Hi folks,

I am attempting to get the mod_ntlm_winbind working on a server running
a 2.6.15 kernel. I have Samba Version 3.0.22 up and running just
nicely. It is joined to our 180INTERNAL.COM domain and anyone with the
proper credentials can browse/store/read files in the proper areas. It
has been up and running for several months now.

I am having some really strange things happening with this module. I'll
start with the good part. I have a directory set up to test. I am
using my phpMyAdmin dir (with SSL) for this test.

If I load and add the module in the .conf and set up the following in
the virtual container, using FireFox, I get a standard Apache login
dialog. With 180INTERNAL\username and the correct password I can log in
just fine.



AuthName "NTLM Authentication test"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative off
NTLMBasicRealm 180INTERNAL.COM
AuthType NTLM
Require valid-user



However, there are several other virtual containers with the standard
htpassword files for login. Those refuse to function at all with the
module loaded.

Here is the tail of httpd/error_log:

[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088207
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
Got user=[xxxxxx] domain=[180INTERNAL] workstation=[bil-pdel-8]
len1=24 len2=24
[2006/06/07 15:41:20, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088235
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088207
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088207
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
Got user=[xxxxxx] domain=[180INTERNAL] workstation=[bil-pdel-8]
len1=24 len2=24
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
Got user=[xxxxxx] domain=[180INTERNAL] workstation=[bil-pdel-8]
len1=24 len2=24
[2006/06/07 15:41:20, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088235
[2006/06/07 15:41:20, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/06/07 15:41:20, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x00088235
-----------------------------------------------------------------------

Here is what I get in FireFox when I try a different virtual container:

This server could not verify that you are authorized to access the
document requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser doesn't understand how to supply the
credentials required.

-----------------------------------------------------------------------

There are no errors, but here is the access_log:

216.xxx.xxx.2 - - [07/Jun/2006:16:33:12 -0600] "GET
/cgi-nmis/nmiscgi.pl?file=nmis.conf&menu=small HTTP/1.1" 401 487 "-"
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4)
Gecko/20060508 Firefox/1.5.0.4"

---------------------------------------------------------------------

First question: Why is it still trying to use the ntlm module in a
different virtual container? I get the same error with
NTLMBasicAuthoritative off or on.

IE is a different story altogether. With it, I get the login box and
when I present the same login as FireFox, I get:

Cannot find server or DNS Error
Internet Explorer

And this is all I get in the error_log:

[2006/06/07 15:50:43, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xa2088207

Truthfully, I can live with the IE error as most everybody in our
company uses FireFox, however I would like to be able to separate
virtual container login Auth methods if at all possible.

Second question: Have I mis-configured something here or missed
something in the news group postings? I have the mod_ntlm_winbind.c
from the following URL:
http://download.samba.org/ftp/unpack...ntlm_winbind.c
Which I think is the correct one.

Any help with this would be greatly appreciated...

Much thanks,

John

"samba" "(at)" "JGSystems.net"