[Samba] mod_ntlm_winbind / Apache2
Andrew Bartlett
abartlet at samba.org
Fri Sep 1 23:49:31 GMT 2006
On Wed, 2006-08-30 at 02:33 +0930, Kevin Shanahan wrote:
> On Wed, 2006-08-30 at 00:57 +0930, Kevin Shanahan wrote:
> > On Tue, 2006-08-29 at 12:09 -0300, Felipe Augusto van de Wiel wrote:
> > > Run it in a terminal, check for manpages of your
> > > distribution, try to increase debug/log level.
> >
> > Wierd, it seems to work from the command line (I just pasted in the YR
> > line from the previous log):
> >
> > # /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --debuglevel=10
>
> Sorry for replying to myself too much; just wanted to point out that the
> failing ntlm_auth call in Apache was the gss-spnego helper, so this
> example doesn't make sense. It fails from the command line equally as it
> does from Apache...
Because it needs to access either the secrets.tdb or a keytab,
gss-spnego is much more fragile than the NTLMSSP helper. We could make
it less fragile by handling the kerberos verification in winbindd,
rather than in the ntlm_auth binary.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060902/a6860ae8/attachment.bin
More information about the samba
mailing list