Apache authentication AD [Solved]

Support
, ,
1

NethServer Version: v7
Module: AD

Hello again :slight_smile:

Is there a way to have a Web Server (apache 2.4) authenticate users against Nethserver AD?
I have tried many ways and am failing … badly.
created a test web server and test page with authentication and have tried:
<VirtualHost *:80>
ServerName www.test.com
ServerAlias test.com
DocumentRoot /var/www/test.com/html
ErrorLog /var/www/test.com/log/error.log
CustomLog /var/www/test.com/log/request.log combined

<Directory "/var/www/test.com/html">
	AuthType Basic
	AuthName "Enter Your Login username and password"
	#AuthUserFile /etc/httpd/.htpasswd
	AuthBasicProvider ldap
	AuthLDAPURL "ldap://<IP>:389/dc=ad,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
	Require valid-user
</Directory>
and ServerName www.test.com ServerAlias test.com DocumentRoot /var/www/test.com/html ErrorLog /var/www/test.com/log/error.log CustomLog /var/www/test.com/log/request.log combined 
<Directory "/var/www/test.com/html">
	AuthType Basic
	AuthName "Enter Your Login username and password"
	#AuthUserFile /etc/httpd/.htpasswd
	AuthBasicProvider ldap
	AuthLDAPURL "ldap://<IP>:389/dc=ad,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
             AuthLDAPBindDN ldapservice@AD.DOMAIN.COM
             AuthLDAPBindPassword Blahblahblah
	Require valid-user
</Directory>

i am at a loss what i am doing wrong. Any ideas?
Thank you for your ideas :slight_smile:

2

Take a look at Authentication through Apache wiki page, @stephdl put some examples there.

3

thank you for this but i thought the directive authnz was dropped after version 2.2 ? this has worked in 2.4.x?

4

AFAIK mod_authnz_* are available on 2.4. I think to recall some user used mod_authnz_ldap successfully. Also mod_authnz_pam is known to work.
I’ve no experience with neither of them.

5

i tried the mod_authnz_ldap which failed for me could not even reload the httpd:
Invalid command ‘AuthzLDAPAuthoritative’
which lead me to find out about what little i know. Now i think you may be on to something as i read in the git:
Mod_authnz_external version 3.3.x is designed for use with Apache version
2.4.x.
so now i need to go do some work :slight_smile: thank you

6

personnally I now only use pam to authenticate to ldap or AD

https://wiki.nethserver.org/doku.php?id=developer:authentication_through_apache#mod_authnz_pam

7

ok i am back and after some testing here is what we found works the simplest to do on a server not within the domain yet serves workorder stuff for us.
smbclient -L -u /

which returned “Stuff”
then echo for the output and if password was wrong > 0 if right > 1
thanks to all who helped :slight_smile: