[Samba] mod_auth_ntlm_winbind + IE problem

Laurent DOMENECH ldomenech at deltadore.com
Tue Aug 28 10:12:09 GMT 2007 

Hi there,

I'm having problems with the mod_auth_ntlm_winbind module. 
Background: 
- Apache 2 server running on Fedora 4. 
- Computer is a member of the domain (security = ADS)
- The authentication seems to work fine, I can access shares, wbinfo -u/-g 
returns a valid output, etc.

The authentication is enabled in Apache for a specific folder only.

<Directory "/var/www/html/confprod/v2" >
  AuthName "NTLM Authentication thingy"
  NTLMAuth on
  NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--debuglevel=10"
  NTLMBasicAuthoritative on
  AuthType NTLM
  require valid-user
</Directory>

My problem is that IE gives me an error page when I try to access the 
pages from that folder. I have enabled all the logging I could find but I 
can't find something that looks like a real error message. 

Can I enable more logging? Is there anything else to configure other than 
samba, apache, PAM and winbind?

Here is an abstract of the httpd/error_log. 

Any help will be greatly appreciated.

Best regards,
Laurent

[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(1018): [client 
192.168.20.92] doing ntlm auth dance
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(482): [client 
192.168.20.92] Launched ntlm_helper, pid 25990
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(652): [client 
192.168.20.92] creating auth user
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(703): [client 
192.168.20.92] parsing reply from helper to YR TlRMT (reply shortened) 
URPUkU=\n
[2007/08/28 11:40:51, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2007/08/28 11:40:51, 10] utils/ntlm_auth.c:manage_squid_request(1610)
  Got 'YR  (request shortened) PUkU=' from squid (length: 83).
[2007/08/28 11:40:51, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(588)
  got NTLMSSP packet:
[2007/08/28 11:40:51, 10] lib/util.c:dump_data(2017)
        (dump removed)
[2007/08/28 11:40:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa208b207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(741): [client 
192.168.20.92] got response: TT TlRMTV (response shortened) QBuAAAAAAA=
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(411): [client 
192.168.20.92] sending back TlRM (response shortened) AAAAA=
[2007/08/28 11:40:51, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(598)
  NTLMSSP challenge

More information about the samba mailing list