[Samba] [SOLVED (well,
the ntlmssp part)] RE: mod_ntlm_winbind / Apache2
kmshanah at ucwb.org.au
Fri Sep 1 02:32:55 GMT 2006
On Tue, 2006-08-29 at 20:33 +0930, Kevin Shanahan wrote:
> I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users
> can log onto our Intranet automatically without having to type in their
> username / password.
> I've gotten part of the way there, but things aren't behaving the way
> I'd like/expect. So far, I've been able to log on using Firefox but only
> with the password dialog popping up, and then only if I enter my
> username as DOMAIN\username.
Okay, I found out the issue with Firefox was just a client configuration
issue. Firefox needs to have the intranet uri added to the
network.automatic-ntlm-auth.trusted-uris setting in about:config.
The issue with IE6 turned out to be Debian's mod_ssl config file
disabling keepalive for all user agents matching '.*MSIE.*'. Once that
was removed, it works fine.
> <Directory /var/www/auth-test>
> NTLMAuth on
> NTLMBasicAuthoritative on
> NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
> AuthType NTLM
> AuthName "NTLM Authentication Test"
> require valid-user
This config is now working, but there are still problems if I add
spnego. IE6 seems to respond to the "WWW-Authenticate: Negotiate" reply
from apache with an NTLMSSP challenge. Haven't figured that one out yet.
More information about the samba