apt install build-essential libpcre3-dev libssl-dev apt install libkrb5-dev updatedb locate gssapi.h
git clone https://github.com/stnoonan/spnego-http-auth-nginx-module.git wget http://nginx.org/download/nginx-1.13.9.tar.gz tar xzf nginx-1.13.9.tar.gz cd nginx-1.13.9 ./configure --with-http_ssl_module --add-module=../spnego-http-auth-nginx-module make make install
on the Samba4 host,
samba-tool user add ldap-service samba-tool user setexpiry ldap-service --noexpiry samba-tool domain exportkeytab /etc/nslcd.keytab --principal=ldap-service scp /etc/nslcd.keytab domain-member1:/etc/nslcd.keytab scp /etc/nslcd.keytab domain-member2:/etc/nslcd.keytab
and back to the member hosts, check that the file permissions are root.root/600
,
ls -lhF /etc/nslcd.keytab
ref. https://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/
location / { auth_gss on; auth_gss_keytab /etc/nslcd.keytab; #auth_gss_realm EXAMPLE.LOCAL; root html; index index.html index.htm; }
vi /etc/rc.local #!/bin/bash echo -n Starting NGINX+SPNEGO... /usr/local/nginx/sbin/nginx && echo \ Done chmod +x /etc/rc.local
to reload,
/usr/local/nginx/sbin/nginx -s reload