FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-08-2010, 11:49 PM
Arvind P R
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

I had written a blog quite some time back on this. There might be some
glitches in it, but will give you some clue. The blog is
blog.Palalinha.Com
i am sitting at the airport with my mobile so cant find you the
correct thread in the blog. Let me know if it helps.

On 2/8/10, Tom Bishop <bishoptf@gmail.com> wrote:
> Setting up a new backuppc for a small group of device and I am running
> centos 5.4 with winbind setup and working. Everything is working and I
> would like the users to authenicate using their AD creds and was wondering
> what folks are using to do that with apache 2.2 and centos 5.4. I know
> about mod_auth_pam but that seems pretty dead so I was just wondering what
> folks were using and whats the easiest to setup. Any pointers to any how
> to's would be appreciated...Thanks.
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 03:35 PM
Tom Bishop
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

I looked over an most of which I have already done, the last piece that I am trying to address is how to do authentication with Apache against active directory, mod_auth_pam is one way but I have not had any luck getting it to compile with the latest Apache....Thanks


On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <iinfi1@gmail.com> wrote:

I had written a blog quite some time back on this. There might be some

glitches in it, but will give you some clue. The blog is

blog.Palalinha.Com

i am sitting at the airport with my mobile so cant find you the

correct thread in the blog. Let me know if it helps.



On 2/8/10, Tom Bishop <bishoptf@gmail.com> wrote:

> Setting up a new backuppc for a small group of device and I am running

> centos 5.4 with winbind setup and working. *Everything is working and I

> would like the users to authenicate using their AD creds and was wondering

> what folks are using to do that with apache 2.2 and centos 5.4. *I know

> about mod_auth_pam but that seems pretty dead so I was just wondering what

> folks were using and whats the easiest to setup. *Any pointers to any how

> to's would be appreciated...Thanks.

>

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 03:57 PM
Pat and Lori Boyer
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

I've had decent luck with LDAP authentication for Apache. AD does not support anonymous LDAP searches so you have to have a user account that has the ability to search AD. Here's a modified sample config (.htaccess or httpd.conf) that includes security group membership checks. This would require that a user login with their Windows domain username and password and that the user be a member of the AD security group 'managers':


AuthType************* basic
AuthName************* "Windows Domain Credentials - Managers Only"
AuthzLDAPMethod****** ldap
AuthzLDAPServer****** "dc1.example.com"

AuthzLDAPBindDN****** "CN=username,CN=Users,DC=example,DC=com"
AuthzLDAPBindPassword "superSecretPassword"
AuthzLDAPUserBase**** "CN=Users,DC=example,DC=com"
AuthzLDAPUserKey***** sAMAccountName

AuthzLDAPUserScope*** subtree
AuthzLDAPGroupBase*** "CN=Users,DC=example,DC=com"
AuthzLDAPGroupKey**** cn
AuthzLDAPGroupScope** subtree
AuthzLDAPMemberKey*** member
AuthzLDAPSetGroupAuth ldapdn

require group******** managers



On Tue, Feb 9, 2010 at 11:35 AM, Tom Bishop <bishoptf@gmail.com> wrote:

I looked over an most of which I have already done, the last piece that I am trying to address is how to do authentication with Apache against active directory, mod_auth_pam is one way but I have not had any luck getting it to compile with the latest Apache....Thanks



On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <iinfi1@gmail.com> wrote:


I had written a blog quite some time back on this. There might be some

glitches in it, but will give you some clue. The blog is

blog.Palalinha.Com

i am sitting at the airport with my mobile so cant find you the

correct thread in the blog. Let me know if it helps.



On 2/8/10, Tom Bishop <bishoptf@gmail.com> wrote:

> Setting up a new backuppc for a small group of device and I am running

> centos 5.4 with winbind setup and working. *Everything is working and I

> would like the users to authenicate using their AD creds and was wondering

> what folks are using to do that with apache 2.2 and centos 5.4. *I know

> about mod_auth_pam but that seems pretty dead so I was just wondering what

> folks were using and whats the easiest to setup. *Any pointers to any how

> to's would be appreciated...Thanks.

>

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos




_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 04:21 PM
Tom Bishop
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks.


On Tue, Feb 9, 2010 at 10:57 AM, Pat and Lori Boyer <pboyer@gmail.com> wrote:

I've had decent luck with LDAP authentication for Apache. AD does not support anonymous LDAP searches so you have to have a user account that has the ability to search AD. Here's a modified sample config (.htaccess or httpd.conf) that includes security group membership checks. This would require that a user login with their Windows domain username and password and that the user be a member of the AD security group 'managers':



AuthType************* basic
AuthName************* "Windows Domain Credentials - Managers Only"
AuthzLDAPMethod****** ldap
AuthzLDAPServer****** "dc1.example.com"


AuthzLDAPBindDN****** "CN=username,CN=Users,DC=example,DC=com"
AuthzLDAPBindPassword "superSecretPassword"
AuthzLDAPUserBase**** "CN=Users,DC=example,DC=com"
AuthzLDAPUserKey***** sAMAccountName


