[Samba] mod_ntlm_winbind / Apache2

Kevin Shanahan kmshanah at ucwb.org.au
Tue Aug 29 15:27:45 GMT 2006 

On Tue, 2006-08-29 at 12:09 -0300, Felipe Augusto van de Wiel wrote:
> 	Run it in a terminal, check for manpages of your
> distribution, try to increase debug/log level.

Wierd, it seems to work from the command line (I just pasted in the YR
line from the previous log):

# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debuglevel=10
[2006/08/30 00:52:32, 5] lib/debug.c:debug_dump_status(368)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
[2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_request(1616)
  Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid (length: 59).
[2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(590)
  got NTLMSSP packet:
[2006/08/30 00:52:37, 10] lib/util.c:dump_data(2058)
  [000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 07 82 08 A2  NTLMSSP. ........
  [010] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [020] 05 01 28 0A 00 00 00 0F                           ..(..... 
[2006/08/30 00:52:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xa2088207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_56
TT TlRMTVNTUAACAAAACAAIADAAAAA1gokgSIGC95pLarAAAAAAAAAAAGIAYgA4AAAAVwBVAE0AMwACAAgAVwBVAE0AMwABAAwASABFAFIATQBFAFMABAAWAHUAYwB3AGIALgBvAHIAZwAuAGEAdQADACQAaABlAHIAbQBlAHMALgB1AGMAdwBiAC4AbwByAGcALgBhAHUAAAAAAA==
[2006/08/30 00:52:37, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(600)
  NTLMSSP challenge

> > Looking at http://devel.squid-cache.org/ntlm/squid_helper_protocol.html,
> > it seems that the helper should be returning TT <somthing>, but is
> > returning BH instead. How can I get more information from the helper
> > about what the problem is?
> 
> 	That's the reason of my question. BH is really bad. The
> helper probably is missing something. Try to strace the command
> and see what files it is trying to open. I don't know a easy way
> to test it (didn't had big problems with NTLM auth, and there is
> quite a while that I did not setup it again).

I think the "file not found" message is coming from mod_ntlm_winbind, so
I'd need to strace apache for that.

Does it mean anything that I get a BH if I try:

# /usr/bin/ntlm_auth --helper-protocol=gss-spnego --debuglevel=10
[2006/08/30 00:50:23, 5] lib/debug.c:debug_dump_status(368)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
[2006/08/30 00:51:03, 10] utils/ntlm_auth.c:manage_squid_request(1616)
  Got 'YR TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' from squid (length: 59).
[2006/08/30 00:51:03, 1] utils/ntlm_auth.c:manage_gss_spnego_request(859)
BH

Unlikely, but is it possible that mod_ntlm_winbind is mixing up the
helper command lines?

Regards,
Kevin.

More information about the samba mailing list