[Samba] mod_ntlm_winbind / Apache2

Kevin Shanahan kmshanah at ucwb.org.au
Tue Aug 29 11:03:13 GMT 2006 

Hi,

I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users
can log onto our Intranet automatically without having to type in their
username / password.

I've gotten part of the way there, but things aren't behaving the way
I'd like/expect. So far, I've been able to log on using Firefox but only
with the password dialog popping up, and then only if I enter my
username as DOMAIN\username.

For a successful authentication with Firefox (using DOMAIN\username) I
can see in the apache log file:

[2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088207
[2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
  Got user=[kmshanah] domain=[WUM3] workstation=[it-00] len1=24 len2=24
[2006/08/29 20:19:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/08/29 20:19:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088235
[2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088207
[2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
  Got user=[kmshanah] domain=[WUM3] workstation=[it-00] len1=24 len2=24
[2006/08/29 20:19:05, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/08/29 20:19:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088235

If I don't include the domain:

[2006/08/29 20:22:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088207
[2006/08/29 20:22:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
  Got user=[kmshanah] domain=[] workstation=[it-00] len1=24 len2=24
[2006/08/29 20:22:27, 3] utils/ntlm_auth.c:winbind_pw_check(429)
  Login for user []\[kmshanah]@[it-00] failed due to [No such user]

And, with Internet Explorer nothing at all ends up in the Apache
error.log file. All I see is the access denied line in access.log:

192.168.0.53 - - [29/Aug/2006:20:15:57 +0930] "GET /auth-test HTTP/1.1" 401 547 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Here's the config I'm using in Apache:

<Directory /var/www/auth-test>
    NTLMAuth on
    NTLMBasicAuthoritative on
    NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
    AuthType NTLM
    AuthName "NTLM Authentication Test"
    require valid-user
</Directory>

I tried adding --domain=WUM3 to the NTLMAuthHelper line, but that didn't
seem to make any difference. Any help or ideas would be appreciated!

Thanks,
Kevin.

More information about the samba mailing list