[Samba] problem with ntlm_auth and apache2

Wed Jan 14 09:25:17 GMT 2009

I'm trying to get mod_auth_ntlm with apache2 to work but it refuses to do 
so.

ntlm_auth does work if I use the commandline argument.

The error I got is:

[2009/01/13 13:07:09, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2009/01/13 13:07:09, 10] utils/ntlm_auth.c:manage_squid_request(2081)
Got 'YR 
TlRMTVNTUAABAAAAB7IIoggACAAuAAAABgAGACgAAAAFASgKAAAAD1NJTU1FTFNUUk9FSEVS' 
from squid (length: 75).
[2009/01/13 13:07:09, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(763)
got NTLMSSP packet:
[2009/01/13 13:07:09, 10] lib/util.c:dump_data(2222)
[000] 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 B2 08 A2 NTLMSSP. ........
[010] 08 00 08 00 2E 00 00 00 06 00 06 00 28 00 00 00 ........ ....(...
[020] 05 01 28 0A 00 00 00 0F 53 49 4D 4D 45 4C 53 54 ..(..... SIMMELST
[030] 52 4F 45 48 45 52 ROEHER
[2009/01/13 13:07:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xa208b207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
[2009/01/13 13:07:09, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(773)
NTLMSSP challenge
[2009/01/13 13:07:09, 2] utils/ntlm_auth.c:manage_squid_request(2075)
Oversized message
ERR
[2009/01/13 13:07:09, 10] utils/ntlm_auth.c:manage_squid_request(2081)
Got '242+' from squid (length: 119).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+' from squid (length: 119).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+' from squid (length: 23).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+' from squid (length: 15).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+' from squid (length: 223).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+' from squid (length: 55).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+] invalidGot '242+10 ' from squid (length: 367).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [242+10 ] invalidOversized message
ERR
[2009/01/13 13:07:09, 10] utils/ntlm_auth.c:manage_squid_request(2081)
Got '377' from squid (length: 1215).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(692)
NTLMSSP query [377] invalidGot '377`211254^K242+' from squid (length: 191).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(750)
NTLMSSP query [377`211254^K242+] invalidGot '377' from squid (length: 1748).
[2009/01/13 13:07:09, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(692)
NTLMSSP query [377] invalidGot '242+' from squid (length: 119).

The config part in apache2 looks like this:

AuthName "NTLM Authentication thingy"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth -d10 --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
I'm using OpenSuse 10.2 x86_64 with the newest updates.
apache2-2.2.3-26
samba-3.0.23d-19.14

I guess the problem lies with winbindd_priviledged but when I set chmod 777 
winbindd stops working.
I allready chown root.www on winbindd_priviledged but that didn't seemed to 
help at all. 