# Apache + mod_auth_ntlm_winbind = AD SSO ?

## stelardactek

I've managed to get Single Sign-On working on my AD-attached Gentoo box using mod_auth_ntlm_winbind (assuming SSO means what I think it does; that being IE and Firefox can authenticate you automatically using your Windows login details).

However, I'm concerned about using this method in production. Is mod_auth_ntlm_winbind likely to ever find its way into portage? The source (http://git.samba.org/?p=jerry/mod_auth_ntlm_winbind.git) doesn't look like it has been touched in a while now.

Does anyone know a better way of achieving the same goal? Perhaps one that doesn't require the Gentoo box to be on the domain?Last edited by stelardactek on Tue Oct 06, 2009 10:24 pm; edited 1 time in total

----------

## stelardactek

Sorry to bump this, but I'm still hoping someone will have an answer.

----------

## zerocool_australia

I do the same thing, but i just use Apache's mod_authnz_ldap to connect to AD. It works great, our AD users get single sign on, and it is a part of the apache ebuild so no messing around with unsupported packages.

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

----------

## stelardactek

Maybe I'm not using the term SSO correctly, so tell me if I'm barking up the wrong tree; but I tried mod_authnz_ldap, and I couldn't figure out how to get Internet Explorer to authenticate using the user's Windows login credentials, without prompting the user for them.

----------

## stelardactek

Well, mod_auth_ntlm_winbind seems to fall over quite badly when you use it to serve a real web page (by which I mean one with images; it failed for me with just one user looking), so that's out...

----------

