Last active
June 12, 2022 01:31
-
-
Save potatoqualitee/6cda9383e3cef4954f073a6da7e7818d to your computer and use it in GitHub Desktop.
Apache with Samba and Kerberos SSO on Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install required packages (ntp keeps your clock on time) | |
apt-get -y install ntp ntpdate | |
# To add your DC to the time server list, edit /etc/ntp.conf | |
service ntp stop | |
ntpdate -s ntp.ubuntu.org | |
service ntp start | |
# install required packages | |
apt-get -y install krb5-user samba apache2 libapache2-mod-auth-kerb | |
# sync time with the domain controller. In this case, the domain controller has an IP of 10.0.1.10 | |
service ntp stop | |
ntpdate -s 10.0.1.10 | |
service ntp start | |
# RUN THIS ON A WINDOWS DC | |
ktpass /out \\workstationx\c$\temp\http.keypass /princ HTTP/ubuntunew.base.local@BASE.LOCAL /pass SkiAlta2009 /mapuser base\test | |
mv http.keypass /etc | |
chown nobody /etc/http.keypass | |
vi /etc/apache2/apache2.conf | |
<Location /> | |
AuthType Kerberos | |
KrbMethodNegotiate on | |
KrbMethodK5Passwd off | |
Krb5Keytab /etc/http.keypass | |
Require valid-user | |
</Location> | |
vi /etc/samba/smb.conf | |
workgroup = BASE | |
client signing = yes | |
client use spnego = yes | |
kerberos method = secrets and keytab | |
realm = BASE.LOCAL | |
security = ads | |
####### | |
service ntp restart | |
service smbd restart | |
service nmbd restart | |
# Get a ticket. Let's say you're AD\ctrlb | |
kinit ctrlb | |
# Next one joins the domain and requires samba | |
net ads join -k | |
# Might be leftover restarts. May not be needed. | |
service ntp restart | |
service smbd restart | |
service nmbd restart | |
service apache2 restart | |
tail /var/log/apache2/error.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment