Purpose

This tutorial explains how to set up an environment so that Windows domain user can access QuickBuild without using password.

Assumptions

1. Windows domain is example.com
2. Windows domain controller server is Windows 2012 R2, and can be accessed via LDAP protocol: ldap://dc.example.com:389
3. QuickBuild server is installed at Ubuntu 3.13.0-40-generic, with DNS name build.example.com

Steps

1. Login to ubuntu server, and make sure below commands work as expected:

   • $ nslookup build.example.com

     This command should return ip address of the ubuntu server

   • $ nslookup <ip address of ubuntu server>

     This command should return build.example.com

   • Make sure build.example.com is the only host record in your DNS pointing to the ubuntu server, and vice versa for the reverse lookup dns records (PTR). Otherwise, single sign-on may not work for some unknown reason.
2. Create a domain user quickbuild in your domain controller, with following options:
   
3. Create another domain user apache with same options as above
4. In domain controller, open powershell as Administrator, and run below command to generate keytab for apache user:

   ktpass -princ HTTP/build.example.com@EXAMPLE.COM -mapuser apache -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass <password of apache user> -out apache.keytab

   The generated apache.keytab will be used later.

5. Login to ubuntu server to configure apache httpd server:
   • Install apache httpd server if it is not already installed:

     sudo apt-get install apache2

   • Install apache kerberos module if it is not already installed:

     sudo apt-get install libapache2-mod-auth-kerb

   • Enable below apache modules:

     sudo a2enmod proxy_http rewrite headers
     

   • Copy file apache.keytab generated above from your domain controller to ubuntu server and place it under directory /etc/apache2, and then run below commands against the file:

     sudo chown www-data apache.keytab
     sudo chgrp www-data apache.keytab
     sudo chmod 600 apache.keytab