I can't give too many details about my 9-to-5, they are a conservative company who doesn't like their employees running on at the mouth about their business.
But I manage an intranet, one loaded with php/mysql apps. I also communicate with Oracle, SQL Server, and any other platform out there which allows ADODB connections.
The intranet has to be Active Directory-aware. Most of the apps are locked down to limited access based on group membership.
I have managed to put apache to work on Windows Server 2003 usind mod_sspi_auth. That weaned me from IIS. IIS is designed to work with MS-specific web technologies, and making it play ball with php is like getting a horse to dance. It's possible, but the horse will never dance as well as Gregory Hines.
But let's face it. I'm still subject to the whims of Windows. Updates that mangle customized coding, the occasional system foobar, the need to reboot at least once a month, that all is the sort of thing that causes one to get paged at 3:00 AM.
Thus, I decided to spend some time on building a Linux system and put mod_ntlm_auth to work. The payoff would be freedom from Windows.
I guess you have to be a developer specializing in open-source apps to know just how sweet that feeling would be.
This site gives you the details on what procedure I followed. What follows here are the hurdles that I ran into myself, and how I cleared them.
First of all, a disclaimer. If a pony-tailed geek is a 10, and Steve Ballmer is a 1, I put my Linux knowledge at about a 5.5. I know my way around the command line, and can use vim to edit configs, but have never written a shell script. Sed and awk are just sounds I make when I'm maneuvering through rush-hour traffic. I run Ubuntu at home and at work, but frequently have a terminal window open to run line commands.
I built my first machine, a CentOS 5.2 model, on VMWare. The install went well, except that the iso's didn't read right. I finally used the net install and downloaded everything from a mirror.
My first attempt to join the machine to AD took a few hours, as I finagled my way through kerberos stuff that I had never seen before. I learned that case is very important, there's a huge difference between domain.com and DOMAIN.COM.
Anyhow, I finally got joined up and was able to view lists of AD users and groups via wbinfo.
The problems arose when I tried to serve up locked-down folders through apache. It's like apache was made stupid by the directive to use ntlm_auth to limit visitors. It wouldn't server up an index.html page automatically, it would serve up pages specified through the url, but only in the form of raw html code. PHP was displayed as source code.
I posted on various forums, looking for help. My posts got lots of views, but no responses.
Finally, I trashed the original machine and started over from scratch. My first attempt involved making lots of mistakes, maybe I hosed apache.
This time, it only took a couple of hours to get joined up to AD. But once ntlm was used in apache, it was the exact same result as before.
SO, I tried installing CentOS 4.7. The server iso was self-contained on one disk, it went well.
Only one hour to get all joined up this time. I'm getting better! And...
IT WORKED!
Apparently, there are issues with apache on CentOS5 that have yet to be worked out with the usage of mod_ntlm_auth.
I see the future of my intranet, and it doesn't involve Windows!
If MS continues to act like MS, I'm sure they will throw a monkey wrench into AD at some future point, breaking the existing NTLM abilities that Linux has. But I'm getting geekier by the day, and the wonderful open-source community will act swiftly to make things right.
So bring it on, Ballmer. In the meantime, it's time for my new AD-smart Linux web server to begin a string of consecutive days up and running.
