You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Peter Huesser <pe...@psi.ch> on 2004/12/02 13:21:38 UTC

[users@httpd] mod_smbauth and window2003 domaincontroller

Hello everybody

I am using mod_smbauth on my apache (2.0.46) to authenticate users 
against the windowsworld. The windowsteam migrated from a windows2000 to 
a windows2003 domaincontroller. Since this migration authentication does 
not work anymore. In the apache logfile I see the following error message:

    Could not connect to server: NT_STATUS_ACCESS_DENIED

Snooping the traffic between domaincontroller and apache servers shows 
me that the server sends a "Tree Connect AndX Request" to the 
domaincontroller and gets a "Tree Connect andX Response, Error: 
STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make 
authentication work again ?

Thank's in advance for any help

    Pedro



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_smbauth and window2003 domaincontroller

Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.

no, thats wrong. you only need a ldap-client sdk on the machine apache works 
on. the ldap-server can be any other server, for example a win2000/2003 
server AD.
Ralf

----- Original Message ----- 
From: "Peter Huesser" <pe...@psi.ch>
To: <us...@httpd.apache.org>
Sent: Friday, December 03, 2004 1:35 AM
Subject: Re: [users@httpd] mod_smbauth and window2003 domaincontroller


> Thank's for your answer.
>
> In the meantime I found out that smbauth1.5.1 (which requires samba_3.0.0 
> or higher) should work. Unfortunately I did not manage to compile it until 
> now.
>
> As far as I could see mod_auth_ldap is not an alternative. To compile the 
> module you have to give the directory of the ldapserver, which has to be 
> on the same server as the apacheserver.
>
> Greetings
>
>    Pedro
>
>> not sure about smb, but it might use samba. perhaps you need to update 
>> this to work with 2003, but just a guess. you could also try 
>> mod_auth_ldap.
>>
>> ----- Original Message ----- From: "Peter Huesser" <pe...@psi.ch>
>> To: <us...@httpd.apache.org>
>> Sent: Thursday, December 02, 2004 1:21 PM
>> Subject: [users@httpd] mod_smbauth and window2003 domaincontroller
>>
>>
>>> Hello everybody
>>>
>>> I am using mod_smbauth on my apache (2.0.46) to authenticate users 
>>> against the windowsworld. The windowsteam migrated from a windows2000 to 
>>> a windows2003 domaincontroller. Since this migration authentication does 
>>> not work anymore. In the apache logfile I see the following error 
>>> message:
>>>
>>>    Could not connect to server: NT_STATUS_ACCESS_DENIED
>>>
>>> Snooping the traffic between domaincontroller and apache servers shows 
>>> me that the server sends a "Tree Connect AndX Request" to the 
>>> domaincontroller and gets a "Tree Connect andX Response, Error: 
>>> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make 
>>> authentication work again ?
>>>
>>> Thank's in advance for any help
>>>
>>>    Pedro
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> -- 
> Dr. Peter Hüsser
> Abteilung Telematik
> CH-5232 Villigen PSI
> Email: peter.huesser@psi.ch
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_smbauth and window2003 domaincontroller

Posted by Peter Huesser <pe...@psi.ch>.

Thank's for your answer.

In the meantime I found out that smbauth1.5.1 (which requires 
samba_3.0.0 or higher) should work. Unfortunately I did not manage to 
compile it until now.

As far as I could see mod_auth_ldap is not an alternative. To compile 
the module you have to give the directory of the ldapserver, which has 
to be on the same server as the apacheserver.

Greetings

    Pedro

> not sure about smb, but it might use samba. perhaps you need to update 
> this to work with 2003, but just a guess. you could also try 
> mod_auth_ldap.
>
> ----- Original Message ----- From: "Peter Huesser" <pe...@psi.ch>
> To: <us...@httpd.apache.org>
> Sent: Thursday, December 02, 2004 1:21 PM
> Subject: [users@httpd] mod_smbauth and window2003 domaincontroller
>
>
>> Hello everybody
>>
>> I am using mod_smbauth on my apache (2.0.46) to authenticate users 
>> against the windowsworld. The windowsteam migrated from a windows2000 
>> to a windows2003 domaincontroller. Since this migration 
>> authentication does not work anymore. In the apache logfile I see the 
>> following error message:
>>
>>    Could not connect to server: NT_STATUS_ACCESS_DENIED
>>
>> Snooping the traffic between domaincontroller and apache servers 
>> shows me that the server sends a "Tree Connect AndX Request" to the 
>> domaincontroller and gets a "Tree Connect andX Response, Error: 
>> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to 
>> make authentication work again ?
>>
>> Thank's in advance for any help
>>
>>    Pedro
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


-- 
Dr. Peter Hüsser
Abteilung Telematik
CH-5232 Villigen PSI
Email: peter.huesser@psi.ch



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_smbauth and window2003 domaincontroller

Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.

not sure about smb, but it might use samba. perhaps you need to update this 
to work with 2003, but just a guess. you could also try mod_auth_ldap.

----- Original Message ----- 
From: "Peter Huesser" <pe...@psi.ch>
To: <us...@httpd.apache.org>
Sent: Thursday, December 02, 2004 1:21 PM
Subject: [users@httpd] mod_smbauth and window2003 domaincontroller


> Hello everybody
>
> I am using mod_smbauth on my apache (2.0.46) to authenticate users against 
> the windowsworld. The windowsteam migrated from a windows2000 to a 
> windows2003 domaincontroller. Since this migration authentication does not 
> work anymore. In the apache logfile I see the following error message:
>
>    Could not connect to server: NT_STATUS_ACCESS_DENIED
>
> Snooping the traffic between domaincontroller and apache servers shows me 
> that the server sends a "Tree Connect AndX Request" to the 
> domaincontroller and gets a "Tree Connect andX Response, Error: 
> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make 
> authentication work again ?
>
> Thank's in advance for any help
>
>    Pedro
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org