[Samba] Ntlm_auth Problem (resend)
in [Samba]
|
From: Drew Daugherty on 28 Nov 2006 12:10 I sent this message and realized I hadn't included info on the environment so I am resending it. I am running red hat enterprise linux 4 with samba version 3.0.10-1.4E.2. Apache version is 2.0.52. I also included output from running ntlm_auth on the command line with diagnostics. This fails but it only seems to try plaintext auth which will not work (see below). I am having problems with mod_auth_ntlm_winbind. The httpd error_log shows an NT_STATUS_INVALID_PARAMETER error when I try to log in from browsers (firefox, ie). Winbind seems to be functioning properly as I can start smb and log in via smbclient. wbinfo and getent work well also. Use NTLMv2 only switch is set on the Windows 2003 domain server. What am I doing wrong? -drew == ntlm_auth == ntlm_auth --username <username> --diagnostics --request-nt-key password: Wrong Password (0xc000006a) [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test LM failed! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117) LM Key does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118) lm_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] 00 00 00 00 00 00 00 00 ........ [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test LM and NTLM failed! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117) LM Key does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118) lm_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] 00 00 00 00 00 00 00 00 ........ [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLM failed! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(216) LM Key does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(217) lm_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] 5F F4 27 8C 39 2C 77 68 _.'.9,wh [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(219) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(224) Session Key (first 8 lm hash) does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(225) user_session_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] AA D3 B4 35 B5 14 04 EE 00 00 00 00 00 00 00 00 ...5.... ........ [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_lm(227) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLM in LM failed! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(287) LM Key does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(288) lm_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] 00 00 00 00 00 00 00 00 ........ [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_ntlm_in_both(290) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLM in both failed! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(117) LM Key does not match expectations! [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(118) lm_key: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] 00 00 00 00 00 00 00 00 ........ [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:test_lm_ntlm_broken(120) expected: [2006/11/28 10:52:09, 1] lib/util.c:dump_data(1999) [000] A4 4D 0C 79 81 C2 0D 7F .M.y.... [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLM and LM, LM broken failed! Wrong Password (0xc000006a) Wrong Password (0xc000006a) [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext failed! Wrong Password (0xc000006a) [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM broken failed! Wrong Password (0xc000006a) Wrong Password (0xc000006a) [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext NT only failed! Wrong Password (0xc000006a) [2006/11/28 10:52:09, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM only failed! == httpd.conf == <Directory "/tmp/test"> Order allow,deny Allow from all AuthName "Domain Logon" NTLMAuth On NegotiateAuth On NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -d9" NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego" NTLMBasicAuthoritative On AuthType NTLM AuthType Negotiate Require valid-user </Directory> == httpd error_log == [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(1018): [client 10.0.1.14] doing ntlm auth dance [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(482): [client 10.0.1.14] Launched ntlm_helper, pid 17034 [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(652): [client 10.0.1.14] creating auth user [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(703): [client 10.0.1.14] parsing reply from helper to YR TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABAAAAADAAMAEAAAAAWABYATAAAAAAAAAAAAAAABYIIAGQAcgBlAHcAaQBkAHMAYQBuAGYAZQByAG4AYQBuAGQAbwAkv/0BQK1sfAAAAAAAAAAAAAAAAAAAAACqF7oNvIilkIv2m3p/nQymm2TFvtxyGHM=\n [2006/11/27 16:36:10, 5] lib/debug.c:debug_dump_status(366) INFO: Current debug levels: all: True/9 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 [2006/11/27 16:36:10, 1] libsmb/ntlmssp.c:ntlmssp_update(252) got NTLMSSP command 3, expected 1 [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(741): [client 10.0.1.14] got response: NA NT_STATUS_INVALID_PARAMETER [Mon Nov 27 16:36:10 2006] [debug] mod_auth_ntlm_winbind.c(765): [client 10.0.1.14] user not authenticated: NT_STATUS_INVALID_PARAMETER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Pages: 1 Prev: [Samba] ntlm_auth problem Next: Disconnected network drive |