1

I have a question. I have a site on apache2.2. I need provide this feature for client. When user which in active directory domain open the site that user must be login automatically.

Really i don't know how to do this stuff. Please help me. So if user in domain that this user must be login automatically and his nickname must be same as nickname in active directory. domain

ZigZag
  • 539
  • 1
  • 8
  • 19

3 Answers3

3

It actually is possible with NTLM authentication. You need the AuthenNTLM-plugin, which will authenticate a user using the Internet Explorer. An example syntax would be

<Location />
    PerlAuthenHandler Apache::AuthenNTLM 
    AuthType ntlm,basic
    AuthName test
    require valid-user

    #                    domain             pdc                bdc
    PerlAddVar ntdomain "name_domain1   name_of_pdc1"
    PerlAddVar ntdomain "other_domain   pdc_for_domain    bdc_for_domain"

    PerlSetVar defaultdomain wingr1
    PerlSetVar ntlmdebug 1
</Location>
## taken from the documentation

Please refer to the module documentation for more options and specific instructions on the setup - the above should get you started in the right direction.

On the client side, Internet Explorer and Firefox should be able to login automatically after some configuration (Firefox needing a bit of special care - which may be achieved by setting the configuration variables during deployment).

Lars
  • 5,757
  • 4
  • 25
  • 55
1

It can be done using Kerberos tickets. Apache has a module http://modauthkerb.sourceforge.net/

I suggest you to begin with reading how Kerberos works before jumping into module docs.

There's 2 prerequisites:

  • the site domain must be listed as local intranet on browser
  • you need to generate a key on AD server
ingvar harjaks
  • 106
  • 1
-3

You can't do this. Unless you're on an ancient Windows95-era Internet Explorer, which had the marvelously secure feature of sending your windows username/password to any site that was password protected, regardless of where that site was.

Browsers are NOT going to send your windows credentials automatically, and other than probably IE, no browser is going to have access to those credentials either.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • We actually provided that in our intranet since last year with WindowsXP-machines. – Lars Aug 19 '11 at 15:21
  • Nope, Firefox does support it as well: http://sivel.net/2007/05/firefox-ntlm-sso/ – Lars Aug 19 '11 at 15:28
  • FF really needs to stop burying stuff in about:config and making settings available through regular options dialogs... – Marc B Aug 19 '11 at 15:29
  • unfortunatly, Firefox doesn't really care on the need of companies and central deployment. We deploy firefox via network at one of our clients and it's really hard to maintain due to the lack of proper policy control (without having to use plugins or tons of configuration scripts that is). – Lars Aug 19 '11 at 15:31