[Samba] Re: mod_ntlm_winbind authentication issues
Andrew Bartlett
abartlet at samba.org
Wed Mar 23 21:21:09 GMT 2005
On Wed, 2005-03-23 at 10:40 -0500, Nathan J. Mehl wrote:
> Attempting to use mod_ntlm_winbind to provide passthrough
> authentication to an apache vhost, I'm running into a problem that I
> hope is merely me misunderstanding the proper setup...
>
> The details:
>
> serverside:
> freebsd 4.10-p3
> mod_ntlm_winbind.c rev 117 from svn
> samba 3.0.11 from freebsd ports
> apache 1.3.33+mod_ssl from freebsd ports
> Windows 2000 Server SP4
>
> clientside:
> Windows XP SP2
> IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
>
> The apache virtual host definition:
>
> <VirtualHost 10.1.1.249:80>
> ServerName rt-test.elided.com
> DocumentRoot /usr/local/rt3/share/html
> AddDefaultCharset UTF-8
> PerlModule Apache::DBI
> PerlRequire /usr/local/rt3/bin/webmux.pl
> <Location />
> SetHandler perl-script
> PerlHandler RT::Mason
> AuthName "NTLM Authentication test"
> NTLMAuth on
> NTLMAuthHelper "/usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
> NTLMBasicAuthoritative on
> AuthType NTLM
> require valid-user
> </Location>
> </VirtualHost>
>
> With this in place, a logged-in user attempting to connect to that
> vhost via IE is immediately prompted for a password, with the username
> portion of the dialog box filled in as "rt-test.elided.com\username".
> This itself is confusing, since presumably IE is supposed to attempt
> the initial auth on its own without any user interaction.
This happens because the hostname has a '.' in it, and so it is no
longer in the trusted zone. Therefore, no credentials are supplied
automatically. Then, because the hostname is not a valid domain name
on the target domain controller, the authentication fails.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050324/0df77033/attachment.bin
More information about the samba
mailing list