NTLM Authorization

Course: Bitrix24 Self-hosted For Advanced Users

About the System
Managing Users
- User Groups
- Users
- How to Restore Password for Administrator
- Importing Users
  - Importing from a CSV File
  - Import from LDAP Directory
Access permissions
- Access Levels
- Module access
- Access to content
- Controlling access to files and folders
- Administrator role access permissions
Using system tools
AD/LDAP
- Module functions
- How the module functions
- Module configuration
- Adding users to departments on an AD server
- Registering a server
- NTLM Authorization
- Importing Users from LDAP Diectory
Blogs
- Managing Blog Groups
- Creating Employee and Workgroup Blogs
- The Public Interface of Blogs
Business Processes
- Types of Business Processes
- Typical Business Processes
- Configuring the Information Blocks to support Business Processes
- Configuration for Organizational Business Processes
- Using Business Processes
Business Process Designer
- Visual Modeler
- Business Process Templates
- Actions
  - Document Processing
  - Constructions
  - Notifications
  - Other
  - My Actions
  - CRM
Common Lists
- Creating the User Interface
- Using the Lists
Currencies
- Currencies
- Currency exchange rates
- Examples of using currencies
Document Library
- General Overview
- Document Library Creation Wizard
- Document Operations in a Web Browser
- Using the Document Library in Windows
- Folder Mapping Issues in Windows
e-Learning
- Basic notions
- Creating lessons and tests
- Publishing a training course
  - Publishing a training course
Extranet
- Introduction
- Intranet user vs Extranet user
- Installing And Configuring The Module And The Extranet Website
- Module Configuration
- Access Permissions For Extranet Users
- Public Employees
- The Extranet Module Gadgets
Forum
- Managing the Forums
- Showing Forums in the Public Section
- Using Forums in the Public Section
Helpdesk
- Setting up your helpedesk service
- Dictionaries
- SLA
- How to assign the ticket duty
- Submitting tickets to tech support via e-mail
- Functions available in the public section
  - Using public interface
  - Creating public interface
- Administration interface
Information Blocks
- Basic notions
- Typical Operations
- Extra features
Intranet
- Company Structure
- Finding Users
- The Staff Changes
- Absence Chart
- Honored Employees
- Birthdays
Mail
- E-mail accounts
- Messages
- Rules
- Mail log
- Example of creating a mailbox
Performance Monitor
- Module Settings
- Public Interface
- The Module’s Control Panel Forms
- Identifying Weak Points In Your Website
- Troubleshooting Minor Performance Issues
Photo Gallery
- Main Principles
- Sample Applications
Polls and surveys
- Polls and surveys
- Sample uses
Proactive Protection
- Basic notions
- Standard security level
- High security level
- Highest security level
- Stop list
Push and Pull
- Push & Pull scope of application
- Push server operational basis
- Queue server versions
- Configuring P&P module and queue server
- Upgrade from Bitrix Push server 1.0 to Bitrix Push server 2.0
- Upgrade from Nginx-PushStreamModule to Bitrix Push server 2.0
- Using separate queue server
- Push server setup and start at the 3rd-party environment
Scalability
- Scalability Panel
- Load chart
- VPS Orders
Search
- Main Concepts
- Site indexing
- Morphological search
- Ranking Rules
- Logical operators
- Document Search Setup
  - Adding new formats
  - Setting Up Web Environment with PHP Version below 5.2.6
  - Search of MS Office documents of earlier versions
    - Checking for Catdoc Installation
    - Installation of the Catdoc Package
- Sphinx search set up
Social Network
- Module Settings
- Managing Group Topics
- The User Profile Page
- Creating a Workgroup
Technical Support
- Creating a Helpdesk Wizard
- The Wizard Public Interface
Telephony
- Balance and Statistics
- Phone Numbers
- Telephony Users
- SIP Phones
  - Examples of telephone settings
  - Example of softphone set up
- Other Settings
- VoxImplant Integration
- Office PBX Set Up
  - Setting up FreePBX
- Setting Up a Cloud hosted PBX
Web forms
- Main features and functions
- Managing web forms
- Sample operations
XMPP Server
- XMPP Server Setup
- XMPP Server Management
- XMPP Client Applications
Multiple Divisions
External data import to Activity Stream

AD/LDAP

The system supports NTLM authorization by default by including the mod_auth_sspi module in the Apache web server installation. If you do not use Bitrix Environment, or NTLM authorization does not function correctly or at all, do the following.

