Hello,
I had one problem to correctly configure the SSO on my Red Hat Enterprise 6.6 in using this documentation : https://docs.moodle.org/28/en/NTLM_authentication#Using_the_NTLM_part_of_Samba_for_Apache_on_Linux
I think that could help.
This extract is for Debian :
Check the permissions of the Winbind pipe directory (Ubuntu places it under /var/run/samba/winbindd_privileged, yours may be placed at a different location). Apache will need to be able to enter that directory, so we need to make sure it has the right permissions. So have a look at the permissions of that directory and note the name of the group assigned to it. The following example is from a Ubuntu 7.10 machine:$ ls -ald /var/run/samba/winbindd_privileged drwxr-x--- 2 root winbindd_priv 60 2007-11-17 16:18 /var/run/samba/winbindd_privileged/
- so we see the group is winbindd_priv.
- Instead of modifying the directory permissions (which could break other services that use winbind) we are going to make the Apache user (www-data in our example, but could be httpd, or nobody, etc.) is part of the appropiate group. Execute the following as root:
# adduser www-data winbindd_priv
- adduser is available in Debian and Ubuntu at least. If your distribution doesn't have adduser, you can edit /etc/group manually to achive the same effect.
In my case, for RHEL :
The group winbindd_priv doesn't exist, it's wbpriv, so you can make : usermod -a -G wbpriv ApacheUser (apache in my case)
Directory /var/run/samba/winbindd_privileged doesn't exist too.
I found two equivalent directories : /var/lib/samba/winbindd_privileged and /var/run/winbindd. Because I don't know which one modify, I modify group owner for twice :
chown :wbpriv /var/lib/samba/winbindd_privileged
chown :wbpriv /var/run/winbindd
Then reboot.
Hope, that's help someone.
(Sorry for english mistakes, I'm french)