Using Samba for HTTP-NTLM-authentication?

Steve Langasek vorlon at
Fri Jul 12 11:57:08 GMT 2002

On Sat, Jul 13, 2002 at 04:47:17AM +0930, Richard Sharpe wrote:
> > Short version:
> > --------------
> > Can anybody tell me if there are hooks in Samba that make it possible 
> > to use it in conjunction with an apache module for HTTP-based 
> > NTLM-authentication?

> > Long version:
> > -------------
> > Internet Explorer can authenticate against a Web-Server using the 
> > so-called NTLM-authentication (see 
> > Despite the fact that the method 
> > is braindead, it is extremely useful for Intranets and seems to be 
> > reliable.

> > The whole thing is based on the authentication used by any SMB client that 
> > connects to a SMB server:
> > - The client connects to the server
> > - The server generates and sends some random bytes (challenge)
> > - The client sends a hash generated from password and challenge

> Do you have a trace of what the client actually sends.

> There has been much discussion about this on this list and on 
> #samba-technical and it may already be possible or close to possible using 
> samba-head based code.

I suspect the biggest problem is integration with Apache, which is not
distributed under a GPL-compatible license. (It contains an advertising
clause and restrictions on use of the 'Apache' name.)  So using code
from Samba directly in an Apache module results in binaries that are not
freely distributable.

But there are only so many ways to do NTLM, at least; as long as Apache
communicates with the samba code through a socket or pipe, I don't
imagine it would be difficult to handle.

I can see about getting a network trace from FrontPage (which gives me
greater control over what the client sends), and forward it to you.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list