD2|Config for Active Directory SSO(NTLM)]]<br />
* [[Configuration/Default Relationships]]<br />
<br />
== Distribution Specifics ==<br />
Also, notes regarding installation on different Linux or Unix distributions: <br />
* [[Debian]] (and Ubuntu, Mepis, Sidux ...) <br />
* [[RPM]] (Red Hat, Fedora, SuSE and other RPM based distributions <br />
* [[Gentoo]] <br />
* [[OpenBSD]] <br />
* [[FreeBSD]]<br />
* [[Windows With Apache]] <br />
<br />
If you are interested in contributing, you might want to look at [[Developer Setup]], or perhaps [[Translating DAViCal]] if you are interested in translating it.</div>122.216.67.155