Problem with mod_auth_ntlm_winbind

nils.kloth at hauni.com nils.kloth at hauni.com
Wed Jul 4 16:42:26 GMT 2007


Hello,

I don't get mod_auth_ntlm_winbind working.

I've followed: <http://adldap.sourceforge.net/mod_auth_ntlm_winbind.php> winbindd is running, and ntlm_auth seems to work:
ntlm_auth --username=kloth
password:
NT_STATUS_OK: Success (0x0)

I am using the following apache config:
    <Directory "/srv/www/htdocs/intranet">
	Options +FollowSymLinks -Indexes
	AllowOverride All
	Order 			deny,allow
    	AuthName "HAUNI Intranet Login: Bitte mit dem Windows Benutzernamen und Kennwort anmelden"
	NTLMAuth on
	NegotiateAuth on
	NTLMBasicAuthoritative on
	NTLMAUTHHelper "/usr/bin/ntlm_auth -d10 --diagnostics --helper-protocol=squid-2.5-ntlmssp"
	NegotiateAuthHelper "/usr/bin/ntlm_auth -d10 --diagnostics --helper-protocol=gss-spnego"
	AuthType NTLM
	AuthType Negotiate
	Allow from		149.242.6.0/23
	Allow from		127.0.0.1
	Allow from		149.242.45.72
	Deny from 		all
	Require			valid-user
	Satisfy 		Any
    </Directory>

if i try to open the site via IE6 i got the following error_log output:
Don't mind 
[Wed Jul 04 18:12:25 2007] [debug] mod_auth_ntlm_winbind.c(704): [client 149.242.98.209] Dies ist die Laenge 8192
[Wed Jul 04 18:12:25 2007] [debug] mod_auth_ntlm_winbind.c(737): [client 149.242.98.209] Wir sind hier
these is some additional debuginfo from me.

[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(1021): [client 149.242.98.209] doing ntlm auth dance
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(482): [client 149.242.98.209] Launched ntlm_helper, pid 4986
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(652): [client 149.242.98.209] creating auth user
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(703): [client 149.242.98.209] parsing reply from helper to YR TlRMTVNTUAABAAAAB7IAogUABQAuAAAABgAGACgAAAAFAJMIAAAAD0tQMjk2OEhBVU5J\n
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(704): [client 149.242.98.209] Dies ist die Laenge 8192
[2007/07/04 18:37:24, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got 'YR TlRMTVNTUAABAAAAB7IAogUABQAuAAAABgAGACgAAAAFAJMIAAAAD0tQMjk2OEhBVU5J' from squid (length: 71).
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(763)
  got NTLMSSP packet:
[2007/07/04 18:37:24, 10] lib/util.c:dump_data(2225)
  [000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 07 B2 00 A2  NTLMSSP. ........
  [010] 05 00 05 00 2E 00 00 00  06 00 06 00 28 00 00 00  ........ ....(...
  [020] 05 00 93 08 00 00 00 0F  4B 50 32 39 36 38 48 41  ........ KP2968HA
  [030] 55 4E 49                                          UNI
[2007/07/04 18:37:24, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xa200b207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_56
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(773)
  NTLMSSP challenge
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2075)
  Oversized message
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got '*' from squid (length: 103).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 95).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 808).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(737): [client 149.242.98.209] Wir sind hier
  NTLMSSP query [*] invalidOversized message
ERR
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(743): [client 149.242.98.209] got response: TT TlRMTVNTUAACAAAACgAKADAAAAAFgoGijxIrhqQLjLcAAAAAAAAAAHgAeAA6AAAASABBAFUATgBJAAIACgBIAEEAVQBOAEkAAQAMAEsATABTADAANwA4AAQAIABoAGEAdQBuAGkALgBrAG8AZQByAGIAZQByAC4AZABlAAMALgBrAGwAcwAwADcAOAAuAGgAYQB1AG4AaQAuAGsAbwBlAHIAYgBlAHIALgBkAGUAAAAAAA==
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(757): [client 149.242.98.209] Wir sind hier not null
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2075)
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(411): [client 149.242.98.209] sending back TlRMTVNTUAACAAAACgAKADAAAAAFgoGijxIrhqQLjLcAAAAAAAAAAHgAeAA6AAAASABBAFUATgBJAAIACgBIAEEAVQBOAEkAAQAMAEsATABTADAANwA4AAQAIABoAGEAdQBuAGkALgBrAG8AZQByAGIAZQByAC4AZABlAAMALgBrAGwAcwAwADcAOAAuAGgAYQB1AG4AaQAuAGsAbwBlAHIAYgBlAHIALgBkAGUAAAAAAA==
  Oversized message
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got '' from squid (length: 261).
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2084)
  Invalid Request
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got '*' from squid (length: 111).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot 'Ô*' from squid (length: 15).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [Ô*] invalidGot '*' from squid (length: 15).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 14).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '' from squid (length: 936).
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2084)
  Invalid Request
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got '*' from squid (length: 111).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 7).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 135).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot '*' from squid (length: 136).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [*] invalidGot 'Ô*' from squid (length: 77).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [Ô*] invalidGot '' from squid (length: 57).
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2084)
  Invalid Request
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got 'Ô*' from squid (length: 29).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [Ô*] invalidOversized message
ERR
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2075)
  Oversized message
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got '' from squid (length: 111).
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2084)
  Invalid Request
ERR
[2007/07/04 18:37:24, 2] utils/ntlm_auth.c:manage_squid_request(2075)
  Oversized message
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got 'ÿ' from squid (length: 511).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(692)
  NTLMSSP query [ÿ] invalidOversized message
ERR
[2007/07/04 18:37:24, 10] utils/ntlm_auth.c:manage_squid_request(2081)
  Got 'UUU' from squid (length: 55).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
  NTLMSSP query [UUU] invalidGot 'UUU' from squid (length: 1937).
[2007/07/04 18:37:24, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(1021): [client 149.242.98.209] doing ntlm auth dance
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(484): [client 149.242.98.209] Using existing auth helper 4986
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(703): [client 149.242.98.209] parsing reply from helper to KK TlRMTVNTUAADAAAAGAAYAGgAAAAYABgAgAAAAAoACgBIAAAACgAKAFIAAAAMAAwAXAAAAAAAAACYAAAABYKAogUAkwgAAAAPSABBAFUATgBJAEsATABPAFQASABLAFAAMgA5ADYAOAC5LMOfzAhKStJ/Smr+lEd/4PlspspyOEydyLZrPod3a6iuw8MyiP0MBK+FwHrAPfM=\n
  NTLMSSP query [UUU] invalidOversized message
ERR
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(704): [client 149.242.98.209] Dies ist die Laenge 8192
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(737): [client 149.242.98.209] Wir sind hier
[Wed Jul 04 18:37:24 2007] [debug] mod_auth_ntlm_winbind.c(743): [client 149.242.98.209] got response: BH
[Wed Jul 04 18:37:24 2007] [error] [client 149.242.98.209] (11)Resource temporarily unavailable: failed to parse response from helper

I read a lot of google entries but i don't get it myself. Did anyone have an idea? 

Thank you,
Nils Kloth



More information about the samba-technical mailing list