Apache2 + AuthenNTLM +groups help needed

[ChrisH]

I have GLPI working on one of my Ubuntu servers with full NTLM. I want to make it so it only accepts one user group though.

My current apache config is

Code:

<Directory "/var/www/ithelpdesk">
PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName GLPI
require valid-user
PerlAddVar ntdomain "DOMAIN DC1 DC2"
PerlSetVar defaultdomain DOMAIN
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 2
PerlSetVar ntlmauthoritative off
PerlsetVar basicauth off
</Directory>

Currently this authenticates everyone.
I am not sure if what I want is possible with this method as I have tried alsorts of directive lines for groups.

Any ideas?

tia

Chris

[ChrisH]

Ok if nobody knows the answer to this then how about me using a .htaccess to filter by group ? Is this possible? I can do the winbinf bit etc, it would just be the htaccess I would need some guidance on.

[Geoff]

Code:

require group admin

?

[ChrisH]

Code:

require group admin

?

Is that a solution to my original query or the .htaccess? I have tried that with my original solution and it doesnt seem to work. I couldnt find any examples of it being used with groups either.
I am willing to try another apache module as well if you can recommend one which will give me ntlm and allow me to use a require group directive.

Rofl top google hit is this thread!

[Geoff]

That was assuming you were going down the winbind route. Anyway, If you want straight NTLM...

Code:

AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" --require-membership-of="YOUR_DOMAIN+administrators"
NTLMBasicAuthoritative on
AuthType NTLM
NTLMBasicAuth on
NTLMBasicAuthoritative on
require valid-user

[ChrisH]

Thanks I will give that a go. Any quirks I should know about? Hmm what about the squid reference?

[Geoff]

It's just the way ntlm auth talks to the client app.

[ChrisH]

What module needs to be enabled for this to work then as its moaning NTLMAuth is an invalid command.

[Geoff]

mod_ntlm

[ChrisH]

Ok this has turned out to be more of a pain than I realised. I assume you are compiling you own as there are no packages? I cannot get it to compile on mine no matter what I try. I found a compiled one on the ubuntu forums but it says its for a different verion of apache grrr. Everything else is ready I just need to get a working mod_ntlm.so.

[Geoff]

correct. I compiled my own.

[ChrisH]

Then you must have been using voodoo because eveytime I fix one error on the compiling it finds another. any chance you can attach yours?

[Geoff]

here you go

[ChrisH]

wrong elfclass64.... Is your server 64 bit?

[Geoff]

correct.