I recently made a centos lamp server running apache mysql and php. I have wordpress and phpbb3 installed and running on the server. The linux server is running in the same building as a windows 2003 server. Is there a way to connect the linux and windows server so that my website and forum is only viewable once the user logs into his windows account at his/her computer?
As of right now, anyone that is physically in the building and connected via ethernet will have access to my website and forum. I guess I want to restrict it to the specified users in the windows domain. I saw some stuff about ldap and active directory, but it’s only confused me so much more. This is my first time setting up any form of server.
Kerberos works but it may be easier to do it with LDAP alone in this case.
Put the following in your VirtualHost settings for the wordpress site. With this config ldap.company.com needs to resolve to your AD Global Catalog(s) and you need an ID ldap-auth-svc with a password of Secretpassword so Apache has rights to access AD to authenciate the users. You may want to add a line *Require ldap-group . Finally you need to a2enmod authnz_ldap
AuthBasicProvider ldap AuthType basic AuthName "Use email as username" AuthLDAPURL "ldap://ldap.company.com:3268/ dc=company,dc=com?mail?sub?(&(objectClass=user)(!(objectClass=computer)))" AuthLDAPBindDN "CN=ldap-auth-svc,OU=ldap,OU=services,DC=site,DC=company,DC=com" AuthLDAPBindPassword Secretpassword AuthzLDAPAuthoritative on Order allow,deny require valid-user Allow from all
For Kerberos you want something like the following but it does NOT check group membership:
AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On Krb5KeyTab /etc/krb5.keytab require valid-user