Interesting ... saw the SSPI ntlm and that seems the better way to go. Works on both windows and linux apache.
Anyway .... over the holidays I got the samba ntlm one working and made some other MAJOR hacks ....
We run 2 separate domains. One for students and one for teachers.. Unfotunately there is no global catalog. (and I do not have the privs to change this) There is a trust however, so the samba NTLM sees both of them.
The NTLM authentication works well. But I had to shamelessly hack your code so that it does a LDAP lookup on 2 domains to add/authenticate the users.
I did this by having a one to one mapping of the server name, Bind User and Bind Password and DN lookup.
i.e. domain server 1, domain server 2 ......
Bind user 1, bind user 2 .....
Bind password 1, bind password 2 ........
context 1, context 2 ..........
These were just stuck in the existing form separated by a ; as per the norm.
The auth modules then just bind to each of the servers in turn using the supplied bind user name and password, and then does a lookup for the user name in the supplied context.
As moodle is our standard intranet site (home page) ... I did not even check for guest accounts, course creators, automatic enrollments etc etc. In the event of duplicate user names in separate domains, the first one gets used...
I also force them to login before using moodle .. so the moodle login screen is the first to come up. Have not tested for the above ..
A much better solution would be a re-write to ask the user for the domain, but I did not want to get into forms etc etc ....
Am also worried about basic auth off site. .. with look at https .. should not be hard.
Anyway FWIW ... here is my code. I am not very proud of it ... but it is my first go with PHP. For an old FORTRAN hacker .. the semi colons drove me MAD
along with the sloppy variable typing
It is currently working in production ..... but more checking probably required ..
The wiki with the apache conf file is incorrect .. it should be this .. similar to the SSI one.. My bad.
# ----- moodle
<Directory "/d2/website/moodle/">
Options -Indexes MultiViews FollowSymLinks
DirectoryIndex index.php
<Files oncampuslogin.php>
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Files>
</Directory>
Mmm.... recommend turning the basic auth off... I was using FF for testing . can change the username password in the browser
.. am now actived the trusted URI stuff in FF..
BTW. I used the NuSpere PHP IDE and was VERY impressed... with samba mapped drives I was able to leave the source on the server and run in debug mode. Price seems reasonable..... It has a free trial if you are interested.