Fedora Servers :: Apache Binding To Active Directory - Use Web Shares?
Feb 9, 2009
Something that has been in the pipleline at work for a while is user-based web directories. Main PDCs are running Windows Server 2003 using Active Directory, ideally what would happen is that users have a web share under [URL].. - the server behind this would be Linux (either Fedora or CentOS).
What kind of configuration would be needed for Apache to make this possible? The way I have planned so far is to have the Linux box auth against the AD domain (possibly joined), with Apache setup to share local public_html folders. Not sure how I can get rid of the tilde from the start of the username, but it should be pretty easy.
View 1 Replies
ADVERTISEMENT
Jul 20, 2010
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
View 9 Replies
View Related
Feb 14, 2009
I just installed FC 10 and have apache running with the default config. the problem is that it is only listening on ipv6 for ports 80 and 443
Code:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2059/exim
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2059/exim
[code]....
here is the only part in the httpd.conf file that seems to have anything to do with this:
Code:
Listen 80
which from my understanding should make it listen on all interfaces, ipv4 and ipv6
View 8 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Sep 22, 2010
I have an old Apache version (1.3.11) and an old Redhat release (2.1.12-20 - Cartman)and need to authenticate a Windows 2003 domain. The authentication to an NT domain already works as expected (see below) but unfortunately I am unable to find the correct LDAP module for V1.3.11 to allow authentication.
From what I have read the LDAP module needs to be compiled with Apache but I am really not sure. Unfortunately I am unable to upgrade to Apache2 when I could presumibly use the authnz_ldap_module but if someone could point me to the correct LDAP module for 1.3.11 it .
Ive installed openldap-1.2.9-6 and openldap-devel-1.2.9-6 but don't particulary want to go down configuring LDAP when hopefully I can simply add the LDAP module to Apache which was not compiled in Apache initially.
Also, do I need to specifiy the AD domain password in the directives or can the Windows lads just create any account I can use.
View 7 Replies
View Related
Feb 2, 2009
I have FC10 newly installed, and Apache is serving content from /var/www/ okay.
I'm trying to get Apache to serve web content from user's home directories. This is what I've tried with no success:
Uncommented 'UserDir public_htm' in /etc/httpd/conf/httpd.conf and commented out 'UserDir disabled'.
And...
Uncommented user directory section in /etc/httpd/conf/httpd.conf. It now reads as follows:
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
[Code].....
I also tried setenforce 0 to temporarily disable SELinux until the next reboot. No luck. It doesn't appear to be an SELinux issue.
That's as far as the information available will take me. I still get URL 'Not Found' when I try to access http://192.168.0.2/~myusername/
setting up user home directory web access?
View 1 Replies
View Related
Mar 14, 2009
I want to enable User Directories in Apache. So in httpd.conf I set:
Code:
<IfModule mod_userdir.c>
#UserDir enabled // commented out
UserDir public_html
</IfModule>
Directory /home/kees is listed has the following file permissions: drwx--x--x 32 kees kees
Directory /home/kees/public_html has the following file permissions: drwxr-xr-x 2 root root
Directory public_html has two files: index.html and index.php, both with file permissions: -rwxr-xr-x 1 root root If I now try to open http://myhost/~kees/index.html (or index.php) in my browser I get a 403 Forbidden error. If I look in my error log I see the following messages if I first try to open the index.html and then the index.php file:
[Code]...
View 4 Replies
View Related
Mar 6, 2009
I'm using FC10 and I want to create a symlink to my movies directory in my home folder:
This is what I did:
I created in
/var/www/html
ln -s /home/username/movies movies
Then in /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/home/username/movies">
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
Restart apache and then the test page is working.
The directory /home/username/movies has following permissions:
drwxrwxrwx 2 apache apache 4096 2009-03-05 23:43 movies
When trying to access my webpage at localhost/movies I get the 403 Forbidden Error.
Ok then, entering:
sudo -u apache ls /var/www/html
> movies
This works, sudo -u /var/www/html/movies returns the permission denied error.
As well sudo -u /home/username/movies
Is the user apache chrooted by default? SELinux is in permissive mode. What can I do?
View 4 Replies
View Related
Jun 12, 2009
With F11 installed Apache is having permissions issues reading files out of the html directory. Only wants to work with permissions set to read for other. [Thu Jun 11 23:25:28 2009] [error] [client 127.0.0.1] (13)Permission denied: file permissions deny server access: /var/www/html/index.html Tracked down the permissions issue. Is there a good reason not to change the group to apache and remove world read?
View 1 Replies
View Related
Feb 3, 2010
Just installed Alfresco 3.2 using the Canonical repo in Karmic. Unable to find proper guide to enable Active Directory authentication.
