I have an Apache2 instance running on Ubuntu 18.04 in local intranet and I want to configure NTLM authentication on the instance. I have installed and configured mod_auth_ntlm_winbind usage for user.php like this:
<Directory /var/www/html/>
<Files user.php>
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Files>
</Directory>
user.php itself is
<?php
echo '<h3>NTLM-Auth</h3>';
echo '<b>Username:</b> '.$_SERVER['REMOTE_USER'].'<br />';
echo '<b>Authentication type:</b> '.$_SERVER['AUTH_TYPE'].'<br />';
?>
However, it seems that $_SERVER['REMOTE_USER'] contains only username without domain name.
I tried to set "NTLMOmitDomain off" I found in some commit messages, but it does not seem to work nowadays and it's not even listed anywhere else.
Is there any other way to prevent mod_auth_ntlm_winbind from truncating domain name?
Best Answer
Ok, I've found a solution. The deal is configuration of mod_auth_ntlm_winbind's underlying mechanism, winbind. It is a part of Samba and uses it's config file. In my cases there was option "winbind use default domain" set to "yes". It allows winbind to manage users without domain part of username. After setting "winbind use default domain = no" in /etc/samba/smb.conf everything works fine.