On Wed, 2005-03-23 at 10:40 -0500, Nathan J. Mehl wrote:
> Attempting to use mod_ntlm_winbind to provide passthrough
> authentication to an apache vhost, I'm running into a problem that I
> hope is merely me misunderstanding the proper setup...
> 
> The details: 
> 
>       serverside:
>       freebsd 4.10-p3
>       mod_ntlm_winbind.c rev 117 from svn
>       samba 3.0.11 from freebsd ports
>       apache 1.3.33+mod_ssl from freebsd ports
>       Windows 2000 Server SP4
> 
>       clientside:
>       Windows XP SP2
>       IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
> 
> The apache virtual host definition:
> 
>       <VirtualHost 10.1.1.249:80>
>          ServerName rt-test.elided.com
>          DocumentRoot /usr/local/rt3/share/html
>          AddDefaultCharset UTF-8
>          PerlModule Apache::DBI
>          PerlRequire /usr/local/rt3/bin/webmux.pl
>          <Location />
>            SetHandler perl-script
>            PerlHandler RT::Mason
>            AuthName "NTLM Authentication test"
>            NTLMAuth on
>            NTLMAuthHelper "/usr/local/bin/ntlm_auth 
> --helper-protocol=squid-2.5-ntlmssp"
>            NTLMBasicAuthoritative on
>            AuthType NTLM
>            require valid-user
>          </Location>
>       </VirtualHost>
> 
> With this in place, a logged-in user attempting to connect to that
> vhost via IE is immediately prompted for a password, with the username
> portion of the dialog box filled in as "rt-test.elided.com\username".
> This itself is confusing, since presumably IE is supposed to attempt
> the initial auth on its own without any user interaction.  

This happens because the hostname has a '.' in it, and so it is no
longer in the trusted zone.  Therefore, no credentials are supplied
automatically.   Then, because the hostname is not a valid domain name
on the target domain controller, the authentication fails.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to