[Samba] mod_ntlm_winbind authentication issues

Wed, 23 Mar 2005 07:41:53 -0800 

Attempting to use mod_ntlm_winbind to provide passthrough
authentication to an apache vhost, I'm running into a problem that I
hope is merely me misunderstanding the proper setup...

The details: 

        serverside:
        freebsd 4.10-p3
        mod_ntlm_winbind.c rev 117 from svn
        samba 3.0.11 from freebsd ports
        apache 1.3.33+mod_ssl from freebsd ports
        Windows 2000 Server SP4

        clientside:
        Windows XP SP2
        IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

The apache virtual host definition:

        <VirtualHost 10.1.1.249:80>
           ServerName rt-test.elided.com
           DocumentRoot /usr/local/rt3/share/html
           AddDefaultCharset UTF-8
           PerlModule Apache::DBI
           PerlRequire /usr/local/rt3/bin/webmux.pl
           <Location />
             SetHandler perl-script
             PerlHandler RT::Mason
             AuthName "NTLM Authentication test"
             NTLMAuth on
             NTLMAuthHelper "/usr/local/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp"
             NTLMBasicAuthoritative on
             AuthType NTLM
             require valid-user
           </Location>
        </VirtualHost>

With this in place, a logged-in user attempting to connect to that
vhost via IE is immediately prompted for a password, with the username
portion of the dialog box filled in as "rt-test.elided.com\username".
This itself is confusing, since presumably IE is supposed to attempt
the initial auth on its own without any user interaction.  At this
point, the apache error log is empty of debug output from
mod_ntlm_winbind.

If the user provides their password, the login fails, and the
following is recorded to the apache error log:

        [Wed Mar 23 10:00:44 2005] [debug] mod_ntlm_winbind.c(522): [client
        10.1.1.71] user not authenticated: NT_STATUS_NO_SUCH_USER

...which is a bit odd, since I can use ntlm_auth on the command line
to verify my own credentials with no problem.

Is it possible to get more verbose debugging output from
mod_ntlm_winbind?  Lacking that, would anyone who has managed to
actually get this working feel like letting me pick their brains?

-n

------------------------------------------------------<[EMAIL PROTECTED]>
It's the little touches that make a future solid enough to be destroyed.
                                                (--William S. Burroughs)
<http://blank.org/memory/>----------------------------------------------
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to