AuthzLDAPUserScope*** subtree
AuthzLDAPGroupBase*** "CN=Users,DC=example,DC=com"
AuthzLDAPGroupKey**** cn
AuthzLDAPGroupScope** subtree
AuthzLDAPMemberKey*** member
AuthzLDAPSetGroupAuth ldapdn


require group******** managers



On Tue, Feb 9, 2010 at 11:35 AM, Tom Bishop <bishoptf@gmail.com> wrote:


I looked over an most of which I have already done, the last piece that I am trying to address is how to do authentication with Apache against active directory, mod_auth_pam is one way but I have not had any luck getting it to compile with the latest Apache....Thanks




On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <iinfi1@gmail.com> wrote:



I had written a blog quite some time back on this. There might be some

glitches in it, but will give you some clue. The blog is

blog.Palalinha.Com

i am sitting at the airport with my mobile so cant find you the

correct thread in the blog. Let me know if it helps.



On 2/8/10, Tom Bishop <bishoptf@gmail.com> wrote:

> Setting up a new backuppc for a small group of device and I am running

> centos 5.4 with winbind setup and working. *Everything is working and I

> would like the users to authenicate using their AD creds and was wondering

> what folks are using to do that with apache 2.2 and centos 5.4. *I know

> about mod_auth_pam but that seems pretty dead so I was just wondering what

> folks were using and whats the easiest to setup. *Any pointers to any how

> to's would be appreciated...Thanks.

>

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos




_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos





_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 05:37 PM
Tom Bishop
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

Point taken and I do understand, in reality I would rather have nothing to do with MS which is insecure from the start, ever try to firewall an SBS 2003 install, good luck, they recommend turning it off, go figure....lol


On Tue, Feb 9, 2010 at 12:08 PM, Joseph L. Casale <jcasale@activenetwerx.com> wrote:

>This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks.




I guess you think insecure would be better? If I understand your need, you want

to make AD insecure, so please enable anonymous binds so you don't need a user/pass

to make the query



Or program your own auth backend that binds with the intended creds asking for auth

Oh, and do this w/o tls/ssl because you want it insecure

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2010, 11:43 PM
Tom Bishop
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

I just need something for apache auth. I have winbind working just
fine for the other stuff...Thanks

On 2/9/10, Jay Leafey <jay.leafey@mindless.com> wrote:
> If you are using AD for JUST authentication and not user information,
> you can use the PAM Kerberos stuff. We've been using it for a couple of
> years from both CentOS/RHEL 4 and 5 systems with good results. It was
> actually pretty easy to do (once we figured out which type of chicken
> bones to burn).
>
> You can use authconfig to turn it all on:
>
> authconfig --enablekrb5 --krb5realm {AD domain name}
> --enbablekrb5kdcdns --enablekrb5realmdns --update
>
> This will use DNS to locate the domain controller and KDC for the domain
> given the AD domain name. You can manually specify the KDC and admin
> servers too, see the authconfig man page for specific details.
>
> If you want something perhaps more polished, you could look into the
> Likewise products, which handle the whole shooting match pretty well
> (http://www.likewise.com/products/likewise_open/). I've played with the
> Open (free) version and it worked just fine, the Enterprise has more
> features but I haven't played with it.
>
> As always, YMMV.
> --
> Jay Leafey - Memphis, TN
> jay.leafey@mindless.com
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-10-2010, 05:32 AM
Stephen Carville
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

On Mon, Feb 8, 2010 at 8:18 AM, Tom Bishop <bishoptf@gmail.com> wrote:
> Setting up a new backuppc for a small group of device and I am running
> centos 5.4 with winbind setup and working.* Everything is working and I
> would like the users to authenicate using their AD creds and was wondering
> what folks are using to do that with apache 2.2 and centos 5.4.* I know
> about mod_auth_pam but that seems pretty dead so I was just wondering what
> folks were using and whats the easiest to setup.* Any pointers to any how
> to's would be appreciated...Thanks.

This works for me

PerlModule Authen::Simple::Apache

PerlModule Authen::Simple::ActiveDirectory
PerlSetVar AuthenSimpleActiveDirectory_host "mydc.inside.net"
PerlSetVar AuthenSimpleActiveDirectory_principal "mydomain"

<Directory /var/www/whatever >
PerlAuthenHandler Authen::Simple::ActiveDirectory

AuthType Basic
AuthName "Sekret Playce"
require valid-user

</Directory>

--
Stephen Carville
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-11-2010, 12:10 PM
Tom Bishop
 
Default Anyone using Active Driectory auth with Centos 5.4.....?

I was able to get ldap auth working fairly easily, although getting SSL to work took a little bit more effort due to trying to get the ca.cert from the SBS server....

On Thu, Feb 11, 2010 at 2:34 AM, Rui Miguel Silva Seabra <rms@1407.org> wrote:

Em 10-02-2010 00:43, Tom Bishop escreveu:

> I just need something for apache auth. I have winbind working just

> fine for the other stuff...Thanks



One thing I use is ldaps auth, but it will always demand an auth dialog.



Kerberos ticket support has the advantage than you may avoid that, but

it has the difficulty that you can't have a different username that easily.



Rui

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:19 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org