Would you like to learn how to configure the Nginx service Kerberos authentication on Active Directory? In this tutorial, we are going to show you how to authenticate Nginx users using the Active Directory from Microsoft Windows and the Kerberos protocol.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• Nginx 1.18.0

In our example, the domain controller IP address is 192.168.15.10.

In our example, the Nginx server IP address is 192.168.15.11.

Equipment list

The following section presents the list of equipment used to create this tutorial.

As an Amazon Associate, I earn from qualifying purchases.

Tutorial Windows - Domain Account Creation

• IP - 192.168.15.10
• Operacional System - WINDOWS 2012 R2
• Hostname - TECH-DC01

We need to create at least 1 account on the Active Directory database.

The ADMIN account will be used to login on the Nginx server.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: kamisama123..

This account will be used to authenticate on the Nginx server.

active directory admin accountzabbix active directory admin properties

Congratulations, you have created the required Active Directory account.

Nginx - Kerberos authentication on the Active Directory

• IP - 192.168.15.11
• Operational System - Ubuntu 20
• Hostname - NGINX

Set a hostname using the HOSTNAMECTL command.

Copy to Clipboard

Edit the HOSTS configuration file.

Copy to Clipboard

Add the domain controller IP address and hostname.

Copy to Clipboard

Install the list of required packages to enable the Kerberos authentication.

Copy to Clipboard

On the Graphic installation, perform the following configuration:

• Kerberos realm - TECH.LOCAL
• Kerberos server - TECH-DC01.TECH.LOCAL
• Administrative server - TECH-DC01.TECH.LOCAL

You need to change the domain information to reflect your Network environment.

Edit the Kerberos configuration file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

You need to change the domain information to reflect your Network environment.

You have finished the required Kerberos configuration.

Nginx - Kerberos authentication

Install the Nginx server and the required packages.

Copy to Clipboard

In our example, we are going to request authentication to users trying to access a directory named TEST.

Create a directory named TEST and give the user named www-data permission over this directory.

Copy to Clipboard

Configure the Nginx server to request the PAM authentication to users trying to access this directory.

Edit the Nginx configuration file for the default website.

Copy to Clipboard

Add the following configuration to this file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

The Nginx server was configured to request password authentication to access the directory named TEST.

The Nginx service was configured to authenticate user accounts using the PAM authentication module.

Create the PAM configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

In our example, we are going to authenticate the Nginx service access using Kerberos.

Restart the Nginx service.

Copy to Clipboard

Congratulations! You successfully configured the Nginx authentication to use Kerberos.

Nginx - Keberos authentication test

Create an HTML page to be used in the authentication test.

Copy to Clipboard

In our example, we created an HTML page named TEST.

Open your browser and enter the IP address of your Nginx web server.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11

The Nginx default page will be displayed.

nginx welcome

Open your browser and enter the IP address of your web server plus /test.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11/test/test.html

On the login screen, Enter an Active Directory username and its password.

• Username: admin
• Password: kamisama123..

Apache login form

After a successful login, you will be authorized to access the directory named TEST.

Nginx authentication test

Congratulations! You have configured the Kerberos authentication on the Nginx server.