Using Samba for HTTP-NTLM-authentication?

Andrew Bartlett abartlet at
Sat Jul 13 02:32:01 GMT 2002

Johann Hanne wrote:
> > Basically there are hooks in winbindd (through the AUTH_CRAP command) to
> > authenticate using a challenge and nt/lm responses.
> Wow. Thanks for that hint. I have patched rh73's samba-2.2.3a to include
> the winbind crap stuff and now have a wbinfo -a with both plaintext
> password authentication and challenge/response password authentication
> working.
> I already had a look at wbinfo.c and it seems trivial to me to modify
> wbinfo_auth_crap() so that it works in an apache module. I'll try to
> rewrite it so we don't run into another GPL violation. Expect results
> early next week.

No need for that.  Just download the mod_ntlm_winbind CVS module from (CVSWEB link: ) and fix it up
for the current protocol.

If you are just doing plaintext (that is, the client at the far end
sends you a plaintext password, not a NTLMSSP challange-response
password) then just use pam_winbind the mod_auth_pam.  That will allow
you use a much more stable interface, as we do change the winbind pipe
from time to time.

I think that kinkie actually got the mod_ntlm_winbind update done, but
I'll need to catch up with him on it.  (CC'ed).

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list