Hi there,
I'm having problems with the mod_auth_ntlm_winbind module.
Background:
- Apache 2 server running on Fedora 4.
- Computer is a member of the domain (security = ADS)
- The authentication seems to work fine, I can access shares, wbinfo -u/-g
returns a valid output, etc.
The authentication is enabled in Apache for a specific folder only.
<Directory "/var/www/html/confprod/v2" >
AuthName "NTLM Authentication thingy"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
--debuglevel=10"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Directory>
My problem is that IE gives me an error page when I try to access the
pages from that folder. I have enabled all the logging I could find but I
can't find something that looks like a real error message.
Can I enable more logging? Is there anything else to configure other than
samba, apache, PAM and winbind?
Here is an abstract of the httpd/error_log.
Any help will be greatly appreciated.
Best regards,
Laurent
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(1018): [client
192.168.20.92] doing ntlm auth dance
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(482): [client
192.168.20.92] Launched ntlm_helper, pid 25990
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(652): [client
192.168.20.92] creating auth user
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(703): [client
192.168.20.92] parsing reply from helper to YR TlRMT (reply shortened)
URPUkU=\n
[2007/08/28 11:40:51, 5] lib/debug.c:debug_dump_status(366)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
[2007/08/28 11:40:51, 10] utils/ntlm_auth.c:manage_squid_request(1610)
Got 'YR (request shortened) PUkU=' from squid (length: 83).
[2007/08/28 11:40:51, 10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(588)
got NTLMSSP packet:
[2007/08/28 11:40:51, 10] lib/util.c:dump_data(2017)
(dump removed)
[2007/08/28 11:40:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa208b207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(741): [client
192.168.20.92] got response: TT TlRMTV (response shortened) QBuAAAAAAA[Tue Aug
28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(411): [client
192.168.20.92] sending back TlRM (response shortened) AAAAA[2007/08/28 11:40:51,
10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(598)
NTLMSSP challenge