You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by a....@ukgrid.net on 2011/02/03 08:58:49 UTC

[users@httpd] Apache 2.2 with mod_ntlm not working

Hi,

I'm attempting to get mod_ntlm2 working (I've not previously used it).  
On a FreeBSD 8.1 server I have installed apache 2.2 and mod_ntlm and  
added a section to the httpd.conf like:

    <Location />
      AuthName "NTLM Auth"
      AuthType NTLM
      NTLMAuth on
      NTLMAuthoritative on
      NTLMDomain domain
      NTLMServer pdc
      NTLMBackup bdc
      require valid-user
     </Location>

With my domain and pdc and bdc hostnames substituted. I have a couple  
of windows accounts I am testig with, I have tested using windows  
commands (net use) that these usernames and passwords are valid.  
However when I attempted to authenticate via a browser it always  
denies me access, and after a few tries it locks out the windows  
accounts. The error I am seeing in the apache logs is:

[Wed Feb 02 17:36:53 2011] [notice] [client x.x.x.x] send  
WWW-Authenticate "NTLM TlRMTVNTUAACAAAAGAAYADAAAAAHggEAumj
c+uE2yscAAAAAAAAAAAAAAABIAAAAdgBvAGsAZQBzAGEAaQByAC4AYwBvAG0A",  
referer: http://x.x.x.x/
[Wed Feb 02 17:36:53 2011] [notice] [client x.x.x.x] got auth_line  
"TlRMTVNTUAADAAAAGAAYAIIAAABQAFAAmgAAABAAEA
BYAAAADgAOAGgAAAAMAAwAdgAAAAAAAADqAA
AABYIAAgYBsB0AAAAPG0il5C/9srkfmPPMxZsuk3YAbwBrAGUAcwBhAGkAcgBSAFQAQQBkAG0AaQBuA
FAAQQBWAEQAVgA2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN4MKU+bIaQMe7eLipcJ3PkBAQAAAAAA
ABmNq8j/wssBw09SFnwgKuoAAAAAAgAYAHYAbwBrAGUAcwBhAGkAcgAuAGMAbwBtAAAAAAAAAAAA",  
referer: http://10.120.221.207/
[Wed Feb 02 17:36:53 2011] [notice] [client x.x.x.x] got header with  
host "workstation", domain "domain", referer: http://x.x.x.x/
[Wed Feb 02 17:36:53 2011] [error] [client x.x.x.x] received msg3  
92545680 63783, referer: http://x.x.x.x/
[Wed Feb 02 17:36:53 2011] [error] [client 10.x.x.x] authenticating  
user against DC 92545680 63783, referer: http://10.120.221.207/
[Wed Feb 02 17:36:53 2011] [error] [client x.x.x.x] NTLM/SMB user  
"myuser": authentication failure for "/", referer: http://x.x.x.x/

Having had a google I couldn't find any similar issues, does anyone  
have any ideas? Am I missing something obvious/basic? Or is there some  
other debugging I can do?

thanks in advance! Andy.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: Apache 2.2 with mod_ntlm not working

Posted by Igor Galić <i....@brainsware.org>.

----- "a smith" <a....@ukgrid.net> wrote:

> Quoting a.smith@ukgrid.net:
> 
> > I'm attempting to get mod_ntlm2 working (I've not previously used  
> > it). On a FreeBSD 8.1 server I have installed apache 2.2 and  
> > mod_ntlm and added a section to the httpd.conf like:
> 
> Looks like its probably due to NTLMv1 not being allowed by default on 
> Windows 2008R2 systems.

It's the year 2011. Microsoft has been working hard since NT 4.0 to
deprecate NTLM. All of it. And still it's haunting us?
 
> http://support.microsoft.com/kb/954387
> 
> thanks Andy.

have you considered Kerberos?

Most Unixes these days are easily kerberized, if they don't come kerberized
out of the box already.

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: Apache 2.2 with mod_ntlm not working

Posted by a....@ukgrid.net.

Quoting a.smith@ukgrid.net:

> I'm attempting to get mod_ntlm2 working (I've not previously used  
> it). On a FreeBSD 8.1 server I have installed apache 2.2 and  
> mod_ntlm and added a section to the httpd.conf like:

Looks like its probably due to NTLMv1 not being allowed by default on  
Windows 2008R2 systems.

http://support.microsoft.com/kb/954387

thanks Andy.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org