You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Peter Huesser <pe...@psi.ch> on 2004/12/02 13:21:38 UTC
[users@httpd] mod_smbauth and window2003 domaincontroller
Hello everybody
I am using mod_smbauth on my apache (2.0.46) to authenticate users
against the windowsworld. The windowsteam migrated from a windows2000 to
a windows2003 domaincontroller. Since this migration authentication does
not work anymore. In the apache logfile I see the following error message:
Could not connect to server: NT_STATUS_ACCESS_DENIED
Snooping the traffic between domaincontroller and apache servers shows
me that the server sends a "Tree Connect AndX Request" to the
domaincontroller and gets a "Tree Connect andX Response, Error:
STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make
authentication work again ?
Thank's in advance for any help
Pedro
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_smbauth and window2003 domaincontroller
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
no, thats wrong. you only need a ldap-client sdk on the machine apache works
on. the ldap-server can be any other server, for example a win2000/2003
server AD.
Ralf
----- Original Message -----
From: "Peter Huesser" <pe...@psi.ch>
To: <us...@httpd.apache.org>
Sent: Friday, December 03, 2004 1:35 AM
Subject: Re: [users@httpd] mod_smbauth and window2003 domaincontroller
> Thank's for your answer.
>
> In the meantime I found out that smbauth1.5.1 (which requires samba_3.0.0
> or higher) should work. Unfortunately I did not manage to compile it until
> now.
>
> As far as I could see mod_auth_ldap is not an alternative. To compile the
> module you have to give the directory of the ldapserver, which has to be
> on the same server as the apacheserver.
>
> Greetings
>
> Pedro
>
>> not sure about smb, but it might use samba. perhaps you need to update
>> this to work with 2003, but just a guess. you could also try
>> mod_auth_ldap.
>>
>> ----- Original Message ----- From: "Peter Huesser" <pe...@psi.ch>
>> To: <us...@httpd.apache.org>
>> Sent: Thursday, December 02, 2004 1:21 PM
>> Subject: [users@httpd] mod_smbauth and window2003 domaincontroller
>>
>>
>>> Hello everybody
>>>
>>> I am using mod_smbauth on my apache (2.0.46) to authenticate users
>>> against the windowsworld. The windowsteam migrated from a windows2000 to
>>> a windows2003 domaincontroller. Since this migration authentication does
>>> not work anymore. In the apache logfile I see the following error
>>> message:
>>>
>>> Could not connect to server: NT_STATUS_ACCESS_DENIED
>>>
>>> Snooping the traffic between domaincontroller and apache servers shows
>>> me that the server sends a "Tree Connect AndX Request" to the
>>> domaincontroller and gets a "Tree Connect andX Response, Error:
>>> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make
>>> authentication work again ?
>>>
>>> Thank's in advance for any help
>>>
>>> Pedro
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> --
> Dr. Peter Hüsser
> Abteilung Telematik
> CH-5232 Villigen PSI
> Email: peter.huesser@psi.ch
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_smbauth and window2003 domaincontroller
Posted by Peter Huesser <pe...@psi.ch>.
Thank's for your answer.
In the meantime I found out that smbauth1.5.1 (which requires
samba_3.0.0 or higher) should work. Unfortunately I did not manage to
compile it until now.
As far as I could see mod_auth_ldap is not an alternative. To compile
the module you have to give the directory of the ldapserver, which has
to be on the same server as the apacheserver.
Greetings
Pedro
> not sure about smb, but it might use samba. perhaps you need to update
> this to work with 2003, but just a guess. you could also try
> mod_auth_ldap.
>
> ----- Original Message ----- From: "Peter Huesser" <pe...@psi.ch>
> To: <us...@httpd.apache.org>
> Sent: Thursday, December 02, 2004 1:21 PM
> Subject: [users@httpd] mod_smbauth and window2003 domaincontroller
>
>
>> Hello everybody
>>
>> I am using mod_smbauth on my apache (2.0.46) to authenticate users
>> against the windowsworld. The windowsteam migrated from a windows2000
>> to a windows2003 domaincontroller. Since this migration
>> authentication does not work anymore. In the apache logfile I see the
>> following error message:
>>
>> Could not connect to server: NT_STATUS_ACCESS_DENIED
>>
>> Snooping the traffic between domaincontroller and apache servers
>> shows me that the server sends a "Tree Connect AndX Request" to the
>> domaincontroller and gets a "Tree Connect andX Response, Error:
>> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to
>> make authentication work again ?
>>
>> Thank's in advance for any help
>>
>> Pedro
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
Dr. Peter Hüsser
Abteilung Telematik
CH-5232 Villigen PSI
Email: peter.huesser@psi.ch
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_smbauth and window2003 domaincontroller
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
not sure about smb, but it might use samba. perhaps you need to update this
to work with 2003, but just a guess. you could also try mod_auth_ldap.
----- Original Message -----
From: "Peter Huesser" <pe...@psi.ch>
To: <us...@httpd.apache.org>
Sent: Thursday, December 02, 2004 1:21 PM
Subject: [users@httpd] mod_smbauth and window2003 domaincontroller
> Hello everybody
>
> I am using mod_smbauth on my apache (2.0.46) to authenticate users against
> the windowsworld. The windowsteam migrated from a windows2000 to a
> windows2003 domaincontroller. Since this migration authentication does not
> work anymore. In the apache logfile I see the following error message:
>
> Could not connect to server: NT_STATUS_ACCESS_DENIED
>
> Snooping the traffic between domaincontroller and apache servers shows me
> that the server sends a "Tree Connect AndX Request" to the
> domaincontroller and gets a "Tree Connect andX Response, Error:
> STATUS_ACCES_DENIED" error back. Does anybody knows what to do to make
> authentication work again ?
>
> Thank's in advance for any help
>
> Pedro
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org