Just use Samba's winbind for unix name services. Plus, you can use
apache mod_auth_pam for common authentication. We use this at work on a
number of machines. At home we use nss_ldap and openldap in the same
configuration.
Read these links: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2620959 http://pam.sourceforge.net/mod_auth_pam/
Here's our configs:
> cat /etc/samba/smb.conf
############################################
# Winbind Configuration
#
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
security = ADS
map to guest = Bad User
password server = domain1, domain2, *
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.1.12 192.168.1.13
ldap ssl = no
idmap backend = idmap_rid:MYDOMAIN=10000-20000
allow trusted domains = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = /
winbind use default domain = Yes
admin users = MYDOMAIN/administrator> cat /etc/nsswitch.conf | grep -v ^# | sort -u aliases: files automount: files bootparams: files ethers: files group: compat winbind hosts: files dns netgroup: files netmasks: files networks: files dns passwd: compat winbind protocols: files publickey: files rpc: files services: files shadow: files
> grep winbind /etc/pam.d/* /etc/pam.d/apache2.winbind:auth sufficient pam_winbind.so /etc/pam.d/httpd:auth sufficient /lib/security/pam_winbind.so /etc/pam.d/login:auth sufficient pam_winbind.so use_first_pass debug /etc/pam.d/sshd:auth sufficient pam_winbind.so use_first_pass debug /etc/pam.d/su:auth sufficient pam_winbind.so use_first_pass debug /etc/pam.d/sudo:auth sufficient pam_winbind.so use_first_pass debug /etc/pam.d/system-auth:auth sufficient pam_winbind.so use_first_pass debug
Hervé Leroux wrote:
Hello everyone,
I'm currently using dokuwiki as an Intranet application in my company. Our authentication system is based on MS Active Directory.
I'm running dokuwiki through a win32 Apache 2.x with php5.
I've already hacked the auth_ldap file to make dokuwiki authentication with ldap possible and it perfectly works.
I'm also using on the same server Trac (http://www.edgewall.com/trac/) with subversion.
For both these applications, I've configured apache with mod_ldap in order to authenticate and identify users, it also perfectly works.
But I'd like now to bypass dokuwiki own authentication system to integrate it with the apache's one.
I've read the following page :
http://wiki.splitbrain.org/wiki:tips:htaccessauth
but it uses /etc/passwd system file and probably /etc/groups. I'd like to use the Active Directory user and groups system instead.
Has anyone already faced this problem ?
Regards,
Hervé Leroux
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist
