[Samba] mod_auth_ntlm_winbind under apache2 : NTLMSSP NT_STATUS_INVALID_PARAMETER

Graham Dunn gdunn01 at harris.com
Tue Jun 5 20:14:28 GMT 2007 

Ubuntu Server 7.04
Apache/2.2.3 (Ubuntu) PHP/5.2.1 mod_perl/2.0.2 Perl/v5.8.8
mod_auth_ntml_winbind from svn June 5, 2007.
samba 3.0.24-2ubuntu1.2

winbind is working, I can log into the machine as an AD domain user.

graham at wtldevapp1:~$ sudo ntlm_auth --username=gdunn01
password:
NT_STATUS_OK: Success (0x0)

from the conf.d/twiki.conf:

    AuthName "NTLM Authentication"
    NTLMAuth on
    NegotiateAuth On
    NTLMAuthHelper "/usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp -d 400"
    NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
    NTLMBasicAuthoritative on
    AuthType NTLM
    AuthType Negotiate
    require valid-user


However, when I try to access a directory ...

[2007/06/05 16:07:23, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/400
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2007/06/05 16:07:23, 10] utils/ntlm_auth.c:manage_squid_request(1615)
  Got 'YR TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=' from squid
(length: 47).
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(590)
  got NTLMSSP packet:
[2007/06/05 16:07:23, 10] lib/util.c:dump_data(2222)
  [000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 07 82 08 00  NTLMSSP. ........
  [010] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[2007/06/05 16:07:23, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x00088207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(600)
  NTLMSSP challenge
[2007/06/05 16:07:23, 10] utils/ntlm_auth.c:manage_squid_request(1615)
  Got 'KK TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=' from squid
(length: 47).
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(590)
  got NTLMSSP packet:
[2007/06/05 16:07:23, 10] lib/util.c:dump_data(2222)
  [000] 4E 54 4C 4D 53 53 50 00  01 00 00 00 07 82 08 00  NTLMSSP. ........
  [010] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[2007/06/05 16:07:23, 1] libsmb/ntlmssp.c:ntlmssp_update(267)
  got NTLMSSP command 1, expected 3
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(608)
  NTLMSSP NT_STATUS_INVALID_PARAMETER
[2007/06/05 16:07:23, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/400
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2007/06/05 16:07:23, 10] utils/ntlm_auth.c:manage_squid_request(1615)
  Got 'YR
TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAAAwADABAAAAADgAOAEwAAAAQABAAWgAAAAAAAAAAAAAABYIIAEgAQQBSAFIASQBTAGcAZAB1AG4AbgAwADEAUwBDADAANgA4ADEANwAxAHNaYmcKE59jAAAAAAAAAAAAAAAAAAAAAKc0sZF4E6YFqrGJOtRgoqSP9fR7xpElSg=='
from squid (length: 211).
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(590)
  got NTLMSSP packet:
[2007/06/05 16:07:23, 10] lib/util.c:dump_data(2222)
  [000] 4E 54 4C 4D 53 53 50 00  03 00 00 00 18 00 18 00  NTLMSSP. ........
  [010] 6A 00 00 00 18 00 18 00  82 00 00 00 0C 00 0C 00  j....... ........
  [020] 40 00 00 00 0E 00 0E 00  4C 00 00 00 10 00 10 00  @....... L.......
  [030] 5A 00 00 00 00 00 00 00  00 00 00 00 05 82 08 00  Z....... ........
  [040] 48 00 41 00 52 00 52 00  49 00 53 00 67 00 64 00  H.A.R.R. I.S.g.d.
  [050] 75 00 6E 00 6E 00 30 00  31 00 53 00 43 00 30 00  u.n.n.0. 1.S.C.0.
  [060] 36 00 38 00 31 00 37 00  31 00 73 5A 62 67 0A 13  6.8.1.7. 1.sZbg..
  [070] 9F 63 00 00 00 00 00 00  00 00 00 00 00 00 00 00  .c...... ........
  [080] 00 00 A7 34 B1 91 78 13  A6 05 AA B1 89 3A D4 60  ...4..x. .....:.`
  [090] A2 A4 8F F5 F4 7B C6 91  25 4A                    .....{.. %J
[2007/06/05 16:07:23, 1] libsmb/ntlmssp.c:ntlmssp_update(267)
  got NTLMSSP command 3, expected 1
[2007/06/05 16:07:23, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(608)
  NTLMSSP NT_STATUS_INVALID_PARAMETER
[Tue Jun 05 16:07:24 2007] [notice] child pid 16146 exit signal
Segmentation fault (11)
[Tue Jun 05 16:07:24 2007] [notice] child pid 16147 exit signal
Segmentation fault (11)

More information about the samba mailing list