--===============1271489118==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=-Yj1o8YqkBLG/bN5oTsHz"


--=-Yj1o8YqkBLG/bN5oTsHz
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2005-12-07 at 13:00 +0100, Pawel Sawicki wrote:
> Hello!
>=20
> I have a quite strange issue with the Samba based NT domain that I admini=

ster.
> I've triet to search for the solution but none of the information that I =

had
> found seemed to work.
>=20
> The trouble is that I can't manage to setup a ntlm based authentication. =

It
> applies to both linux and w32 architectures. In the latter case I achieve
> some level of usability - I can login locally. If I try to access the pag=

e
> from a remote computer I receive the usual "Basic" authentication popup.
>=20
> Samba is configured to keep all the information in a LDAP backend. Apart
> from the NTLM everything else works rather ok.
>=20
> Things that do function:
>=20
> 1. Local testing.
>=20
> [root@?~]# read -s PASSWORD
> [root@?~]# ntlm_auth --username=3Dmanthios --password=3D$PASSWORD
> NT_STATUS_OK: Success (0x0)
>=20
> 2. w32-apache + mod_auth_sspi - LOCAL
>=20
> As I mentioned before I'm able to authenticate to a ntlm-protected resour=

ce if
> and only if I login from the same machine the site is running on. If I tr=

y to
> access the ntlm-protected page from a different computer I get the Basic =

auth
> prompt.
>=20
> Things that do not work:
>=20
> 1. NTLM on Apache in the Linux environment
>=20
> No matter whether I try to use mod_ntlm (both original and patched) or
> Apache2::AuthenNTLM I can't force it to work properly with the MSIE on do=

main
> accounts.


Have you tried mod_ntlm_winbind on apache 1.3 (the apache2 port team
seems to have died off).

> 2. Remote authentication with mod_auth_sspi
>=20
> If I try to login remotely to a ntlm-protected area I get the basic
> authentication window.


I'm presuming this is on the windows server?

> Does anyone know what could be the reason of such a misbehaviour?


We will need much more information than this. Is the windows server
joined to the domain correctly?

Andrew Bartlett

--=20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net

--=-Yj1o8YqkBLG/bN5oTsHz
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBDmXeGz4A8Wyi0NrsRAq/OAKCylkHPhmPfw1PWVN91G9/TeWAyNACeJvoy
S9Td7ld8SjP4MgDSiPIPNa4=
=jxj8
-----END PGP SIGNATURE-----

--=-Yj1o8YqkBLG/bN5oTsHz--


--===============1271489118==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--===============1271489118==--