View 3 Replies
View Related
Mar 11, 2010
I would like to set up Some kind of windows user manager in an ubuntu sever. The windows network is already set up. I've scoured the net for hours and found nothing.
View 3 Replies
View Related
Dec 18, 2010
I have ubuntu server 9.04 installed on my computer and I am trying to make a Domain Server. I have made sure that there are no problems in the configuration file. When I go to join the domain in windows 7 it tells me that it cannot find the Active Directory server.
View 2 Replies
View Related
Nov 8, 2010
Since yesterday I'm fighting with OpenVPN on Ubuntu 10.04TLS and I can not cope with the authorization of users from Windows 2008 AD server. It looks like this: Published 93.159.XX.XX IP address the router and all traffic directed to the internal LAN IP 10.0.1.210. Customers who will combine the different platforms are Mac OS, Linux, Windows XP, 7, Vista. The whole domain is for Windows 2008. Uploader authLDAP module, but I still can not connect, that is, not after entering the username and password from the W2K8 domain does not log
View 1 Replies
View Related
Nov 19, 2010
(This was posted at the end of another thread, where it probably didn't belong, so reposting here)I have Active Directory set up on one machine (and I can't really adjust the settings very much) and Ubuntu Server 10.04, which I would like to use as a client.I followed the directions at https://help.ubuntu.com/community/LD...Authentication, but when I get to
Code:
getent passwd
I don't see anything from the LDAP, and ssh'ing into the box from an LDAP/AD username certainly doesn't work.
In addition, I've attempted to use Webmin's LDAP Configuration module to configure it. I can connect to the server and can browse it with the LDAP browser with my settings, but the Webmin package doesn't recognize the users (which are organized in one of four Organizational Units (OUs) within the OU that I have as my Search Base) as users,
View 1 Replies
View Related
Mar 24, 2011
I need to setup windows Active Directory system and want to use our existing ubuntu server as Primary Domain Controller (samba). What I'd like to know is if its possible to setup a machine running standard Ubuntu as the PDC, or if I would need to install Ubuntu server.
View 2 Replies
View Related
Feb 26, 2011
We have a small group of linux servers, currently with local logins. I want to eliminate the local logins and authenticate against the corporate AD. I've been looking at PAM - but winbind requires each machine to be added to the AD. This becomes a pain if we create new virtual or physical servers. Is it possible to have one server authenticate directly with AD, and the other servers authenticate against this server, which defers to the one server that is registered in AD?
View 3 Replies
View Related
Feb 20, 2010
This is the scenario: Active Directory Server = 192.168.0.1 Squid/Dansguardian Proxy Server w/NTLM Auth = 192.168.0.10 The Linux box has been integrated with AD and works fine. Users can authenticate automatically when login the AD or when they access the web through Basic authentication. That part is just fine.
But, when I add a new user, or change a users' primary group, I have to change the 'filtergroups' file in Dansguardian. I tried to make auto this process using the USERMAP and USERMAP2 scripts in [URL].. at the "Extras and Add Ons" section, but both scripts doesn't run properly in Ubuntu if they are not changed. I tried, following the instructions, but got a lot of syntax errors. So, I wrote a very simple script using 'net rpc' to retrieve all users according to the AD Security and Domain Groups. I created an output folder in dansguardian to dump the rpc outputs into files. And read the files to apply filtering groups.
[Code]...
View 3 Replies
View Related
Mar 11, 2010
When i try to join my Ubuntu server to Microsoft Active Directory domain, i get the error message below.
Kinit failed: Clock skew too great Failed to join domain: Time difference at domain controller I know the reason is because of the time difference between my domain controller and the Ubuntu server. But what i want to know is that possible to join a domain without time synchronisation? Because my domain controller is working for another time zone, for another Country, so i can not synchronise it with my Ubuntu server.
View 8 Replies
View Related
Jul 22, 2010
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
View 3 Replies
View Related
May 12, 2010
I'm configuring Apache for the first time on this box (8.04 LTS) and Apache2 for the first time ever. "Out of the box" it runs fine and I get the "It Works" page okay. But I'd like to use the virtual site feature to direct Apache to a folder in my user space, and I keep getting errors.
When I point a browser at localhost, the 404 message is "The requested URL / was not found on this server." and the /var/log/apache2/error.log ends with "File does not exist: /htdocs.
Here's my config file from the apache2/sites-available folder:
Code:
I diff'ed this file with the default and the only differences are in the DocumentRoot line and the <Directory ...> line.
My public_html folder has permissions 755 and the index.html file is 644.
View 7 Replies
View Related
May 13, 2011
I want to make a image directory in the WWW folder. It works fine, but when I link to the images on the page it stands that I don?t have permission to the picture, 403. How do I set the permission?
