Apache passthrough AD group authentication

[CyberNerd]

How do I get a 'passthrough' authentication to AD groups with apache - so that the browser does not a popup username/password box on windows clients ?

I've been using LDAP so far, it works but users get an extra hassle of adding their username and password.

Code:

<Directory /var/www/vhosts/sitename/html>
        Options All ExecCGI -Indexes
        Order allow,deny
        Allow from all
        AuthLDAPAuthoritative on
        AuthType Basic
        AuthName "staff"
        AuthLDAPBindDN "cn=LDAP_BIND,cn=Users,dc=college,dc=internal"
        AuthLDAPBindPassword secret
        AuthLDAPURL ldap://server:389/dc=college,dc=internal?sAMAccountName?sub?(objectClass=*)
        AuthName "secure"
        require group cn=Staff,ou=staff,dc=college,dc=internal

</Directory>

[Iain]

It is a windows server, or a *nix server?

If *nix, kerberos, winbind and mod_auth_ntlm_winbind are your friends.

If windows then mod-auth-sspi is your friend.

Iain.

[Geoff]

Indeed, you must use NTLM authentication if you want authentication to be transparent.

[CyberNerd]

a *nix server?

If *nix, kerberos, winbind and mod_auth_ntlm_winbind are your friends.

I'd been avoiding seting up winbind on this box, but the webmanager wanted smb access anyway

cheers.