[Samba] I can't get mod_auth_ntlm_winbind to work
Mogens Kjaer
mk at crc.dk
Mon May 21 13:01:55 GMT 2007
Scenario:
Centos 5 x86_64 machine with samba-3.0.23c-2.el5.2.0.2
The machine is a PDC, Windows 2000 users logon, get
profiles, etc.
I'm trying to set up a folder in apache that uses
NTLM authentication using mod_auth_ntlm_winbind.
I've followed:
http://adldap.sourceforge.net/mod_auth_ntlm_winbind.php
winbindd is running, and ntlm_auth seems to work:
# ntlm_auth --username=pdc2
password:
[2007/05/21 14:33:07, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or
directory
NT_STATUS_OK: Success (0x0)
I've added apache to the squid group so that ntlm_auth has access
to:
# ls -ld /var/cache/samba/winbindd_privileged/
drwxrwx--- 2 root squid 4096 May 21 14:15
/var/cache/samba/winbindd_privileged/
In /etc/httpd/conf/httpd.conf I have:
<Directory "/var/www/html/cchem">
AuthName "NTLM Authentication thingy"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth -d100
--helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Directory>
I get the following in /var/log/httpd/error_log
when I try to access http://www2.crc.dk/cchem from
a Windows PC where I'm logged in as pdc2:
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(1018):
[client 172.20.17.28] doing ntlm auth dance, referer: http://www2.crc.dk/
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(482): [client
172.20.17.28] Launched ntlm_helper, pid 22564, referer: http://www2.crc.dk/
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(652): [client
172.20.17.28] creating auth user, referer: http://www2.crc.dk/
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(703): [client
172.20.17.28] parsing reply from helper to YR
TlRMTVNTUAABAAAAB7IAogYABgAtAAAABQAFACgAAAAFAJMIAAAAD1RFU1QyQ1JDTkVU\n,
referer: http://www2.crc.dk/
[2007/05/21 14:51:59, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/100
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
Got 'YR
TlRMTVNTUAABAAAAB7IAogYABgAtAAAABQAFACgAAAAFAJMIAAAAD1RFU1QyQ1JDTkVU'
from squid (length: 71).
[2007/05/21 14:51:59, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(590)
got NTLMSSP packet:
[2007/05/21 14:51:59, 10] lib/util.c:dump_data(2237)
[000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 B2 00 A2 NTLMSSP. ........
[010] 06 00 06 00 2D 00 00 00 05 00 05 00 28 00 00 00 ....-... ....(...
[020] 05 00 93 08 00 00 00 0F 54 45 53 54 32 43 52 43 ........ TEST2CRC
[030] 4E 45 54 NET
[2007/05/21 14:51:59, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xa200b207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
[2007/05/21 14:51:59, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(600)
NTLMSSP challenge
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
Got '' from squid (length: 89).
[2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
Invalid Request
ERR
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
Got '' from squid (length: 6).
[2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
Invalid Request
ERR
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
Got '' from squid (length: 31).
[2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
Invalid Request
ERR
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
Got '' from squid (length: 0).
[2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
Invalid Request
ERR
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(741): [client
172.20.17.28] got response: TT
TlRMTVNTUAACAAAADAAMADAAAAAFgoGiT1inioSWz5sAAAAAAAAAAFYAVgA8AAAAQwBSAEMATgBFAFQAAgAMAEMAUgBDAE4ARQBUAAEADgBTAEUAUgBWAEUAUgAxAAQADABjAHIAYwAuAGQAawADABwAcwBlAHIAdgBlAHIAMQAuAGMAcgBjAC4AZABrAAAAAAA=,
referer: http://www2.crc.dk/
[2007/05/21 14:51:59, 10] utils/ntlm_auth.c:manage_squid_request(1615)
[Mon May 21 14:51:59 2007] [debug] mod_auth_ntlm_winbind.c(411): [client
172.20.17.28] sending back
TlRMTVNTUAACAAAADAAMADAAAAAFgoGiT1inioSWz5sAAAAAAAAAAFYAVgA8AAAAQwBSAEMATgBFAFQAAgAMAEMAUgBDAE4ARQBUAAEADgBTAEUAUgBWAEUAUgAxAAQADABjAHIAYwAuAGQAawADABwAcwBlAHIAdgBlAHIAMQAuAGMAcgBjAC4AZABrAAAAAAA=,
referer: http://www2.crc.dk/
Got 'This is intended to read lines from modules imported -- hence
if a filPãÃ]ÿ^?' from squid (length: 127).
[2007/05/21 14:51:59, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(578)
NTLMSSP query [This is intended to read lines from modules imported
-- hence if a filPãÃ]ÿ^?] invalidGot '<88>nUU' from squid (length: 16).
[2007/05/21 14:51:59, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(578)
NTLMSSP query [<88>nUU] invalidGot 'that name.' from squid (length: 10).
[2007/05/21 14:51:59, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(578)
NTLMSSP query [that name.] invalidGot 'Nt^G' from squid (length: 14).
[2007/05/21 14:51:59, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(578)
NTLMSSP query [Nt^G] invalidGot '' from squid (length: 14).
[2007/05/21 14:51:59, 2] utils/ntlm_auth.c:manage_squid_request(1618)
Invalid Request
ERR
Any suggestions?
Mogens
--
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk at crc.dk Homepage: http://www.crc.dk
More information about the samba
mailing list