You are viewing an old version (v. 6) of this page.
The latest version is v. 16, last edited on Dec 04, 2014
(view differences
|
)
<< View previous version | view page history | view next version >>
<< View previous version | view page history | view next version >>
Purpose
This tutorial explains how to set up an environment so that Windows domain user can access QuickBuild without using password.
Assumptions
- Windows domain is example.com
- Windows domain controller server is Windows 2012 R2, and can be accessed via LDAP protocol: ldap://dc.example.com:389
- QuickBuild server is installed at Ubuntu 3.13.0-40-generic, with DNS name build.example.com
Steps
- Login to ubuntu server, and make sure below commands work as expected:
$ nslookup build.example.com
This command should return ip address of the ubuntu server
$ nslookup <ip address of ubuntu server>
This command should return build.example.com
- Make sure build.example.com is the only host record in your DNS pointing to the ubuntu server, and vice versa for the reverse lookup dns records (PTR). Otherwise, single sign-on may not work for some unknown reason.
- Create a domain user quickbuild in your domain controller, with following options:
- Create another domain user apache with same options as above
- In domain controller, open powershell as Administrator, and run below command to generate keytab for apache user:
ktpass -princ HTTP/build.example.com@EXAMPLE.COM -mapuser apache -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass <password of apache user> -out apache.keytab
The generated apache.keytab will be used later.
- Login to ubuntu server to configure apache httpd server:
- Install apache httpd server if it is not already installed:
sudo apt-get install apache2
- Install apache kerberos module if it is not already installed:
sudo apt-get install libapache2-mod-auth-kerb
- Enable below apache modules:
sudo a2enmod proxy_http rewrite headers
- Copy file apache.keytab generated above from your domain controller to ubuntu server and place it under directory /etc/apache2, and then run below commands against the file:
sudo chown www-data apache.keytab sudo chgrp www-data apache.keytab sudo chmod 600 apache.keytab
- Install apache httpd server if it is not already installed: