One does not simply make an intranet php application on an Ubuntu based Apache server load inside a Sharepoint Web Part with auto-magic Windows/LDAP authentication over NTLM. Okay... It is actually possible.
I figured out the special sauce to get this happening. And, I'm giving you a cohesive and simple Ubuntu based way to magically setup your intranet site. This will use the Integrated Windows Auth in Internet Explorer, Chrome and Firefox on Windows devices. Otherwise, it will fallback to a Basic Auth popup.
Please note: I still hold Microsoft responsible for any headaches you may face or if this doesn't work in your environment. There may be a better way (i.e. you could protect only a single page redirect and still allow manual login from the web app). This is what I could come up within a short time frame. If there is a better way, please share because you care.
Step 1:
You'll need Samba and Winbind.
$ sudo apt-get install samba winbind smbfs
In /etc/samba/smb.conf
workgroup = WORKGROUP
realm = DOMAINNAME
security = ADS #if using Active Directory
encrypt passwords = true
Restart Samba and Join Active Directory (expect a prompt for Administrator password)
$ sudo restart smbd
$ sudo restart nmbd
$ sudo net ads join -U Administrator
Step 2:
In /etc/nsswitch.conf (add "winbind" to these lines)
passwd: compat winbind
group: compat winbind
Start/Restart Winbind service
$ sudo service winbind start
Test Winbind
wbinfo -g
wbinfo -u
Add www-data to the group winbindd_priv on Winbind (assuming the apache user is still www-data; also depends on winbind install what the group is called)
$ sudo adduser www-data winbindd_priv
Step 3:
Install the NTLM Winbind module for apache.
$ sudo apt-get install libapache2-mod-auth-ntlm-winbind
Edit the config file for your Apache site (i.e. /etc/apache2/sites-enabled/000-default)
<Directory "/var/www/auth/ldap/">
<Files ntlm.php>
NTLMAuth on
AuthName "NTLM Authentication"
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Files>
</Directory>
Enable the NTLM Winbind module for apache.
$ sudo a2enmod auth_ntlm_winbind
$ sudo service apache2 restart