How-to: Transparent NTLM authorization on the corporate portal
Hello to the Habrasoobschestvu.
I would like to dedicate this topic to the corporate portal from Bitrix version 14, or rather how to make friends with it with the domain structure.
It all started with the fact that we decided to implement a corporate portal in the organization (employees, phone book, birthday calendar) and a system of applications to the IT department. Having tried GLPI and Request Tracker as a system of applications, we realized that it was too cumbersome for us. Ryskaya across the expanses of the network in search of other such systems came across the module "Tech. Support "in the product from the company Bitrix, well, actually I decided to try to kill two birds with one stone and organize the applications and the corporate portal.
Having put the system I wanted to organize transparent authorization on the portal under domain accounts and here the problems started ... There are quite a lot of documentation and articles on their website, but the trouble is that it is all stored in one heap and it is not clear what version it is. From the first time I didn’t manage to configure NTLM myself, the authorization was more precise, but after the portal I requested another local account / password. After asking a question on the Bitrix forum, I did not get an answer, but I found several other people with the same problem. Do not calm down decided to dig himself.
As a result, I share with all how-to settings KP for BitrixVM and IIS 7.
Organization Domain: company.ru
Domain machine name KP: intranet.company.ru
After downloading and running the image, go to the ssh machine and see the menu.
Selecting 15, we enter the computer into the domain:
We check that the computer was successfully entered into the domain with the command:
On your computer, open the browser and go to http on intranet.company.ru
We make installation of that edition which is necessary. Next, make the installation as in the pictures:
Note: A Bitrix user has been created in AD with domain user rights. After entering all the information, click to check and automatically fill in the "Root of the tree".
')
After the installation is complete, we get to the portal we created. Go to the tab "Administration" and configure NTLM authorization in the following places:
Settings -> AD / LDAP;
Settings -> Product Settings -> Module Settings -> Main Module;
Settings -> Product Settings -> Module Settings -> AD / LDAP Integration.
Note: Domain for NTLM authorization must be the company (without .ru).
Add the address of our corporate portal to the Intranet security zone. It is better to do it immediately for all through group policy.
After all these actions, the user entering the corporate portal automatically logs in to it.
With the IIS server, everything is the same, except for the fact that you must first prepare it. How to do this will prompt Yandex for the phrase "Installing and configuring IIS + PHP + MySQL."
The only thing you need is to tweak the PHP module a little and add the extension “php_ldap.dll” for it, allow domain authorization and configure the necessary ports on the site (at least 80 and 8890).
I would like to dedicate this topic to the corporate portal from Bitrix version 14, or rather how to make friends with it with the domain structure.
Introduction
It all started with the fact that we decided to implement a corporate portal in the organization (employees, phone book, birthday calendar) and a system of applications to the IT department. Having tried GLPI and Request Tracker as a system of applications, we realized that it was too cumbersome for us. Ryskaya across the expanses of the network in search of other such systems came across the module "Tech. Support "in the product from the company Bitrix, well, actually I decided to try to kill two birds with one stone and organize the applications and the corporate portal.
Having put the system I wanted to organize transparent authorization on the portal under domain accounts and here the problems started ... There are quite a lot of documentation and articles on their website, but the trouble is that it is all stored in one heap and it is not clear what version it is. From the first time I didn’t manage to configure NTLM myself, the authorization was more precise, but after the portal I requested another local account / password. After asking a question on the Bitrix forum, I did not get an answer, but I found several other people with the same problem. Do not calm down decided to dig himself.
As a result, I share with all how-to settings KP for BitrixVM and IIS 7.
Input data:
Organization Domain: company.ru
Domain machine name KP: intranet.company.ru
BitrixVM
After downloading and running the image, go to the ssh machine and see the menu.
Selecting 15, we enter the computer into the domain:
Netbios domain name: COMPANY Full domain name: COMPANY.RU Domain password server ( ): DC.COMPANY.RU Server netbios name: INTRANET Domain administrator user name: admin We check that the computer was successfully entered into the domain with the command:
net ads testjoin On your computer, open the browser and go to http on intranet.company.ru
We make installation of that edition which is necessary. Next, make the installation as in the pictures:
Picture to help
Note: A Bitrix user has been created in AD with domain user rights. After entering all the information, click to check and automatically fill in the "Root of the tree".
')
After the installation is complete, we get to the portal we created. Go to the tab "Administration" and configure NTLM authorization in the following places:
Settings -> AD / LDAP;
Settings -> Product Settings -> Module Settings -> Main Module;
Settings -> Product Settings -> Module Settings -> AD / LDAP Integration.
Picture to help
Note: Domain for NTLM authorization must be the company (without .ru).
Add the address of our corporate portal to the Intranet security zone. It is better to do it immediately for all through group policy.
After all these actions, the user entering the corporate portal automatically logs in to it.
IIS
With the IIS server, everything is the same, except for the fact that you must first prepare it. How to do this will prompt Yandex for the phrase "Installing and configuring IIS + PHP + MySQL."
The only thing you need is to tweak the PHP module a little and add the extension “php_ldap.dll” for it, allow domain authorization and configure the necessary ports on the site (at least 80 and 8890).
Picture to help
Source: https://habr.com/ru/post/207086/
All Articles