[pmwiki-users] authenticate against samba PDC
Dominique Faure
dominique.faure at gmail.com
Thu Nov 23 03:10:13 CST 2006
On 11/23/06, Falk Hamann <Falk.Hamann at dbaudio.com> wrote:
> Hello list
>
> On Fri, 17 Nov 2006 12:48:03 +0100
> Falk Hamann <Falk.Hamann at dbaudio.com> wrote:
>
> > is there a way to authenticate pmwiki-users against a Samba Primary
> > Domain Controller ?
> > Samba includes a tool called ntlm_auth which allows external access to
> > Winbind's NTLM authentication function.
>
> YES, it works now. I use the Apache-Module auth_ntlm_winbind_module
> from [1]. Automatic-login to Apache works correct.
>
> The NTLM-Username reach pmwiki as $_SESSION['REMOTE_USER'] in
> terms of DOMAIN\USER.
> I don't want the domainname. Thats why, I do the following in
> httpauth.php:
>
> -SDV($AuthId, $_SERVER['REMOTE_USER']);
> +SDV($AuthId, preg_replace("/DOMAIN\\\/", "", $_SERVER['REMOTE_USER']));
>
> In config.php: $Author = $AuthId;
You'd better leave scripts/httpauth.php unchanged (to not loose
anything when upgrading), and have all your customizations into
config.php (untested):
# strip any domain prefix
if(isset($_SERVER['REMOTE_USER']))
$_SERVER['REMOTE_USER'] =
preg_replace("/^[^\\]+\\\/", "", @$_SERVER['REMOTE_USER']);
include_once('scripts\httpauth.php');
Btw, You could do the same on a win32 hosted apache2 server with the
help of the mod_auth_sspi module.
> PM: On wich page should I document my experiences with NTLM, Apache,
> winbind(samba), pmwiki, when it works correct :-) ?
>
Cookbook/NtlmAuth ?
Regards,
Dom
More information about the pmwiki-users
mailing list