Website authentication with active directory

[dhassen]

Right.... i'll ask the question simply..lol.... where do I start?????????

[Geoff]

IIS or Apache? Windows or Linux?

[dhassen]

hmmm.... well we have options... which ever is easier... and more secure.

We can have an IIS, or Apache, both are set up and ready to go.

The school's current external website is on a linux server though. Im making a copy of the intranet and want that to be accessed from home via authentication against AD... that can either sit on the current server or a seperate IIS one ...

[apeo]

Im gonna assume you want a windows solution.. so if you have iis setup the it just a simple case of turning on directory security.

[dhassen]

don't want a windows solution as a definate... but if it's easier....

so... turning on directory security.... how does a form pass data.. username and password... to ad to be authenicated

[ChrisH]

Your going to need SSL as well by the sounds of it.

[CyberNerd]

Apache and AD is pretty straightforward to setup. you'll need mod_auth_ldap
theres a walkthrough here:
http://thomas-howard.com/reference/articles/apache+ad/

or google mod_auth_ldap


also you'll need to setup an account in AD for LDAP to bind to, AD doesn't support anonymous binds.

[Geoff]

You can do Samba (with Winbind) + Apache and use native PAM auth too.

AD doesn't support anonymous binds.

W2k server does. With W2k3 server its disabled in the default domain GPO. You can quite easily re-enable the feature if you wish.

[CyberNerd]

W2k server does. With W2k3 server its disabled in the default domain GPO. You can quite easily re-enable the feature if you wish.

I had problems with anonymous binds on 2000, I think there are some security problems that don't let it search the directory sufficently? I never really got to the bottom of it, adding a 'bind' account seemed to solve it though

[dhassen]

thanks everyone for the input...... i'll have a look

[dhassen]

IIS - directory security - digest authenication -----

I'm assuming this is the authenication method that uses AD, but I cant see how I use SSL too... when you said... im going to need SSL too... what does this involve... according to IIS digest auth doesnt use SSL

[dhassen]

just to let you guys know.... we got it sorted.... CHEERS!!!!!

used windows IIS... and port forwarding etc etc so only got 1 intranet and only 1 port is accessible to the outside world....

[Geoff]

Just to remember to keep up with the patches.

[webman]

Just to remember to keep up with the patches.

Yeah, tried to quit ages ago but the Nicquitin clear ones really help, still need willpower though...

[dhassen]

lol.... not got to that stage yet... still sneaking out every dinner..


Geoff... which patches are you meaning... windows IIS ones? (im a web hack really not a server type)