moving companies : Computers : Programming : Languages : PHP : Installation and Setup : Operating Systems : Windows

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

24 of 39 people (62%) answered Yes
Recently 5 of 10 people (50%) answered Yes

Entry

How can I authenticate against an NT domain?

Jun 18th, 2004 12:21
Rod Munson, Markus Fischer, Markus Fischer, Nathan Wallace, 


On a Linux or *BSD or Sun box, try installing pam_smb. Then add
mod_auth_pam to Apache.
http://www.csn.ul.ie/~airlied/pam_smb/ (Samba not needed)
http://blank.pages.de/pam/
There is also a mod_auth_smb which does not require pam auth,
it is available from 
http://josefine.ben.tuwien.ac.at/~mfischer/developing/mod_auth_smb/ .
If you don't want to bother installing a bunch of dependencies, just use
a system call to smbclient:
// Quick and dirty samba authentication function
// Be sure that the user running apache (usually "apache") has a proper
// entry in /etc/sudoers to run /usr/bin/smbclient without a password
// i.e. NOPASSWD
// EXAMPLE sudoers entry:
// apache localhost=NOPASSWD: /usr/bin/smbclient
function smbauth($user,$pass,$server){
  $command = "echo \"q\" | sudo /usr/bin/smbclient //$server/$user -U
$user%$pass";
  $output = exec($command);
  return $output;
}
The implimentation as shown assumes that Home Directories are working
for samba users.  You could, however, have the auth try to access
whatever share you'd like so you could technically set up rudimentary
"group" auths based on who has access to different shares.
A sucessful login will return NULL, otherwise the function will return
the samba error. $server needs to be an IP address to work correctly on
most platforms.
Be aware that the plaintext password might be accessible to any users on
the machine that is running the php script via the "ps" command.  Might
not be a good idea for multi-user systems.  See the "-A" command line
option of smbclient for a more secure way to pass the auth info.