Trace: » Automatic authentication v0.71 - Debian Etch

Automatic authentication v0.71 - Debian Etch

Article written by emgenet

Introduction

The goal of this tip is to make it possible to the users of GLPI to be able to be identified in the application without having to repair their name of user like their password IF and ONLY IF waiter GLPI is a waiter Debian Etch and the version of minimum GLPI 0.71.

This easy way functions with Apache 2 and GLPI configured with an external authentification with Active Directory. The user must use Internet Explorer.

The configuration on which this handling was validated is this one:

- GLPI: 0.71.1 and AD on W2k3 - Internet Explorer 6sp2 and 7 - Waiter Debian Etch/Apache 2.2.3/PHP 5.2.0/Perl

(Also Functions with GLPI 0.71.2 pennies Ubuntu Server 8.10 (Apache 2.2.9/PHP 5.2.6/Perl 5.10.0) and two AD 2000 and 2003, IE6 and 7 and FF3)

Consequently if you test on another configuration and that functions do not hesitate to supplement.

Small precision, the modifications as well as the code provided in this article are not ego besides some lines thus large a thank you with those which will be recognized, I would quote especially the article of the wiki for configuration on one 0.68 and Suse.

Installation

**Update of the Server**

If you do not have the tools yet below, please install them.

apt-get install make GCC libc6-Dev.

apt-get install libapache2-MOD-perl2

Installation of ntlm on the server

In this distribution (Etch) bookshop libapache2-authenntlm-Perl does not exist yet. The package was however developed on the new distribution (Lenny), you can thus find the package here http://packages.debian.org/en/source/lenny/libapache2-authenntlm-perl then to do one

tar - xvzf libapache2-authenntlm-perl_0.02.orig.tar.gz

to enter the new repository, to make

Perl Makefile.PL

then

make install

To modify your Apache site like below, (/etc/apache2/sites-available/default), while adding between the beacons:

<pre class=“code”>

  PerlModule Apache2:: AuthenNTLM
  <Directory “/var/www/glpi " >
  PerlAuthenHandler Apache2:: AuthenNTLM
  AuthType ntlm, BASIC
  AuthName paipartners
  require valid-to use
  PerlAddVar ntdomain  “@@DOMAIN@@ @@PDC@@ @@BDC@@”
  PerlAddVar ntdomain  “@@DOMAIN2_AU_BESOIN@@ @@PDC2@@ @@BDC2@@”
  PerlSetVar defaultdomain @@DOMAIN@@
  PerlSetVar splitdomainprefix 1
  PerlSetVar ntlmdebug 0
  Ntlmauthoritative PerlSetVar off
  </Directory>

Variables used above:

@@DOMAIN@@: Domain name of your field without the extensions .fr .com etc

@@PDC@@: A controller of field of your infrastructure

@@BDC@@: Another which will be used as help

@@DOMAIN2_AU_BESOIN@@: Domain name of another field if you have others of them, the line is not obligatory.

@@PDC2@@: A controller of field of your second infrastructure

@@BDC2@@: Another which will be used as help

A last point, to check that your cd. are well solved on level IP, if not, not to hesitate to put them in the /etc/hosts file

Configuration of GLPI on line

To connect itself to GLPI with an account having the rights to modify the authentifications.

To go in Configuration/Authentification

To go in the mitre Others

In the 3rd parameter, Others - Activated

On Field of storage of the login in the variable _SERVER, to choose in drop-down list REMOTE_USER

As regard navigator

Internet Explorer

It should well be checked that “To activate the integrated authentication of Windows” in the advanced options of Internet Explorer is well notched. Then to add the site glpi in the zone of confidence Intranet or extranet.

FireFox

to launch a new mitre

to type in the bar of address “butt: config”

in the list, to seek the line “network.automatic-ntlm-auth.trusted-uris”

made a double-click on this line

to add “IP OF WAITER GLPI”

to make OK

With you to play

Here about all that I could gather on this addition of function but so some among you wants to improve the tip then do not hesitate, I am also taking!!!! ^_^