Ensure that mod_auth_sspi is installed.
a. If you’re using Bitrix Environment, this module is installed by default. Make sure the following lines exist in .htaccess:
```
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On 
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user
```
If they are commented out, uncomment them. If you cannot find these directives at all, add them to .htaccess.

b. If you are not using Bitrix Environment, download the mod_auth_sspi module here and put it to the /apache/modules/ directory.

Add the following line to the httpd.conf file:
```
LoadModule sspi_auth_module modules/mod_auth_sspi.so
```
Add these lines to .htaccess:
```
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On 
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user
```
Use phpinfo to find the value of the $_SERVER['REMOTE_USER'] variable. Set the “NTLM Authorization Domain” parameter to this value in the AD/LDAP server settings.
Another way to get the REMOTE_USER value is to create a page containing a single line:
```
<? echo $_SERVER['REMOTE_USER']; ?>
```
and open it in a web browser.
Check the AD/LDAP module settings: NTLM authorization should be enabled (the "Use NTLM authorization" parameter).
Finally, open Control Panel > Settings > AD/LDAP and make sure the AD/LDAP server parameters are correct.

Accessing Extranet without NTLM

To enable access to the /extranet/ folder without NTLM authorization:

Add the following lines to .htaccess:

AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user

Add the line to /extranet/.htaccess and /bitrix/.htaccess:
```
Satisfy any
```
Add the line to /bitrix/admin/.htaccess:
```
Satisfy all
```

These directives will set all the public section folders and Control Panel pages to require authorization via NTLM, except for the /extranet/ folder.

Course: Bitrix24 Self-hosted For Advanced Users

About the System

Using system tools

Multiple Divisions

External data import to Activity Stream

NTLM Authorization

Accessing Extranet without NTLM

Feedback

Thank you for your feedback!

How can we do better?

Thank you for your feedback!

About the System

Managing Users

User Groups

Users

How to Restore Password for Administrator

Importing Users

Importing from a CSV File

Import from LDAP Directory

Access permissions

Access Levels

Module access

Access to content

Controlling access to files and folders

Administrator role access permissions

Using system tools

AD/LDAP

Module functions

How the module functions

Module configuration

Adding users to departments on an AD server

Registering a server

NTLM Authorization

Importing Users from LDAP Diectory

Blogs

Managing Blog Groups

Creating Employee and Workgroup Blogs

The Public Interface of Blogs

Business Processes

Types of Business Processes

Typical Business Processes

Configuring the Information Blocks to support Business Processes

Configuration for Organizational Business Processes

Using Business Processes

Business Process Designer

Visual Modeler

Business Process Templates

Setting the Template Parameters

Creating a Sequential Business Process Template

Creating a Status Driven Business Process Template

Using the Template Parameters

Export and Import

Actions

Document Processing

Approve Document

Publishing on controlled sites

Create new company

Create new contact

Create new deal

Create new lead

New Document

Add CRM event

Delete Document

Lock Document

Publish Document

Additional Information

Read document

Save History

Modify Document

Unlock Document

Revoke Document

Constructions

Wait for Event

Condition

Listening for Parallel Event

Parallel Execution

Status

While Loop

Notifications

Absence Chart

Calendar

Calendar event

User notification

Email message

Set State Name

Task

Robocall

Social Network message notification

Manager supervisor notification

Other

PHP Code