Имеем Debian 9.5 и AD Windows 2012.
1 |
apt install krb5-user libapache2-mod-auth-kerb msktutil apache2 php ntp ntpdate |
1 |
mv /etc/krb5.conf /etc/krb5.conf.def |
nano /etc/krb5.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[libdefaults] default_realm = DOMAIN.LOCAL [realms] DOMAIN.LOCAL = { kdc = ad1.domain.local kdc = ad2.domain.local default_domain = domain.local admin_server = ad1.domain.local } [domain_realm] .domain.local = DOMAIN.LOCAL domain.local = DOMAIN.LOCAL |
Авторизируемся в AD
1 |
kinit -V admin@DOMAIN.LOCAL |
Включаем сервер в AD
1 |
msktutil -c -s host -s HTTP -s HTTP/debian --computer-name debian --server ad1.domain.local |
1 2 |
chown root.www-data /etc/krb5.keytab chmod 0640 /etc/krb5.keytab |
nano /etc/apache2/sites-enabled/000-default.conf
1 2 3 4 5 6 7 8 |
<Location /> AuthType Kerberos AuthName "Domain Login" KrbMethodK5Passwd off Krb5Keytab /etc/krb5.keytab KrbServiceName HTTP/debian.domain.local@DOMAIN.LOCAL Require valid-user </Location> |
Чтобы работало в FF нужно в about:config прописать
1 2 |
network.negotiate-auth.delegation-uris: .domain.local network.negotiate-auth.trusted-uris: .domain.local |