You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Shannon Eric Peevey <sp...@unt.edu> on 2004/01/06 18:59:18 UTC
[Fwd: Apache::AuthenNTLM]
-------- Original Message --------
Subject: Apache::AuthenNTLM
Date: Tue, 6 Jan 2004 13:46:16 +0100 (CET)
From: Wiebe Kloosterman <wi...@kloosterman.cc>
To: speeves@unt.edu
Hallo,
I do have problems running Apache::AuthenNTLM
i am running the folowing config in httpd.conf
<Location /ntlm>
PerlAuthenHandler Apache::AuthenNTLM
AuthType "ntlm"
AuthName testntlm
require valid-user
PerlAddVar ntdomain "XXX XX100A XX0001"
PerlSetVar defaultdomain XXX
PerlSetVar ntlmdebug 1
</Location>
and this wat i get in the error_log
[15380] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
[15380] AuthenNTLM: Config Default Domain = XXX
[15380] AuthenNTLM: Config Fallback Domain =
[15380] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
[15380] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[15380] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[15380] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[15380] AuthenNTLM: Authorization Header <not given>
[Tue Jan 6 13:24:49 2004] [error] access to /ntlm/ failed for , reason:
Bad/Missing NTLM/Basic Authorization Header for /ntlm/
[15381] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
[15381] AuthenNTLM: Config Default Domain = XXX
[15381] AuthenNTLM: Config Fallback Domain =
[15381] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
[15381] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[15381] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[15381] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[15381] AuthenNTLM: Authorization Header NTLM
[15381] AuthenNTLM: protocol=NTLMSSP, type=1,
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
[15381] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
[15381] AuthenNTLM: timed out while waiting for lock (key = 23754)
[15381] AuthenNTLM: leave lock
[15381] AuthenNTLM: charencoding = 1
[15381] AuthenNTLM: flags2 = 130
[15381] AuthenNTLM: Send header: NTLM ...
when i do change PerlSetVar ntlmdebug to 2 than i get this
[20641] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
[20641] AuthenNTLM: Config Default Domain = XXX
[20641] AuthenNTLM: Config Fallback Domain =
[20641] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
[20641] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[20641] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[20641] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[20641] AuthenNTLM: Authorization Header <not given>
[Tue Jan 6 13:43:19 2004] [error] access to /ntlm/ failed for , reason:
Bad/Missing NTLM/Basic Authorization Header for /ntlm/
[20642] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
[20642] AuthenNTLM: Config Default Domain = XXX
[20642] AuthenNTLM: Config Fallback Domain =
[20642] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
[20642] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[20642] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[20642] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[20642] AuthenNTLM: Authorization Header NTLM
TlRMTVNTUAABAAAAB7IAAAMAAwAmAAAABgAGACAAAABXUzAxODVSWkc=
[20642] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 0 3 0 3 0
38 0 0 0 6 0 6 0 32 0 0 0 87 83 48 49 56 53 82 90 71
[20642] AuthenNTLM: protocol=NTLMSSP, type=1,
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
[20642] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
[20642] AuthenNTLM: timed out while waiting for lock (key = 23754)
[20642] AuthenNTLM: leave lock
[20642] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0
1 130 0 0 103 190 213 45 246 110 141 69 0 0 0 0 0 0 0 0
[20642] AuthenNTLM: charencoding = 1
[20642] AuthenNTLM: flags2 = 130E
[20642] AuthenNTLM: Send header: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAAZ77VLfZujUUAAAAAAAAAAA==
Any ideas?
Wiebe Kloosterman
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: Apache::AuthenNTLM]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Wiebe Kloosterman wrote:
>Shannon,
>I found my problem, KeepAlive wasn't turned on.
>
>i am sorry
>
>Wiebe Kloosterman
>
>
No problem. Thanks for letting us know the solution.
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: Apache::AuthenNTLM]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Quoting Wiebe Kloosterman <wi...@kloosterman.cc>:
> i have set "PerlSetVar ntlmsemtimout" but no change in syslog for timeout.
hmmm... Maybe I need a bit more information about the problem that you are
having. The logs point to a problem with a timeout that is put into place to
keep multiple auth cycles from starting at the same time... (One connection is
not releasing the lock on the semaphore before the timeout of the second
request.) I would tend to start thinking like Jason on this. Have you tried
using another smb client, (such as smbclient), to connect from your web server
machine? Does it also fail?
> small typo in help, must be "PerlSetVar ntlmsemtimeout" but that did also
> not help me.
Thanks for catching this. I will fix it in the next release.
--
Shannon Eric Peevey
Computer Systems Manager
UNT - Central Web Support
(940)369-8876
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: Apache::AuthenNTLM]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Hi!
Sorry for not getting back sooner!! We have been busy getting to know
our 2 month old baby :)
>
> when i do change PerlSetVar ntlmdebug to 2 than i get this
>
> [20641] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
> [20641] AuthenNTLM: Config Default Domain = XXX
> [20641] AuthenNTLM: Config Fallback Domain =
> [20641] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
> [20641] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
> [20641] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative
> = on
> [20641] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
> [20641] AuthenNTLM: Authorization Header <not given>
> [Tue Jan 6 13:43:19 2004] [error] access to /ntlm/ failed for , reason:
> Bad/Missing NTLM/Basic Authorization Header for /ntlm/
> [20642] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
> [20642] AuthenNTLM: Config Default Domain = XXX
> [20642] AuthenNTLM: Config Fallback Domain =
> [20642] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
> [20642] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
> [20642] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative
> = on
> [20642] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
> [20642] AuthenNTLM: Authorization Header NTLM
> TlRMTVNTUAABAAAAB7IAAAMAAwAmAAAABgAGACAAAABXUzAxODVSWkc=
> [20642] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 0 3 0 3 0
> 38 0 0 0 6 0 6 0 32 0 0 0 87 83 48 49 56 53 82 90 71
> [20642] AuthenNTLM: protocol=NTLMSSP, type=1,
> flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
> flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
> offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
> [20642] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
> [20642] AuthenNTLM: timed out while waiting for lock (key = 23754)
Looks like the ntlmsemtimeout isn't long enough...
=head2 PerlSetVar ntlmsemtimout
This set the timeout value used to wait for the semaphore. The default
is two seconds.
It is very small because during the time Apache waits for the semaphore,
no other
authentication request can be sent to the windows server. Also
Apache::AuthenNTLM
only asks the windows server once per keep-alive connection, this
timeout value
should be as small as possible.
Try increasing that and see if that helps.
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html