Re: [xwiki-users] SSO via NTLM
Hi Thilo I'm a bit late to the party, but I have an addition: Around two years ago we implemented a solution using NTLM / SSO with AD using Jespa (http://www.ioplex.com/) for one of our customers. This solution worked pretty well. The downside of Jespa is, that it is a commercial product, thus it is neither free, nor open, but in my opinion the pricing is reasonable, considering AD is mostly used in larger companies. Hope this helps Edo On Wed, Sep 12, 2012 at 9:21 AM, Schmidt, Thilo (VZ) thilo.schm...@vdek.com wrote: Thanks for the reply and link. It just seems to me that running tomcat, apache, samba, kerberos and winbind on a machine just to run a wiki is a little much, especially considering that I'm new to this unix/server world ;) Of course I'll do that if there isn't another way, i just have a hard time believing that there's no simpler solution to a very basic problem. To clarify: I only need users to log in automatically to the wiki, Checking against the AD would be a bonus, but I could just create the wiki-accounts by hand, as well. Intimidated by this strange world, Thilo Hi Thilo, I worked a lot on this subject these two last days. But I only experimented Kerberos, and Samba/Winbind/NTLM. Why don't you want to install Samba? It's easier to make it work than a Kerberos system (from what I saw). You have to install Samba, configure it, install winbind, bind on a AD domain with an administrator, and finally configure Apache to use this auth. You also need to be sure that your java container won't try to authenticate itself. See: http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication if you haven't found this before. I don't know any other solution without using samba or krb. Good luck! Guillaume Fenollar XWiki SAS 2012/9/11 Schmidt, Thilo (VZ) thilo.schm...@vdek.com Hello, I'm trying to get some kind of NTLM authentication going on my Debian server, but got lost very early. I find mentions of working NTLM solutions in the archives as well as some fixes for an ominous NTLM authenticator (XCONTRIB-84) in Jira. I even found some installation-guide in the sandbox, but there seems to be no jar file. Is there some kind of working NTLM solution without installing kerberos or samba? Thanks in advance, Thilo ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] SSO via NTLM
Hi Thilo, As Guillaume Fenollar says, NTLM will require Microsoft protocols, hence the need for Samba. But if your objective is just to implement single sign on on Linux you can go with other standards: - CAS (more simple) - Kerberos (complicated) You just need to setup a CAS Server (there are open source implementations see http://www.jasig.org/cas) You need an Apache HTTPD CAS module You then can use XWiki's AppServer Trusted Authentication You can probably find a CAS Server that can authenticate on an LDAP Server Ludovic 2012/9/12 Schmidt, Thilo (VZ) thilo.schm...@vdek.com: Thanks for the reply and link. It just seems to me that running tomcat, apache, samba, kerberos and winbind on a machine just to run a wiki is a little much, especially considering that I'm new to this unix/server world ;) Of course I'll do that if there isn't another way, i just have a hard time believing that there's no simpler solution to a very basic problem. To clarify: I only need users to log in automatically to the wiki, Checking against the AD would be a bonus, but I could just create the wiki-accounts by hand, as well. Intimidated by this strange world, Thilo Hi Thilo, I worked a lot on this subject these two last days. But I only experimented Kerberos, and Samba/Winbind/NTLM. Why don't you want to install Samba? It's easier to make it work than a Kerberos system (from what I saw). You have to install Samba, configure it, install winbind, bind on a AD domain with an administrator, and finally configure Apache to use this auth. You also need to be sure that your java container won't try to authenticate itself. See: http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication if you haven't found this before. I don't know any other solution without using samba or krb. Good luck! Guillaume Fenollar XWiki SAS 2012/9/11 Schmidt, Thilo (VZ) thilo.schm...@vdek.com Hello, I'm trying to get some kind of NTLM authentication going on my Debian server, but got lost very early. I find mentions of working NTLM solutions in the archives as well as some fixes for an ominous NTLM authenticator (XCONTRIB-84) in Jira. I even found some installation-guide in the sandbox, but there seems to be no jar file. Is there some kind of working NTLM solution without installing kerberos or samba? Thanks in advance, Thilo ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users -- Ludovic Dubost Founder and CEO Blog: http://blog.ludovic.org/ XWiki: http://www.xwiki.com Skype: ldubost GTalk: ldubost ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] SSO via NTLM
Thanks for the reply and link. It just seems to me that running tomcat, apache, samba, kerberos and winbind on a machine just to run a wiki is a little much, especially considering that I'm new to this unix/server world ;) Of course I'll do that if there isn't another way, i just have a hard time believing that there's no simpler solution to a very basic problem. To clarify: I only need users to log in automatically to the wiki, Checking against the AD would be a bonus, but I could just create the wiki-accounts by hand, as well. Intimidated by this strange world, Thilo Hi Thilo, I worked a lot on this subject these two last days. But I only experimented Kerberos, and Samba/Winbind/NTLM. Why don't you want to install Samba? It's easier to make it work than a Kerberos system (from what I saw). You have to install Samba, configure it, install winbind, bind on a AD domain with an administrator, and finally configure Apache to use this auth. You also need to be sure that your java container won't try to authenticate itself. See: http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication if you haven't found this before. I don't know any other solution without using samba or krb. Good luck! Guillaume Fenollar XWiki SAS 2012/9/11 Schmidt, Thilo (VZ) thilo.schm...@vdek.com Hello, I'm trying to get some kind of NTLM authentication going on my Debian server, but got lost very early. I find mentions of working NTLM solutions in the archives as well as some fixes for an ominous NTLM authenticator (XCONTRIB-84) in Jira. I even found some installation-guide in the sandbox, but there seems to be no jar file. Is there some kind of working NTLM solution without installing kerberos or samba? Thanks in advance, Thilo ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] SSO via NTLM
Hello, I'm trying to get some kind of NTLM authentication going on my Debian server, but got lost very early. I find mentions of working NTLM solutions in the archives as well as some fixes for an ominous NTLM authenticator (XCONTRIB-84) in Jira. I even found some installation-guide in the sandbox, but there seems to be no jar file. Is there some kind of working NTLM solution without installing kerberos or samba? Thanks in advance, Thilo ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] SSO via NTLM
Hi Thilo, I worked a lot on this subject these two last days. But I only experimented Kerberos, and Samba/Winbind/NTLM. Why don't you want to install Samba? It's easier to make it work than a Kerberos system (from what I saw). You have to install Samba, configure it, install winbind, bind on a AD domain with an administrator, and finally configure Apache to use this auth. You also need to be sure that your java container won't try to authenticate itself. See: http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication if you haven't found this before. I don't know any other solution without using samba or krb. Good luck! Guillaume Fenollar XWiki SAS 2012/9/11 Schmidt, Thilo (VZ) thilo.schm...@vdek.com Hello, I'm trying to get some kind of NTLM authentication going on my Debian server, but got lost very early. I find mentions of working NTLM solutions in the archives as well as some fixes for an ominous NTLM authenticator (XCONTRIB-84) in Jira. I even found some installation-guide in the sandbox, but there seems to be no jar file. Is there some kind of working NTLM solution without installing kerberos or samba? Thanks in advance, Thilo ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users