[Samba] mod_ntlm_winbind authentication issues
Nathan J. Mehl
samba at memory.blank.org
Wed Mar 23 15:40:09 GMT 2005
Attempting to use mod_ntlm_winbind to provide passthrough
authentication to an apache vhost, I'm running into a problem that I
hope is merely me misunderstanding the proper setup...
The details:
serverside:
freebsd 4.10-p3
mod_ntlm_winbind.c rev 117 from svn
samba 3.0.11 from freebsd ports
apache 1.3.33+mod_ssl from freebsd ports
Windows 2000 Server SP4
clientside:
Windows XP SP2
IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
The apache virtual host definition:
<VirtualHost 10.1.1.249:80>
ServerName rt-test.elided.com
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl
<Location />
SetHandler perl-script
PerlHandler RT::Mason
AuthName "NTLM Authentication test"
NTLMAuth on
NTLMAuthHelper "/usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Location>
</VirtualHost>
With this in place, a logged-in user attempting to connect to that
vhost via IE is immediately prompted for a password, with the username
portion of the dialog box filled in as "rt-test.elided.com\username".
This itself is confusing, since presumably IE is supposed to attempt
the initial auth on its own without any user interaction. At this
point, the apache error log is empty of debug output from
mod_ntlm_winbind.
If the user provides their password, the login fails, and the
following is recorded to the apache error log:
[Wed Mar 23 10:00:44 2005] [debug] mod_ntlm_winbind.c(522): [client
10.1.1.71] user not authenticated: NT_STATUS_NO_SUCH_USER
...which is a bit odd, since I can use ntlm_auth on the command line
to verify my own credentials with no problem.
Is it possible to get more verbose debugging output from
mod_ntlm_winbind? Lacking that, would anyone who has managed to
actually get this working feel like letting me pick their brains?
-n
------------------------------------------------------<memory at blank.org>
It's the little touches that make a future solid enough to be destroyed.
(--William S. Burroughs)
<http://blank.org/memory/>----------------------------------------------
More information about the samba
mailing list