Now for the exciting conclusion of our three-part series on installing Trac on a 64-bit server running CentOS 6.3. In part 1 I installed some prerequisite software and Trac itself. In part 2, I installed and configured Apache as a front end to Trac. In part 3, I will configure Trac to use an Active Directory domain for authentication.
First a few notes about the server we are targeting. The server already has Samba installed and has been joined to the Active Directory domain. Users can log into the machine using their Active Directory accounts.
With that out of the way, we are ready to install mod_auth_ntlm_winbind for authentication. A big hat tip to the folks at http://www.geeklab.info/ for doing a lot of the heqavy lifting for me. See http://www.geeklab.info/2011/08/install-mod_auth_ntlm_winbind-on-centos-6-0/ for their excellent write up.
We need a few prerequisites:
yum install httpd-devel gcc autoconf
Processes that wish to use Samba and winbind for authentication need access to the /var/lib/samba/winbindd_privileged/ directory. The simplest solution to allow that access, is to add user apache to the group wbpriv:
usermod -G wbpriv apache
Furthermore we need to let the SELinux security infrastructure know that Apache is allowed to authenticate via winbind:
setsebool -P allow_httpd_mod_auth_ntlm_winbind on
There are no prebuilt binaries for mod_aut_ntln_winbind so we will need to download and compile it ourselves:
svn co svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind cd mod_auth_ntlm_winbind/ autoconf ./configure apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c
Now the interesting part, configuring Apache. Make the following changes to /etc/httpd/conf/httpd.conf:
LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so KeepAlive On MaxKeepAliveRequests 1000 KeepAliveTimeout 600
Also add the following to /etc/httpd/conf.d/myproject.mydomain.tld.conf (if you have forgotten, this is the configuration file we created in part 2 to configure the virtual server for Trac):
<Location /login> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Change to something meaningful" AuthType NTLM Require valid-user NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on </Location>
All that is left is to restart Apache and you are good to go.
Your server is now all set up with Trac and configured in a manner that will easily allow you to add additional instances:
- Initialize another Trac instance.
- Copy (and edit) the /etc/httpd/conf.d/myproject.mydomain.tld.conf file.
- Make a new directory under /var/www for the new virtual server
- Export Trac resources using trac-admin deploy and copy them to the new web root.