potatoqualitee/apache-likewise-beyondtrust-sso.txt

## apache-likewise-beyondtrust-sso.txt
apt-get -y install apache2 libapache2-mod-auth-kerb ntp ntpdate

# make sure time is synced. If behind a fw, use local time server like a DC
service ntp stop
ntpdate -s ntp.ubuntu.com
service ntp start

# Go get the beyondtrust (formerly Likewise) package
wget http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.deb.sh
chmod +x pbis-open-8.3.0.3287.linux.x86_64.deb.sh
./pbis-open-8.3.0.3287.linux.x86_64.deb.sh
(answer no, then yes)

# Join domain
/etc/init.d/lwsmd start
domainjoin-cli join BASE.LOCAL ctrlb

# reboot as recommended
reboot

# run this on windows dc. adjust as necessary for local hostnames, usernames and passwords
ktpass /princ HTTP/ubuntunew.base.local@BASE.LOCAL /mapuser base\test /crypto ALL /ptype KRB5_NT_PRINCIPAL /mapop set /pass SkiAlta2009 /out \\workstationx\c$\temp\httpd.keytab

# copy over with WinSCP then move
mv http.keypass /etc
chmod ugo+r /etc/httpd.keytab

vi /etc/apache2/apache2.conf
# Put this above where <Directory starts
<Location />
 AuthType Kerberos
 KrbMethodNegotiate on
 KrbMethodK5Passwd off
 Krb5Keytab /etc/httpd.keytab
 Require valid-user
</Location>

# K now reload apache and tail the error log while loading in IE or Chrome
service apache2 force-reload
tail /var/log/apache2/error.log

# On Windows, open up in Chrome or IE http://ubuntunew/
	apt-get -y install apache2 libapache2-mod-auth-kerb ntp ntpdate

	# make sure time is synced. If behind a fw, use local time server like a DC
	service ntp stop
	ntpdate -s ntp.ubuntu.com
	service ntp start

	# Go get the beyondtrust (formerly Likewise) package
	wget http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.deb.sh
	chmod +x pbis-open-8.3.0.3287.linux.x86_64.deb.sh
	./pbis-open-8.3.0.3287.linux.x86_64.deb.sh
	(answer no, then yes)

	# Join domain
	/etc/init.d/lwsmd start
	domainjoin-cli join BASE.LOCAL ctrlb

	# reboot as recommended
	reboot

	# run this on windows dc. adjust as necessary for local hostnames, usernames and passwords
	ktpass /princ HTTP/ubuntunew.base.local@BASE.LOCAL /mapuser base\test /crypto ALL /ptype KRB5_NT_PRINCIPAL /mapop set /pass SkiAlta2009 /out \\workstationx\c$\temp\httpd.keytab

	# copy over with WinSCP then move
	mv http.keypass /etc
	chmod ugo+r /etc/httpd.keytab

	vi /etc/apache2/apache2.conf
	# Put this above where <Directory starts
	<Location />
	AuthType Kerberos
	KrbMethodNegotiate on
	KrbMethodK5Passwd off
	Krb5Keytab /etc/httpd.keytab
	Require valid-user
	</Location>

	# K now reload apache and tail the error log while loading in IE or Chrome
	service apache2 force-reload
	tail /var/log/apache2/error.log

	# On Windows, open up in Chrome or IE http://ubuntunew/