View 2 Replies
View Related
May 3, 2010
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
View 6 Replies
View Related
Jul 19, 2010
I had directory browsing enabled in Apache on a previous computer, but I can't get it working again:heres my apache2.conf
Code:
#
#Based upon the NCSA server configuration files originally by Rob McCool.
[code].....
View 6 Replies
View Related
Nov 27, 2010
In my website, I'm putting shared files in a "/global" folder. Both "styles.css" and "library.php" are in this global folder. HTML code seems to be working ok - the following bit works great to pick up a style sheet:
Code:
<link rel="stylesheet" type="text/css" href="/global/styles.css" /> However PHP does not seem to understand my root directory. Using the following does not work:
Code:
include_once("/global/library.php");
I receive a "failed to open stream: No such file or directory" error.Spelling out the entire full path works, like so:
Code:
include_once("/srv/www/mysite/global/library.php");
But this type of code is no good as I may change servers in the future. I have my "DocumentRoot" set correctly in my sites-available file. It seems as if PHP is ignoring it. Is there a config file someplace (htaccess? Local php.ini?) where I should update my root directory for this site only? Or am I following bad form and there's a better way to do this? Relative paths don't seem like the answer here though...
View 5 Replies
View Related
Mar 23, 2011
Have Apache running on Ubuntu Server. Say I have a domain, www.somewhere.com, and I have uploaded a file, phpinfo.php. If I hit http://www.somewhere.com/phpinfo.php, I get my file as expected. However, If I hit non-existent file http://www.somewhere.com/phpinfo/somefile.dat, it also acts as if I hit phpinfo.php, instead of giving me a 404 error. It seems that because the DIRECTORY "phpinfo" does not exist, it decided that I must have meant to hit phpinfo.php at the root of the site.
If I create an empty "phpinfo" directory then it behaves as expected and gives me a 404 not found page. This is reproducible for any other file name you can think of. I'm sure this is some Apache convenience behavior but I would like to disable it (it is messing with some mod_rewrite stuff I would like to do). Because it's hard to describe I cannot figure out which Apache option it might be (whatever I Google for gives me completely unrelated results).
View 9 Replies
View Related
Sep 7, 2010
I want to install a FTP server (VSFTPD) on my Redhat Enterprise Linux 5.5 and i want to use Active Directory LDAP (windows server 2008 enterprise) for authentication. I can't add my windows LDAP to FTP server. I try my best but i cant to config it.
View 6 Replies
View Related
Jun 5, 2011
I am trying to integrate my centos machine with active directory [Windows Server 2008] using Kerberos and LDAP. I can now successfully SSH to my linux machine as an active directory user. Then it automatically creates home directory for that particular user using the PAM module.
My problem is that i cannot login to GDM using the same active directory account. Should I do some configuration changes for GDM login to take place using an active directory account.?
View 4 Replies
View Related
Mar 11, 2011
how to setup an Active/Active Load Balanced and High Available (If one of the nodes is down the system still runs) MySQL cluster. I have found quite a few howto's but I have some things unclear in my mind. I found a few solutions like this one: [URL] or this: [URK] Those are using two or four MySQL nodes, two Load Balancers to avoid a single point of failure but only one MySQL cluster management server. What happens if the MySQL cluster management fails?
I have also found a "MySQL Master-Master Circular Replication" technique but from what I read, with this option there is a chance that conflicts will arise if node A and node B both insert an auto-incrementing key on the same table.
View 1 Replies
View Related
Feb 4, 2011
I already know of a work around to fix this problem, but I guess my question is why is this not working as expected? I am using a Windows Server 2008 R2 Active Directory for authentication.
I have run auth-client-config for the ldap profile and pam-auth-update. When running getent passwd, I get a list of both the local users and the users in the active directory (with populated information in the Unix schema extension). When running getent group I get a list of both the local groups and the groups in the active directory (with populated information in the Unix schema extension).
Interestingly enough, though, when I run su DOMAINUSER, after the prompt for the password I get an authentication error. In /var/log/auth.log I can see an entry with pam_ldap: missing "host" in file "/etc/ldap.conf". The SRV records in the DNS servers resolve correctly. I've checked this with nslookup and I have seen the records within my zone file. Obviously if the ldap.conf file is working with getent and the ldap server is resolving from the SRV records, it is working fine.
The interesting part is that the Windows Server 2008 R2 AD machine shows in the event viewer that there was a successful authentication, yet the Ubuntu box says no. When I add the host within the ldap.conf file, everything works...getent and the actual authentication, either initial login or su.
[Code]...
View 1 Replies
View Related
Jan 4, 2010
May I know if there is any tutorial to sync up Fedora DS to ADS?
View 2 Replies
View Related
