hpenderle
asked on
NTLM-Authorisation against AD-Groups on Apache2 with ntlm_auth
Hi to All,
we make an SLES10 Server for our Intranet. The permissions for some virtual hosts on it should be made with some AD-Groups of teh domain. I've installed auth_ntlm_winbind_module with the apache 2 and placed some .htacces-files in the directories.
So, the authorisation with users works fine ... with groups NO CHANCE.
Can someone give me any tips hw to bring it to work!!
Best greetings
HPE
.. the .htacces file
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2. 5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
NTLMBasicAuth on
NTLMBasicAuthoritative on
#require valid-user
require user test <- works
#require group visitors <- works not!
we make an SLES10 Server for our Intranet. The permissions for some virtual hosts on it should be made with some AD-Groups of teh domain. I've installed auth_ntlm_winbind_module with the apache 2 and placed some .htacces-files in the directories.
So, the authorisation with users works fine ... with groups NO CHANCE.
Can someone give me any tips hw to bring it to work!!
Best greetings
HPE
.. the .htacces file
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.
NTLMBasicAuthoritative on
AuthType NTLM
NTLMBasicAuth on
NTLMBasicAuthoritative on
#require valid-user
require user test <- works
#require group visitors <- works not!
ASKER
Hi Hopius,
thanks a lot for your help ... but, the even the above entries did'nt work.
Meanwhile i tried direct calls of ntlm_auth ... with the folowing results:
/usr/bin/ntlm_auth --username=test --password=xxx
NT_STATUS_OK: Success (0x0)
/usr/bin/ntlm_auth --username=test --require-membership-of="D OMAIN+visi tors" --password=xxx
NT_STATUS_LOGON_FAILURE: Logon failure (0xc000006d)
... Any furtehr ideas
Thanks
HPE
thanks a lot for your help ... but, the even the above entries did'nt work.
Meanwhile i tried direct calls of ntlm_auth ... with the folowing results:
/usr/bin/ntlm_auth --username=test --password=xxx
NT_STATUS_OK: Success (0x0)
/usr/bin/ntlm_auth --username=test --require-membership-of="D
NT_STATUS_LOGON_FAILURE: Logon failure (0xc000006d)
... Any furtehr ideas
Thanks
HPE
ASKER
An addition ...
The
/usr/bin/ntlm_auth --username=test --require-membership-of="D OMAIN+visi tors" --password=xxx
works on some Groups, on some NOT - not dependent of the membership of the user test to this group.
But, the authentication in the above example DID not work even when the manual ntlm_auth query returns SUCCESS.
It seems, that the '--require-membership-of=. ..'-option has no influence to the 'require valid-user' option.
The
/usr/bin/ntlm_auth --username=test --require-membership-of="D
works on some Groups, on some NOT - not dependent of the membership of the user test to this group.
But, the authentication in the above example DID not work even when the manual ntlm_auth query returns SUCCESS.
It seems, that the '--require-membership-of=.
Try this: "--domain=DOMAIN --require-membership-of=vi sitors"
Or try to use SID of group visitors instead of name 'visitors'
Or try to use SID of group visitors instead of name 'visitors'
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and try to use 'require valid-user'