[Samba] NTLM and Samba domain - problem with (non-local) logons.

Pawel Sawicki pawel.sawicki at pawel-sawicki.com
Wed Dec 7 12:00:15 GMT 2005


I have a quite strange issue with the Samba based NT domain that I administer.
I've triet to search for the solution but none of the information that I had
found seemed to work.

The trouble is that I can't manage to setup a ntlm based authentication. It
applies to both linux and w32 architectures. In the latter case I achieve
some level of usability - I can login locally. If I try to access the page
from a remote computer I receive the usual "Basic" authentication popup.

Samba is configured to keep all the information in a LDAP backend. Apart
from the NTLM everything else works rather ok.

Things that do function:

1. Local testing.

[root@?~]# read -s PASSWORD
[root@?~]# ntlm_auth --username=manthios --password=$PASSWORD
NT_STATUS_OK: Success (0x0)

2. w32-apache + mod_auth_sspi - LOCAL

As I mentioned before I'm able to authenticate to a ntlm-protected resource if
and only if I login from the same machine the site is running on. If I try to
access the ntlm-protected page from a different computer I get the Basic auth

Things that do not work:

1. NTLM on Apache in the Linux environment

No matter whether I try to use mod_ntlm (both original and patched) or
Apache2::AuthenNTLM I can't force it to work properly with the MSIE on domain

2. Remote authentication with mod_auth_sspi

If I try to login remotely to a ntlm-protected area I get the basic
authentication window.

Does anyone know what could be the reason of such a misbehaviour?

Thanks in advance for any sort of help - even RTFM will do :)

Best regards,
Pawel Sawicki

More information about the samba mailing list