On Tue, 2006-08-29 at 20:33 +0930, Kevin Shanahan wrote: > I'm trying to set up Apache2 with mod_ntlm_winbind so our Windows users > can log onto our Intranet automatically without having to type in their > username / password. > > I've gotten part of the way there, but things aren't behaving the way > I'd like/expect. So far, I've been able to log on using Firefox but only > with the password dialog popping up, and then only if I enter my > username as DOMAIN\username.
Okay, I found out the issue with Firefox was just a client configuration issue. Firefox needs to have the intranet uri added to the network.automatic-ntlm-auth.trusted-uris setting in about:config. The issue with IE6 turned out to be Debian's mod_ssl config file disabling keepalive for all user agents matching '.*MSIE.*'. Once that was removed, it works fine. > <Directory /var/www/auth-test> > NTLMAuth on > NTLMBasicAuthoritative on > NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" > AuthType NTLM > AuthName "NTLM Authentication Test" > require valid-user > </Directory> This config is now working, but there are still problems if I add spnego. IE6 seems to respond to the "WWW-Authenticate: Negotiate" reply from apache with an NTLMSSP challenge. Haven't figured that one out yet. Regards, Kevin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
