Setting Up NTLM on Ubuntu 9.10

After setting this up correctly, the web server will know who you are based on your Windows domain login if you use IE. Other browsers will be prompted for username and password. This procedure assumes that the apache2 web server and PHP have already been set up and working, and the network has been configured. In this example, our server is called “fileserver”, the domain is “your.domain” with domain controllers “controller1” (10.10.0.1) and “controller2” (10.10.0.2).

  • install apache auth module: sudo apt-get install libapache2-authenntlm-perl
  • move to apache configuration directory: cd /etc/apache2/conf.d
  • create config file for auth module: sudo touch ntlm.conf
  • edit ntlm.conf to contain the following (I used vi but use any command line editor):

<location />
PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName Basic
require valid-user
PerlAddVar ntdomain “your.domain controller1 controller2”
PerlSetVar defaultdomain your.domain
PerlSetVar splitdomainprefix 1
</location>

  • ensure that /etc/resolv.conf contains the following lines (no changes made in my case):

domain your.domain
search your.domain
nameserver 10.10.0.1
nameserver 10.10.0.2

  • restart apache webserver: sudo /etc/init.d/apache2 restart
  • test on a PHP page to make sure it is authenticating by putting the following PHP code in index.php at the root of the site:

<?php echo “You are logged in as <b>” . $_SERVER[‘REMOTE_USER’] . “</b>”; ?>

  • visiting http://fileserver/ in the browser now returns:

You are logged in as UserName

GnomeSkull

Sorry for the delay in responding.

Your domain controllers will be the servers for your Windows Active Directory. If you don’t know which they are, then you’ll have to talk to your network administrator.

If you aren’t working with an Active Directory domain, then this guide probably isn’t for you!

Bernard

Hi,

Thank you for the guide.
I’ve a problem i can’t resolve.

in the config i set the line PerlAddVar ntdomain “your.domain controller1 controller2″
but in log error i see :
[5931] AuthenNTLM: Config Domain = “your.domain pdc = bdc =
[5931] AuthenNTLM: Config Domain = controller1 pdc = bdc =
[5931] AuthenNTLM: Config Domain = controller2 pdc = bdc =

And the error No PDC and no fallbackdomain given for domain your.domain

Do you have an idea ?

GnomeSkull

Well, “your.domain” needs to be your actual domain name, like example.com. And controller1 and controller2 are the hostnames of your domain controllers. If you only have one domain controller, then I think that’s OK. The line would be like:

ntdomain “example.com PDChostname”

If you are working with a local domain, like internal only, you need to have .local in there. For example, if your local domain is called “ourdomain”, then you need to put “ourdomain.local” where it says “your.domain”.

If you are filling in valid domain name and hostnames, and you still get that error, then sorry, I don’t know.

Hope that helps.

Pranali

Hi ,

I integrated otrs with AD ,I want to implement SSO on otrs how to find this PDC and BDC in AD.

I m working on local domain.

Please help

Your email address will not be published. Required fields are marked *