thr3ads.net - samba - [Samba] mod_auth_ntlm_winbind + IE problem [Aug 2007]

If this information is useful, please help other people find it:
Share via:

Laurent DOMENECH

2007-Aug-28 10:42 UTC

[Samba] mod_auth_ntlm_winbind + IE problem

Hi there,

I'm having problems with the mod_auth_ntlm_winbind module. 
Background: 
- Apache 2 server running on Fedora 4. 
- Computer is a member of the domain (security = ADS)
- The authentication seems to work fine, I can access shares, wbinfo -u/-g 
returns a valid output, etc.

The authentication is enabled in Apache for a specific folder only.

<Directory "/var/www/html/confprod/v2" >
  AuthName "NTLM Authentication thingy"
  NTLMAuth on
  NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 
--debuglevel=10"
  NTLMBasicAuthoritative on
  AuthType NTLM
  require valid-user
</Directory>

My problem is that IE gives me an error page when I try to access the 
pages from that folder. I have enabled all the logging I could find but I 
can't find something that looks like a real error message. 

Can I enable more logging? Is there anything else to configure other than 
samba, apache, PAM and winbind?

Here is an abstract of the httpd/error_log. 

Any help will be greatly appreciated.

Best regards,
Laurent

[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(1018): [client 
192.168.20.92] doing ntlm auth dance
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(482): [client 
192.168.20.92] Launched ntlm_helper, pid 25990
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(652): [client 
192.168.20.92] creating auth user
[Tue Aug 28 11:40:50 2007] [debug] mod_auth_ntlm_winbind.c(703): [client 
192.168.20.92] parsing reply from helper to YR TlRMT (reply shortened) 
URPUkU=\n
[2007/08/28 11:40:51, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
[2007/08/28 11:40:51, 10] utils/ntlm_auth.c:manage_squid_request(1610)
  Got 'YR  (request shortened) PUkU=' from squid (length: 83).
[2007/08/28 11:40:51, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(588)
  got NTLMSSP packet:
[2007/08/28 11:40:51, 10] lib/util.c:dump_data(2017)
        (dump removed)
[2007/08/28 11:40:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa208b207
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
[Tue Aug 28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(741): [client 
192.168.20.92] got response: TT TlRMTV (response shortened) QBuAAAAAAA[Tue Aug
28 11:40:51 2007] [debug] mod_auth_ntlm_winbind.c(411): [client
192.168.20.92] sending back TlRM (response shortened) AAAAA[2007/08/28 11:40:51,
10]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(598)
  NTLMSSP challenge

Laurent DOMENECH

2007-Aug-29 15:40 UTC

head link

[Samba] mod_auth_ntlm_winbind + IE problem

Replying to myself...

This problem was due to the fact that Apache's KeepAlive directive was set 
to Off and was preventing the browser to GET the 3rd NTLM request. Setting 
"KeepAlive On" and applying the proper security to 
/var/cache/samba/winbindd_privileged did the trick.

Hope this helps,
Laurent
> [Samba] mod_auth_ntlm_winbind + IE problem
> 
> Hi there,
> 
> I'm having problems with the mod_auth_ntlm_winbind module. 
> Background: 
> - Apache 2 server running on Fedora 4. 
> - Computer is a member of the domain (security = ADS)
> - The authentication seems to work fine, I can access shares, wbinfo 
-u/-g > returns a valid output, etc.
> 
> The authentication is enabled in Apache for a specific folder only.
> 
> <Directory "/var/www/html/confprod/v2" >
>   AuthName "NTLM Authentication thingy"
>   NTLMAuth on
>   NTLMAuthHelper "/usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
> --debuglevel=10"
>   NTLMBasicAuthoritative on
>   AuthType NTLM
>   require valid-user
> </Directory>
> 
> My problem is that IE gives me an error page when I try to access the 
> pages from that folder. I have enabled all the logging I could find but 
I > can't find something that looks like a real error message. 
> 
> Can I enable more logging? Is there anything else to configure other 
than > samba, apache, PAM and winbind?
> 
> Here is an abstract of the httpd/error_log. 
> 
> Any help will be greatly appreciated.
> 
> Best regards,
> Laurent

Reasonably Related Threads

Search for more reasonably related threads

samba - Aug 2007 - mod_auth_ntlm_winbind + IE problem

[Samba] mod_auth_ntlm_winbind + IE problem

[Samba] mod_auth_ntlm_winbind + IE problem

Reasonably Related Threads