Skip to content

Instantly share code, notes, and snippets.

@Aldaviva

Aldaviva/NTLM in Apache httpd.md

Last active October 7, 2021 07:53
Show Gist options
  • Save Aldaviva/faa7170b594a08db5e735cd40f456bf1 to your computer and use it in GitHub Desktop.
Save Aldaviva/faa7170b594a08db5e735cd40f456bf1 to your computer and use it in GitHub Desktop.
Download ZIP
NTLM in Apache httpd
Raw
NTLM in Apache httpd.md

Environment

Pre-Built Binaries

Compilation

Whatever you do, don't download the pre-built binaries from the repo's bin directory because 1) the pre-built binaries are very old (2017) and are missing important fixes for Basic+NTLM, 2) the developers aren't providing new binaries, and 3) the AppVeyor build is either gone or private.

  1. Get a Windows computer.
  2. Install CMake for Windows x64 MSI.
  3. Download and extract Apache 2.4 x64 VC16.
  4. Clone, or download and extract latest source zip, of TQsoft-GmbH/mod_authn_ntlm, either the master branch or a release tag you want.
  5. Download Visual Studio Community 2017
    1. Go to Visual Studio Subscriptions.
    2. Sign in with a free Microsoft account.
    3. If it asks you to enroll for free in Visual Studio Dev Essentials, accept it.
    4. Download "Visual Studio Community 2017 (version 15.9)" x64 multi-language exe.
      • I'm not sure if this would work with Visual Studio 2019 or later. You might need to implement a new generator.
      • You also may be able to get away with only downloading the Build Tools for Visual Studio 2017 (version 15.9), which doesn't include the Visual Studio IDE GUI.
    5. Run the Visual Studio installer.
    6. When the installer asks you to choose workloads, select Desktop Development with C++.
      • You can deselect the following optional components.
        • Just-In-Time Debugger
        • C++ Profiling Tools
        • Test Adapter for Boost.Test
        • Test Adapter for Google Test
      • I left the following components enabled, but I'm not sure if they're strictly required.
        • VC++ 2017 version 15.9
        • Windows 10 SDK
        • Visual C++ tools for CMake
        • Visual C++ ATL for x86 and x64
  6. Follow the build instructions from the repo.
    1. Go to the module repo directory 
      cd mod_authn_ntlm
    2. Generate solution 
      cmake -B ./build-x64 -S ./ -G "Visual Studio 15 2017" -A x64 -T host=x64 -DAPACHE_ROOT="C:\Program Files\Apache24"
    3. Compile 
      cmake --build ./build-x64 --config Release

The generated artifact is build-x64\Release\mod_authn_ntlm.so. Yes, it's an SO file, even though we're on Windows.

Installation

  1. Copy mod_authn_ntlm.so from build-x64\Release to Apache24\modules.

Configuration

Follow the Dependencies, Sample Config, and List of Available Parameters to configure the module.

Example

This is from my server's httpd.conf, where a specific directory is protected by Basic/NTLM authentication over TLS.

LoadModule auth_ntlm_module modules/mod_authn_ntlm.so

<Directory "c:/my/directory">
	SSLRequireSSL
	
	AuthType SSPI
	AuthName "My Realm"
	NTLMAuth On
	NTLMAuthoritative On
	NTLMOfferBasic on
	NTLMOfferNTLM on
	NTLMBasicPreferred off # enabling this would break clients like PowerShell and Office
	NTLMDomain MYDOMAIN
	Require valid-user
</Directory>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment