You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Jim Medell <jm...@gmail.com> on 2007/01/05 07:19:36 UTC
AuthenNTLM and IE not working
Current Setup:
Ubuntu Dapper w/Apache 2 & perl and latest AuthenNTLM. This server is
connected to an Active Directory Domain at work and has a FQDN that is
x4 (machine.something.domain.com
).
Issue: Internet Explorer (6 &7) will not authenticate. Note: FF & Opera
will (thus I know that AuthenNTLM is setup correctly)
Config:
PerlAuthenHandler Apache2::AuthenNTLM
AuthType NTLM
AuthName "machine.something.domain.com"
require valid-user
PerlAddVar ntdomain "something.domain.com PDC BDC"
PerlSetVar defaultdomain "something"
PerlSetVar ntlmauthoritative on
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 2
#PerlSetVar ntlmsemkey 23754
#PerlSetVar ntlmsemtimeout 2
Note: If you look at the snippet from error.log below, you'll notice that
in browsers that work, you get "AuthenNTLM: Start NTLM Authen handler
pid..." where it's missing in the IE log.
Results in /var/log/apache2/error.log when trying to use IE:
[7109] AuthenNTLM: Config Domain = something.domain.com pdc = PDC bdc =
BDC
[7109] AuthenNTLM: Config Default Domain = something
[7109] AuthenNTLM: Config Fallback Domain = something.domain.com
[7109] AuthenNTLM: Config AuthType = NTLM,basic AuthName =
machine.something.domain.com
[7109] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[7109] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[7109] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[7109] AuthenNTLM: Config SplitDomainPrefix = 1
[7109] AuthenNTLM: Authorization Header <not given>
[7110] AuthenNTLM: Config Domain = something.domain.com pdc = PDC bdc =
BDC
[7110] AuthenNTLM: Config Default Domain = something
[7110] AuthenNTLM: Config Fallback Domain = something.domain.com
[7110] AuthenNTLM: Config AuthType = NTLM,basic AuthName =
machine.something.domain.com
[7110] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[7110] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[7110] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[7110] AuthenNTLM: Config SplitDomainPrefix = 1
[7110] AuthenNTLM: Authorization Header NTLM
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
[7110] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 130 8 162 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 5 1 40 10 0 0 0 15
[7110] AuthenNTLM: protocol=NTLMSSP, type=1,
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain
offset=0, host length=0, host offset=0, host=, domain=
[7110] handler type == 1
[7110] AuthenNTLM: Connect to pdc = PDC bdc = BDC domain =
something.domain.com
[7110] AuthenNTLM: timed outwhile waiting for lock (key = 23754)
[7110] AuthenNTLM: leave lock
[7110] AuthenNTLM: verify handle smbhandle == 137318920
[7110] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1
130 0 0 144 192 86 201 117 15 24 18 0 0 0 0 0 0 0 0
[7110] AuthenNTLM: charencoding = 1
[7110] AuthenNTLM: flags2 = 130
[7110] AuthenNTLM: nonce=<90>ÃVÃu^O^X^R
[7110] AuthenNTLM: Send header: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAkMBWyXUPGBIAAAAAAAAAAA==
[7110] AuthenNTLM: verify handle = 1 smbhandle == 137318920
Results in /var/log/apache2/error.log when trying to using FF (which works):
Results in /var/log/apache2/error.log when trying to using FF (which works):
[7496] AuthenNTLM: Config Domain = something.domain.com pdc = PDC bdc =
BDC
[7496] AuthenNTLM: Config Default Domain = something
[7496] AuthenNTLM: Config Fallback Domain = something.domain.com
[7496] AuthenNTLM: Config AuthType = NTLM,basic AuthName =
machine.something.domain.com
[7496] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[7496] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[7496] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[7496] AuthenNTLM: Config SplitDomainPrefix = 1
[7496] AuthenNTLM: Authorization Header <not given>
[7496] AuthenNTLM: Start NTLM Authen handler pid = 7496, connection =
137264168 conn_http_hdr = keep-alive main = cuser = remote_ip =
10.23.85.46 remote_port = 13107 remote_host = <> version = 0.02 smbhandle =
[7496] AuthenNTLM: Object exists user = \
[7496] AuthenNTLM: Authorization Header NTLM
TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
[7496] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 130 8 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
[7496] AuthenNTLM: protocol=NTLMSSP, type=1,
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain
offset=0, host length=0, host offset=0, host=, domain=
[7496] handler type == 1
[7496] AuthenNTLM: Connect to pdc = PDC bdc = BDC domain =
something.domain.com
[7496] AuthenNTLM: timed outwhile waiting for lock (key = 23754)
[7496] AuthenNTLM: leave lock
[7496] AuthenNTLM: verify handle smbhandle == 137320032
[7496] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1
130 0 0 87 69 85 25 250 62 74 59 0 0 0 0 0 0 0 0
[7496] AuthenNTLM: charencoding = 1
[7496] AuthenNTLM: flags2 = 130
[7496] AuthenNTLM: nonce=WEU^Yú>J;
[7496] AuthenNTLM: Send header: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAV0VVGfo+SjsAAAAAAAAAAA==
[7496] AuthenNTLM: verify handle = 1 smbhandle == 137320032
[7496] AuthenNTLM: Start NTLM Authen handler pid = 7496, connection =
137264168 conn_http_hdr = keep-alive main = cuser = remote_ip =
10.23.85.46 remote_port = 13107 remote_host = <> version = 0.02 smbhandle =
[7496] AuthenNTLM: Object exists user = \
[7496] AuthenNTLM: Authorization Header NTLM
TlRMTVNTUAADAAAAGAAYAHAAAAAYABgAiAAAAAYABgBAAAAAEAAQAEYAAAAaABoAVgAAAAAAAAAAAAAAAYIAAGEAbQByAGoAagBtAGUAZABlAGwAbABqAGoAbQBlAGQAZQBsAGwALQBtAG8AYgBsALJ+cg/WZZ071jJJAeecsYH00QdDTYL1NrJ+cg/WZZ071jJJAeecsYH00QdDTYL1Ng==
[7496] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 112 0 0 0
24 0 24 0 136 0 0 0 6 0 6 0 64 0 0 0 16 0 16 0 70 0 0 0 26 0 26 0 86 0 0 0 0
0 0 0 0 0 0 0 1 130 0 0 97 0 109 0 114 0 106 0 106 0 109 0 101 0 100 0 101 0
108 0 108 0 106 0 106 0 109 0 101 0 100 0 101 0 108 0 108 0 45 0 109 0 111 0
98 0 108 0 178 126 114 15 214 101 157 59 214 50 73 1 231 156 177 129 244 209
7 67 77 130 245 54 178 126 114 15 214 101 157 59 214 50 73 1 231 156 177 129
244 209 7 67 77 130 245 54
[7496] AuthenNTLM: protocol=NTLMSSP, type=3, user=username,
host=username-mobl, domain=something, msg_len=0
[7496] handler type == 3
[7496] AuthenNTLM: verify handle = 3 smbhandle == 137320032
[7496] AuthenNTLM: Verify user username via smb server
[7496] AuthenNTLM: OK pid = 7496, connection = 137264168 cuser = username ip
= 10.23.85.46