[Samba] mod_auth_ntlm_winbind issues - does apache connection mgmt support NTLM?

Todd Swope swopetd at d3onc.com
Thu Apr 7 15:11:10 MDT 2011


Hello,

I have configured Samba 3 with Winbind and installed the mod_auth_ntlm_winbind 
module deployed on Ubuntu 10 which is used by a web application to enforce 
logging using windows domain credentials.  I have verified that all these 
layers are properly working… ie..   wbinfo –u (good),  wbinfo –a <username>   
(good), ntlm_auth –helper-protocol=squid-2.5-basic  (good).  Next step I 
enforce auth on a simple webpage to test this  configuration using 
mod_auth_ntlm_winbind apache module.  This works fine no issues. Next step I 
include a more complete web application with many script loading of resources 
on the page…and what I am noticing is that the browser login prompt is 
repeatedly pops up requiring a reauthentication. It appears to be an issue 
with multiple calls from the browser requesting resources from the server and 
not sure but…I am wondering if perhaps it has something to do with maybe the 
Apache connection pooling not sticky throughout the NTLM auth process? I am 
wondering that maybe the NTLM challenges/responses etc are not being 
maintained via Apache using the same connection with the browser?  I have 
googled  and searched newsgroups/forums for days now trying to figure out how 
to resolve this issue. I have seen similar issues documented…where the 
keepalive was not set to on in the apache configuration. This is not the case 
in my setup. Does anyone know when using the mod_auth_ntlm_windbind module 
with apache… does it guarantee that the same backend connection is used for 
the next request on a keepalive frontend connection? I am trying to determine 
if the 3 step NTLM challenge process is supported in this architecture..I know 
this same web application worked with IIS using NTLM …but since I tried 
implementing NTLM with Apache on linux using samba i have had mixed results.. 
I suspect that maybe apache’s connection model will not support this?  The 
problem only appears to exhibit itself with multiple simultaneous called to 
authenticate a resource occurs. Any help or advice would be greatly 
appreciated as I am really hung up at the moment with this problem!!  Thanks!




More information about the samba mailing list