[Samba] Ntlm_auth Problem (resend)
Drew Daugherty
thadrewid at gmail.com
Tue Nov 28 17:00:52 GMT 2006
I sent this message and realized I hadn't included info on the
environment so I am resending it. I am running red hat enterprise
linux 4 with samba version 3.0.10-1.4E.2. Apache version is 2.0.52.
I also included output from running ntlm_auth on the command line with
diagnostics. This fails but it only seems to try plaintext auth which
will not work (see below).
I am having problems with mod_auth_ntlm_winbind. The httpd error_log
shows an NT_STATUS_INVALID_PARAMETER error when I try to log in from
browsers (firefox, ie). Winbind seems to be functioning properly as I
can start smb and log in via smbclient. wbinfo and getent work well
also. Use NTLMv2 only switch is set on the Windows 2003 domain server.
What am I doing wrong?
-drew
== ntlm_auth ==
ntlm_auth --username <username> --diagnostics --request-nt-key
password:
Wrong Password (0xc000006a)
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test LM failed!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117)
LM Key does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118)
lm_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] 00 00 00 00 00 00 00 00 ........
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test LM and NTLM failed!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117)
LM Key does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118)
lm_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] 00 00 00 00 00 00 00 00 ........
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test NTLM failed!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(216)
LM Key does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(217)
lm_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] 5F F4 27 8C 39 2C 77 68 _.'.9,wh
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(219)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(224)
Session Key (first 8 lm hash) does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(225)
user_session_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] AA D3 B4 35 B5 14 04 EE 00 00 00 00 00 00 00 00 ...5.... ........
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(227)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test NTLM in LM failed!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(287)
LM Key does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(288)
lm_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] 00 00 00 00 00 00 00 00 ........
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(290)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test NTLM in both failed!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117)
LM Key does not match expectations!
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118)
lm_key:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] 00 00 00 00 00 00 00 00 ........
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120)
expected:
[2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999)
[000] A4 4D 0C 79 81 C2 0D 7F .M.y....
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test NTLM and LM, LM broken failed!
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext failed!
Wrong Password (0xc000006a)
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext LM broken failed!
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext NT only failed!
Wrong Password (0xc000006a)
[2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext LM only failed!
== httpd.conf ==
<Directory "/tmp/test">
Order allow,deny
Allow from all
AuthName "Domain Logon"
NTLMAuth On
NegotiateAuth On
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -d9"
NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
NTLMBasicAuthoritative On
AuthType NTLM
AuthType Negotiate
Require valid-user
</Directory>
== httpd error_log ==
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(1018):
[client 10.0.1.14] doing ntlm auth dance
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(482):
[client 10.0.1.14] Launched ntlm_helper, pid 17034
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(652):
[client 10.0.1.14] creating auth user
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(703):
[client 10.0.1.14] parsing reply from helper to YR
TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABAAAAADAAMAEAAAAAWABYATAAAAAAAAAAAAAAABYIIAGQAcgBlAHcAaQBkAHMAYQBuAGYAZQByAG4AYQBuAGQAbwAkv/0BQK1sfAAAAAAAAAAAAAAAAAAAAACqF7oNvIilkIv2m3p/nQymm2TFvtxyGHM=\n
[2006/11/27 16:36:10, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/9
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
[2006/11/27 16:36:10, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
got NTLMSSP command 3, expected 1
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(741):
[client 10.0.1.14] got response: NA NT_STATUS_INVALID_PARAMETER
[Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(765):
[client 10.0.1.14] user not authenticated: NT_STATUS_INVALID_PARAMETER
More information about the samba
mailing list