NTLM Authorization

Course description
About the System
Managing Users
- User Groups
- Users
- How to Restore Password for Administrator
- Importing Users
  - Importing from a CSV File
  - Import from LDAP Directory
Access permissions
- Access Levels
- Module access
- Access to content
- Controlling access to files and folders
- Administrator access permission roles
Using system tools
AD/LDAP
- Module functions
- How the module functions
- Module configuration
- Adding users to departments on an AD server
- Registering a server
- NTLM Authorization
- Importing Users from LDAP Diectory
Blogs
- Managing Blog Groups
- Creating Employee and Workgroup Blogs
- The Public Interface of Blogs
Business Processes
- Types of Business Processes
- Typical Business Processes
- Configuring the Information Blocks to support Business Processes
- Configuration for Organizational Business Processes
- Using Business Processes
Business Process Designer
- Visual Modeler
- Business Process Templates
- Actions
Common Lists
- Creating the User Interface
- Using the Lists
Currencies
- Currencies
- Currency exchange rates
- Examples of using currencies
Document Library
- General Overview
- Document Library Creation Wizard
- Document Operations in a Web Browser
- Using the Document Library in Windows
- Folder Mapping Issues in Windows
e-Learning
- Basic notions
- Creating lessons and tests
- Publishing a training course
  - Publishing a training course
Extranet
- Introduction
- Intranet user vs Extranet user
- Installing And Configuring The Module And The Extranet Website
- Module Configuration
- Access Permissions For Extranet Users
- Public Employees
- The Extranet Module Gadgets
Forum
- Managing the Forums
- Showing Forums in the Public Section
- Using Forums in the Public Section
Helpdesk
- Setting up your helpedesk service
- Dictionaries
- SLA
- How to assign the ticket duty
- Submitting tickets to tech support via e-mail
- Functions available in the public section
  - Using public interface
  - Creating public interface
- Administration interface
Information Blocks
- Basic notions
- Typical Operations
- Extra features
Intranet
- Company Structure
- Finding Users
- The Staff Changes
- Absence Chart
- Honored Employees
- Birthdays
Mail
- E-mail accounts
- Messages
- Rules
- Mail log
- Example of creating a mailbox
Performance Monitor
- Module Settings
- Public Interface
- The Module’s Control Panel Forms
- Identifying Weak Points In Your Website
- Troubleshooting Minor Performance Issues
Photo Gallery
- Main Principles
- Sample Applications
Polls and surveys
- Polls and surveys
- Sample uses
Proactive Protection
- Basic notions
- Standard security level
- High security level
- Highest security level
- Stop list
Push and Pull
Scalability
- Scalability Panel
- Load chart
- VPS Orders
Search
- Main Concepts
- Site indexing
- Morphological search
- Ranking Rules
- Logical operators
- Document Search Setup
- Sphinx search set up
Social Network
- Module Settings
- Managing Group Topics
- The User Profile Page
- Creating a Workgroup
Technical Support
- Creating a Helpdesk Wizard
- The Wizard Public Interface
Telephony
- Balance and Statistics
- Phone Numbers
- Telephony Users
- SIP Phones
  - Examples of telephone settings
  - Example of softphone set up
- Other Settings
- VoxImplant Integration
- Office PBX Set Up
  - Setting up FreePBX
- Setting Up a Cloud hosted PBX
Web forms
- Main features and functions
- Managing web forms
- Sample operations
XMPP Server
- XMPP Server Setup
- XMPP Server Management
- XMPP Client Applications
Multiple Divisions
External data import to Activity Stream

Views: 10239
Last Modified: 10.10.2012

The system supports NTLM authorization by default by including the mod_auth_sspi module in the Apache web server installation. If you do not use Bitrix Environment, or NTLM authorization does not function correctly or at all, do the following.

Ensure that mod_auth_sspi is installed.
a. If you’re using Bitrix Environment, this module is installed by default. Make sure the following lines exist in .htaccess:
```
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On 
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user
```
If they are commented out, uncomment them. If you cannot find these directives at all, add them to .htaccess.

b. If you are not using Bitrix Environment, download the mod_auth_sspi module here and put it to the /apache/modules/ directory.

Add the following line to the httpd.conf file:
```
LoadModule sspi_auth_module modules/mod_auth_sspi.so
```
Add these lines to .htaccess:
```
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On 
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user
```
Use phpinfo to find the value of the $_SERVER['REMOTE_USER'] variable. Set the “NTLM Authorization Domain” parameter to this value in the AD/LDAP server settings.
Another way to get the REMOTE_USER value is to create a page containing a single line:
```
<? echo $_SERVER['REMOTE_USER']; ?>
```
and open it in a web browser.
Check the AD/LDAP module settings: NTLM authorization should be enabled (the "Use NTLM authorization" parameter).
Finally, open Control Panel > Settings > AD/LDAP and make sure the AD/LDAP server parameters are correct.

Accessing Extranet without NTLM

To enable access to the /extranet/ folder without NTLM authorization:

Add the following lines to .htaccess:

AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIPackage NTLM
SSPIDomain MYDOMAIN
SSPIPerRequestAuth On
SSPIAuthoritative On
SSPIOfferBasic On
Require valid-user

Add the line to /extranet/.htaccess and /bitrix/.htaccess:
```
Satisfy any
```
Add the line to /bitrix/admin/.htaccess:
```
Satisfy all
```

These directives will set all the public section folders and Control Panel pages to require authorization via NTLM, except for the /extranet/ folder.

Courses developed by «Bitrix», Inc.

Course description

prevRegistering a server Back to top ↑ Importing Users from LDAP Diectorynext