[Samba] mod_auth_ntlm_winbind issues

Swope, Todd swopetd at d3onc.com
Thu Apr 7 14:58:24 MDT 2011 

Hello,

I have configured Samba 3 with Winbind and installed the mod_auth_ntlm_winbind module deployed on Ubuntu 10 which is used by a web application to enforce logging using windows domain credentials.  I have verified that all these layers are properly working... ie..   wbinfo -u (good),  wbinfo -a <username>   (good), ntlm_auth -helper-protocol=squid-2.5-basic  (good).  Next step I enforce auth on a simple webpage to test this  configuration using mod_auth_ntlm_winbind.  This works fine no issues. Next step I include many script load of resources on this test page...and what I am noticing is that the browser login prompt is repeatedly pops up requiring a reauthentication. It appears to be an issue with multiple calls from the browser requesting resources from the server and not sure but...I am wondering if perhaps it has something to do with maybe the Apache connection pooling not sticky thru the NTLM auth process. I am wondering that maybe the NTLM challenges/responses etc are not being maintained via Apache using the same connection with the browser?  I have googled  and searched newsgroups/forums for days now trying to figure out how to resolve this issue. I have seen similar issues documented...where the keepalive was not set to on in the apache configuration. This is not the case in my setup. Does anyone know when using the mod_auth_ntlm_windbind module with apache... does it guarantee that the same backend connection is used for the next request on a keepalive frontend connection? I am trying to determine if the 3 step NTLM challenge process is supported here..I know this same web application worked with IIS ...but since I tried implementing NTLM with Apache on linux, I suspect that maybe apache's connection model will not support this?  The problem only appears to exhibit itself with multiple simultaneous called to authenticate a resource occurs. Any help or advice would be greatly appreciated as I am really hung up at the moment with this problem!!  Thanks!

More information about the samba mailing list