Apache with Samba and Kerberos SSO on Ubuntu

apache-kerberos-samba-sso.txt

# Install required packages (ntp keeps your clock on time)
apt-get -y install ntp ntpdate 

# To add your DC to the time server list, edit /etc/ntp.conf
service ntp stop
ntpdate -s ntp.ubuntu.org
service ntp start

# install required packages
apt-get -y install krb5-user samba apache2 libapache2-mod-auth-kerb

# sync time with the domain controller. In this case, the domain controller has an IP of 10.0.1.10
service ntp stop
ntpdate -s 10.0.1.10
service ntp start

# RUN THIS ON A WINDOWS DC
ktpass /out \\workstationx\c$\temp\http.keypass /princ HTTP/ubuntunew.base.local@BASE.LOCAL /pass SkiAlta2009 /mapuser base\test

mv http.keypass /etc
chown nobody /etc/http.keypass

vi /etc/apache2/apache2.conf

<Location />
 AuthType Kerberos
 KrbMethodNegotiate on
 KrbMethodK5Passwd off
 Krb5Keytab /etc/http.keypass
 Require valid-user
</Location>


vi /etc/samba/smb.conf

workgroup = BASE
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = BASE.LOCAL
security = ads
####### 

service ntp restart
service smbd restart
service nmbd restart

# Get a ticket. Let's say you're AD\ctrlb
kinit ctrlb
# Next one joins the domain and requires samba
net ads join -k 

# Might be leftover restarts. May not be needed.
service ntp restart
service smbd restart
service nmbd restart

service apache2 restart

tail /var/log/apache2/error.log