[Samba] mod_ntlm_winbind authentication issues

Nathan J. Mehl samba at memory.blank.org
Wed Mar 23 15:40:09 GMT 2005 

Attempting to use mod_ntlm_winbind to provide passthrough
authentication to an apache vhost, I'm running into a problem that I
hope is merely me misunderstanding the proper setup...

The details: 

	serverside:
	freebsd 4.10-p3
	mod_ntlm_winbind.c rev 117 from svn
	samba 3.0.11 from freebsd ports
	apache 1.3.33+mod_ssl from freebsd ports
	Windows 2000 Server SP4

	clientside:
	Windows XP SP2
	IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

The apache virtual host definition:

	<VirtualHost 10.1.1.249:80>
	   ServerName rt-test.elided.com
	   DocumentRoot /usr/local/rt3/share/html
	   AddDefaultCharset UTF-8
	   PerlModule Apache::DBI
	   PerlRequire /usr/local/rt3/bin/webmux.pl
	   <Location />
	     SetHandler perl-script
	     PerlHandler RT::Mason
	     AuthName "NTLM Authentication test"
	     NTLMAuth on
	     NTLMAuthHelper "/usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
	     NTLMBasicAuthoritative on
	     AuthType NTLM
	     require valid-user
	   </Location>
	</VirtualHost>

With this in place, a logged-in user attempting to connect to that
vhost via IE is immediately prompted for a password, with the username
portion of the dialog box filled in as "rt-test.elided.com\username".
This itself is confusing, since presumably IE is supposed to attempt
the initial auth on its own without any user interaction.  At this
point, the apache error log is empty of debug output from
mod_ntlm_winbind.

If the user provides their password, the login fails, and the
following is recorded to the apache error log:

	[Wed Mar 23 10:00:44 2005] [debug] mod_ntlm_winbind.c(522): [client
	10.1.1.71] user not authenticated: NT_STATUS_NO_SUCH_USER

...which is a bit odd, since I can use ntlm_auth on the command line
to verify my own credentials with no problem.

Is it possible to get more verbose debugging output from
mod_ntlm_winbind?  Lacking that, would anyone who has managed to
actually get this working feel like letting me pick their brains?

-n

------------------------------------------------------<memory at blank.org>
It's the little touches that make a future solid enough to be destroyed.
                                                (--William S. Burroughs)
<http://blank.org/memory/>----------------------------------------------

More information about the samba mailing list