[Samba] ntlm_auth problem

Drew Daugherty thadrewid at gmail.com
Mon Nov 27 22:53:51 GMT 2006 

I am having problems with mod_auth_ntlm_winbind. The httpd error_log
shows an NT_STATUS_INVALID_PARAMETER error when I try to log in from
browsers (firefox, ie). Winbind seems to be functioning properly as I
can start smb and log in via smbclient. wbinfo and getent work well
also.  Use NTLMv2 switch is on for the server (windows server 2003).
What am I doing wrong?

-drew
== httpd.conf ==
<Directory "/tmp/test">
Order allow,deny
Allow from all
AuthName "Domain Logon"
NTLMAuth On
NegotiateAuth On
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -d9"
NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
NTLMBasicAuthoritative On
AuthType NTLM
AuthType Negotiate
Require valid-user
</Directory>

== error_log ==
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(1018):
[client 10.0.1.14] doing ntlm auth dance
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(482):
[client 10.0.1.14] Launched ntlm_helper, pid 17034
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(652):
[client 10.0.1.14] creating auth user
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(703):
[client 10.0.1.14] parsing reply from helper to YR
TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABAAAAADAAMAEAAAAAWABYATAAAAAAAAAAAAAAABYIIAGQAcgBlAHcAaQBkAHMAYQBuAGYAZQByAG4AYQBuAGQAbwAkv/0BQK1sfAAAAAAAAAAAAAAAAAAAAACqF7oNvIilkIv2m3p/nQymm2TFvtxyGHM=\n
[2006/11/27 16:36:10, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/9
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2006/11/27 16:36:10, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(741):
[client 10.0.1.14] got response: NA NT_STATUS_INVALID_PARAMETER
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(765):
[client 10.0.1.14] user not authenticated: NT_STATUS_INVALID_PARAMETER

More information about the samba mailing list