Managing domain trust between Windows and Linux

Q At our company we are trying to migrate our intranet from a Windows/IIS solution to Apache 2 on SUSE Linux Enterprise Server 9. The main problem is integration with the rest of our network, which runs Windows (Win2K on the servers and WinXP Pro on the clients). Some of the intranet apps we have use NTLM mechanisms to get the user credentials and to provide personalised information as well as various degrees of access to different areas of the intranet.

We were looking at replacing these by using apache2-mod_ntlm which - even though is not directly available for SLES9 - we could compile and load. We found information on the web (www.hannesschmidt.de/drupal/node/12) that apache2-mod_ntlm would work fine in a situation in which you use it in one domain only. Unfortunately that's not the case with us - we have a main tree and sub-domains, in which case trust relationships between domains are used to provide authentication and access. Our Win2K servers are using Active Directory to authenticate users. Can you confirm that the information we found in the online article is correct? What sort of thing would you recommend? Would a minimal subset of Samba help?

A Samba can be used to replicate information from an Active Directory server, which can then provide information to the mod_ntlm system under Apache. It looks like other people have had problems with multiple domain mod_ntlm, judging by the open bugs on the SourceForge project page - mod_ntlm doesn't appear to be that well maintained any more. It's worth remembering that Active Directory implements LDAP, so mod_ldap can be used to access the directory information. There's more on this at www.wlug.org.nz/ActiveDirectoryAuthenticationNotes, which suggests some success in using Active Directory with Apache.

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar