[Samba] mod_auth_ntlm_winbind issues - does apache connection mgmt support NTLM?
Todd Swope
swopetd at d3onc.com
Thu Apr 7 15:11:10 MDT 2011
Hello,
I have configured Samba 3 with Winbind and installed the mod_auth_ntlm_winbind
module deployed on Ubuntu 10 which is used by a web application to enforce
logging using windows domain credentials. I have verified that all these
layers are properly working… ie.. wbinfo –u (good), wbinfo –a <username>
(good), ntlm_auth –helper-protocol=squid-2.5-basic (good). Next step I
enforce auth on a simple webpage to test this configuration using
mod_auth_ntlm_winbind apache module. This works fine no issues. Next step I
include a more complete web application with many script loading of resources
on the page…and what I am noticing is that the browser login prompt is
repeatedly pops up requiring a reauthentication. It appears to be an issue
with multiple calls from the browser requesting resources from the server and
not sure but…I am wondering if perhaps it has something to do with maybe the
Apache connection pooling not sticky throughout the NTLM auth process? I am
wondering that maybe the NTLM challenges/responses etc are not being
maintained via Apache using the same connection with the browser? I have
googled and searched newsgroups/forums for days now trying to figure out how
to resolve this issue. I have seen similar issues documented…where the
keepalive was not set to on in the apache configuration. This is not the case
in my setup. Does anyone know when using the mod_auth_ntlm_windbind module
with apache… does it guarantee that the same backend connection is used for
the next request on a keepalive frontend connection? I am trying to determine
if the 3 step NTLM challenge process is supported in this architecture..I know
this same web application worked with IIS using NTLM …but since I tried
implementing NTLM with Apache on linux using samba i have had mixed results..
I suspect that maybe apache’s connection model will not support this? The
problem only appears to exhibit itself with multiple simultaneous called to
authenticate a resource occurs. Any help or advice would be greatly
appreciated as I am really hung up at the moment with this problem!! Thanks!
More information about the samba
mailing list