Difference between revisions of "Configuration/Authentication Settings/Active Directory (with NTLM)"

From Davical
Jump to navigationJump to search
Line 23: Line 23:
  
 
To compile the mod_ntlm module;
 
To compile the mod_ntlm module;
# Edit smbval/smblib.inc.c (basically remover "static" from lines 25,26 and 35)
+
1. Edit '''smbval/smblib.inc.c''' (basically remover "static" from lines 25,26 and 35)
 
  diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c
 
  diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c
 
  25,26c25,26
 
  25,26c25,26
Line 35: Line 35:
 
  ---
 
  ---
 
  > SMB_State_Types SMBlib_State;
 
  > SMB_State_Types SMBlib_State;
# Edit the Makefile (change mod_ntlm.so to mod_ntlm.la)
+
2. Edit the '''Makefile''' (change mod_ntlm.so to mod_ntlm.la)
 
  diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile
 
  diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile
 
  20c20
 
  20c20
Line 41: Line 41:
 
  ---
 
  ---
 
  >      $(APXS) -i -a -n 'ntlm' mod_ntlm.la
 
  >      $(APXS) -i -a -n 'ntlm' mod_ntlm.la
# Finally edit mod_ntlm.c
+
3. Finally edit '''mod_ntlm.c'''
 
  diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c
 
  diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c
 
  590c590,596
 
  590c590,596
Line 53: Line 53:
 
  >      */
 
  >      */
 
  >    apr_pool_create_ex(&sp,p,NULL,NULL);
 
  >    apr_pool_create_ex(&sp,p,NULL,NULL);
 +
 +
After doing these edits, the standard "make" and "make install" should run without mishap.
 +
 +
===Apache Configuration===
 +
Now that mod_ntlm has been installed we need to configure Apache to use the module.
 +
Add the following to the file '''site-available/default'''
 +
 +
AuthType NTLM
 +
NTLMAuth on
 +
NTLMAuthoritative on
 +
NTLMDomain lhl.co.nz
 +
NTLMServer dc1.mydomain.com
 +
NTLMBackup dc2.mydomain.com
 +
Require valid-user
 +
Satisfy all

Revision as of 04:10, 26 February 2008

To make DAViCal authenticate from Active Directory please read Configuration/AD first.

This page takes off from where Configuration/AD leaves off. If you have completed the previous sections you are now able to use AD to authenticate your users, but the users much provide authentication credentials each time the DAViCal server is accessed. In the page we discuss how to use mod_ntlm to create an SSO environment so that the client obtains the authentication information using the NTLM protocal.

(Please note that though the NTLMv3 protocal is considered fairly secure, the implementation described here is only marginally so. Consider using only within a secure environment such as a firewall protected LAN.)

mod_ntlm

mod_ntlm is a non-standard Apache module to allow Apache to perform NTLM authentication. The module can be obtained at the following: mod_ntlm.

The module is a bit old and will not compile according to the included instructions at the time of this writing (Feb 26, 2008).

Based on instructions found at Ntlm Authentication I was able to compile the module.

At this point let me review my environment just in case and for reference;

  • Ubuntu 7.10 Gutsy
  • Apache2.2
  • DAViCal 0.9.4
  • PostgreSQL 8.2
  • PHP5
  • mod_ntlm 2.0.1

To compile the mod_ntlm module; 1. Edit smbval/smblib.inc.c (basically remover "static" from lines 25,26 and 35)

diff -r mod_ntlm2-0.1/smbval/smblib.inc.c mod_ntlm2-0.1-fixed/smbval/smblib.inc.c
25,26c25,26
< static int SMBlib_errno;
< static int SMBlib_SMB_Error;
---
> int SMBlib_errno;
> int SMBlib_SMB_Error;
35c35
< static SMB_State_Types SMBlib_State;
---
> SMB_State_Types SMBlib_State;

2. Edit the Makefile (change mod_ntlm.so to mod_ntlm.la)

diff -r mod_ntlm2-0.1/Makefile mod_ntlm2-0.1-fixed/Makefile
20c20
<       $(APXS) -i -a -n 'ntlm' mod_ntlm.so
---
>       $(APXS) -i -a -n 'ntlm' mod_ntlm.la

3. Finally edit mod_ntlm.c

diff -r mod_ntlm2-0.1/mod_ntlm.c mod_ntlm2-0.1-fixed/mod_ntlm.c
590c590,596
<     apr_pool_sub_make(&sp,p,NULL);
---
>     /*
>      * apr_pool_sub_make(&sp,p,NULL);
>      *
>      * This function call is not longer available with apache 2.2
>      * Try replacing it with apr_pool_create_ex()
>      */
>     apr_pool_create_ex(&sp,p,NULL,NULL);

After doing these edits, the standard "make" and "make install" should run without mishap.

Apache Configuration

Now that mod_ntlm has been installed we need to configure Apache to use the module. Add the following to the file site-available/default

AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain lhl.co.nz
NTLMServer dc1.mydomain.com
NTLMBackup dc2.mydomain.com
Require valid-user
Satisfy all