Connective Lamp Server to Windows Domain

I recently made a centos lamp server running apache mysql and php. I have wordpress and phpbb3 installed and running on the server. The linux server is running in the same building as a windows 2003 server. Is there a way to connect the linux and windows server so that my website and forum is only viewable once the user logs into his windows account at his/her computer?

As of right now, anyone that is physically in the building and connected via ethernet will have access to my website and forum. I guess I want to restrict it to the specified users in the windows domain. I saw some stuff about ldap and active directory, but it’s only confused me so much more. This is my first time setting up any form of server.

Answer

Kerberos works but it may be easier to do it with LDAP alone in this case.
Put the following in your VirtualHost settings for the wordpress site. With this config ldap.company.com needs to resolve to your AD Global Catalog(s) and you need an ID ldap-auth-svc with a password of Secretpassword so Apache has rights to access AD to authenciate the users. You may want to add a line *Require ldap-group . Finally you need to a2enmod authnz_ldap

AuthBasicProvider ldap
            AuthType        basic
            AuthName "Use email as username"
            AuthLDAPURL "ldap://ldap.company.com:3268/ dc=company,dc=com?mail?sub?(&(objectClass=user)(!(objectClass=computer)))"
            AuthLDAPBindDN "CN=ldap-auth-svc,OU=ldap,OU=services,DC=site,DC=company,DC=com"
            AuthLDAPBindPassword Secretpassword
            AuthzLDAPAuthoritative on
            Order allow,deny
            require valid-user
            Allow from all

For Kerberos you want something like the following but it does NOT check group membership:

AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
Krb5KeyTab /etc/krb5.keytab
require valid-user

Attribution
Source : Link , Question Author : user187558 , Answer Author : TheFiddlerWins

Leave a Comment