Last active
April 11, 2016 11:13
-
-
Save potatoqualitee/1c08a677599e77495d52e1baa342f7c2 to your computer and use it in GitHub Desktop.
Apache with BeyondTrust/Likewise Kerberos SSO on Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get -y install apache2 libapache2-mod-auth-kerb ntp ntpdate | |
# make sure time is synced. If behind a fw, use local time server like a DC | |
service ntp stop | |
ntpdate -s ntp.ubuntu.com | |
service ntp start | |
# Go get the beyondtrust (formerly Likewise) package | |
wget http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.deb.sh | |
chmod +x pbis-open-8.3.0.3287.linux.x86_64.deb.sh | |
./pbis-open-8.3.0.3287.linux.x86_64.deb.sh | |
(answer no, then yes) | |
# Join domain | |
/etc/init.d/lwsmd start | |
domainjoin-cli join BASE.LOCAL ctrlb | |
# reboot as recommended | |
reboot | |
# run this on windows dc. adjust as necessary for local hostnames, usernames and passwords | |
ktpass /princ HTTP/ubuntunew.base.local@BASE.LOCAL /mapuser base\test /crypto ALL /ptype KRB5_NT_PRINCIPAL /mapop set /pass SkiAlta2009 /out \\workstationx\c$\temp\httpd.keytab | |
# copy over with WinSCP then move | |
mv http.keypass /etc | |
chmod ugo+r /etc/httpd.keytab | |
vi /etc/apache2/apache2.conf | |
# Put this above where <Directory starts | |
<Location /> | |
AuthType Kerberos | |
KrbMethodNegotiate on | |
KrbMethodK5Passwd off | |
Krb5Keytab /etc/httpd.keytab | |
Require valid-user | |
</Location> | |
# K now reload apache and tail the error log while loading in IE or Chrome | |
service apache2 force-reload | |
tail /var/log/apache2/error.log | |
# On Windows, open up in Chrome or IE http://ubuntunew/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment