One does not simply make an intranet php application on an Ubuntu apache server load inside a Sharepoint Web Part with auto-magic Windows/LDAP authentication over NTLM. Okay, it is actually possible.
I figured out the special sauce to get this happening. And, I'm giving you a cohesive and simple Ubuntu based way to magically setup your intranet site. This will use the Integrated Windows Auth in Internet Explorer, Chrome and Firefox on Windows devices. Otherwise, it will fallback to a Basic Auth popup.
Please note: I still hold Microsoft responsible for any headaches you may face or if this doesn't work in your environment. There may be a better way (i.e. you could protect only a single page redirect and still allow manual login from the web app). This is what I could come up within a short time frame. If there is a better way, please share because you care.
You'll need Samba and Winbind.
$ sudo apt-get install samba winbind smbfs
workgroup = WORKGROUP realm = DOMAINNAME security = ADS #if using Active Directory encrypt passwords = true
Restart Samba and Join Active Directory (expect a prompt for Administrator password)
$ sudo restart smbd $ sudo restart nmbd $ sudo net ads join -U Administrator
In /etc/nsswitch.conf (add "winbind" to these lines)
passwd: compat winbind group: compat winbind
Start/Restart Winbind service
$ sudo service winbind start
wbinfo -g wbinfo -u
Add www-data to the group winbindd_priv on Winbind (assuming the apache user is still www-data; also depends on winbind install what the group is called)
$ sudo adduser www-data winbindd_priv
Install the NTLM Winbind module for apache.
$ sudo apt-get install libapache2-mod-auth-ntlm-winbind
Edit the config file for your Apache site (i.e. /etc/apache2/sites-enabled/000-default)
<Directory "/var/www/auth/ldap/"> <Files ntlm.php> NTLMAuth on AuthName "NTLM Authentication" NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user </Files> </Directory>
Enable the NTLM Winbind module for apache.
$ sudo a2enmod auth_ntlm_winbind $ sudo service apache2 restart