On Wed, 2005-03-23 at 10:40 -0500, Nathan J. Mehl wrote: > Attempting to use mod_ntlm_winbind to provide passthrough > authentication to an apache vhost, I'm running into a problem that I > hope is merely me misunderstanding the proper setup... > > The details: > > serverside: > freebsd 4.10-p3 > mod_ntlm_winbind.c rev 117 from svn > samba 3.0.11 from freebsd ports > apache 1.3.33+mod_ssl from freebsd ports > Windows 2000 Server SP4 > > clientside: > Windows XP SP2 > IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158 > > The apache virtual host definition: > > <VirtualHost 10.1.1.249:80> > ServerName rt-test.elided.com > DocumentRoot /usr/local/rt3/share/html > AddDefaultCharset UTF-8 > PerlModule Apache::DBI > PerlRequire /usr/local/rt3/bin/webmux.pl > <Location /> > SetHandler perl-script > PerlHandler RT::Mason > AuthName "NTLM Authentication test" > NTLMAuth on > NTLMAuthHelper "/usr/local/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp" > NTLMBasicAuthoritative on > AuthType NTLM > require valid-user > </Location> > </VirtualHost> > > With this in place, a logged-in user attempting to connect to that > vhost via IE is immediately prompted for a password, with the username > portion of the dialog box filled in as "rt-test.elided.com\username". > This itself is confusing, since presumably IE is supposed to attempt > the initial auth on its own without any user interaction.
This happens because the hostname has a '.' in it, and so it is no longer in the trusted zone. Therefore, no credentials are supplied automatically. Then, because the hostname is not a valid domain name on the target domain controller, the authentication fails. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
