--- Begin Message ---
Speeves,
I've been trying to send this email to the modperl list 2 times now and have a query open with the list owner as to why my subscribed address can not post it. I would be greatful if you could fwd it to the list, since that seems to work for you. But some more background information on the problem.
NB - The Samba server is not even listening to the domain DOMAIN but it still authenticates.
NB2 - I have also found the problem with the DNS lookup for an Address (A) record for "." that happens when there is no BDC server listed. Maybe this is a bug, as-in the config should detect the lack of BDC and no try any other server. To get around this where there is no BDC I have use the same IP address twice for PDC and BDC. It simply tries 2 times and fails.
-------- Original Message -------- Subject: Apache::AuthenNTLM-2.04 Problems.. Date: Fri, 16 Jan 2004 17:44:41 +0000 From: Darryl Miles <[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
NB: 2nd send to list.
Hi,
I'm getting the error:
....SNIPPED....
[3527] AuthenNTLM: Authorization Header NTLM
[3527] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain offset=0, host length=0, host offset=0, host=, domain=
[3527] AuthenNTLM: Connect to pdc = 172.16.48.3 bdc = domain = office.domain.com
[3527] AuthenNTLM: enter lock
[Fri Jan 16 00:13:20 2004] [error] access to /login_ntlm/process failed for , reason: Connect to SMB Server faild (pdc = 172.16.48.3 bdc = domain = office.domain.com error = -11/0) for /login_ntlm/process
[3527] AuthenNTLM: leave lock
[Fri Jan 16 00:13:20 2004] [error] access to /login_ntlm/process failed for , reason: Cannot get nonce
I take is that the "Authorization Header NTLM" is the IE6 client indicating it would like to use NTLM authentication, and therfore the Apache server should start the process off by passing the nonce value in the next response.
I have investigated this problem and managed to tie down the problem to Authen::Smb I have use the example demo code:
#!/usr/bin/perl # # use Authen::Smb;
my $authResult = Authen::Smb::authen('username', 'password', '172.16.32.3', '172.16.32.4', 'DOMAIN');
if ( $authResult == Authen::Smb::NO_ERROR ) { print "User successfully authenticated.\n"; } else { print "User not authenticated with error level $authResult\n"; }
I always get the output of:
User not authenticated with error level 1
Now if I use my PDC = Win2000 SP3, BDC = Linux/Samba.
The Linux Samba server will authenticate without a problem, running 'strace -s 512 ./smb.pl' illustrates what happens:
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(139), sin_addr=inet_addr("172.16.32.3")}, 16) = 0
writev(3, [{"\201\0\0D DBDHDCCODBDGCODDDCCODDCACACACACA\0 EPEEEJEOCOEIEPENEFCOEEEBFCFCFJEM\0", 72}], 1) = 72
read(3, "\203\0\0\1", 4) = 4
read(3, "\202", 1) = 1
uname({sys="Linux", node="odin.mydomain.org", ...}) = 0
getpid() = 6456
getgid32() = 0
That was the attempt with Win2000 SP3, it returns 5 bytes of data, interestingly it leaves the connection open. I've no idea what the response 0x83 0x00 0x00 0x01 0x82 means.
Now when talking to Linux/Samba:
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(139), sin_addr=inet_addr("172.16.32.4")}, 16) = 0
writev(4, [{"\201\0\0D DBDHDCCODBDGCODDDCCODECACACACACA\0 EPEEEJEOCOEIEPENEFCOEEEBFCFCFJEM\0", 72}], 1) = 72
read(4, "\202\0\0\0", 4) = 4
writev(4, [{"\0\0\0\244", 4}, {"\377SMBr\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0008\31\0\0008\31\0\201\0\2PC NETWORK PROGRAM 1.0\0\2MICROSOFT NETWORKS 1.03\0\2MICROSOFT NETWORKS 3.0\0\2LANMAN1.0\0\2LM1.2X002\0\2Samba\0\2NT LM 0.12\0\2NT LANMAN 1.0\0", 164}], 2) = 168
read(4, "\0\0\0T", 4) = 4
read(4, "\377SMBr\0\0\0\0\200\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0008\31\0\0008\31\21\7\0\0032\0\1\0\4A\0\0\0\0\1\0009\31\0\0\371\343\0\0\200\255\273J\320\333\303\1\0\0\10\17\0mmy\211\177\204\214\215DARRYL\0", 84) = 84
writev(4, [{"\0\0\0\215", 4}, {"\377SMBs\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0008\31\0\0008\31\r\377\0\0\0\377\377\0\0\0\0\0\0\0\0\30\0\0\0\0\0\0\0\0\0\0\0P\0\177\r\30\201;nQ\264\22,>p?\343\371)\232b\235n\300\37\231\202loki\0WINTWOK\0UNIX of some type\0SMBlib LM2.1 minus a bit\0", 141}], 2) = 145
read(4, "\0\0\0B", 4) = 4
read(4, "\377SMBs\0\0\0\0\200\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0008\31d\0008\31\3\377\0\0\0\0\0\31\0Unix\0Samba 2.2.8a\0DARRYL\0", 66) = 66
close(4) = 0
write(1, "User successfully authenticated.\n", 33User successfully authenticated.
) = 33
exit_group(0) = ?
The intial response is just 0x82 0x00 0x00 0x00.
Do I habe to configure my Win2000 SP3 box in a special way to allow external network authentications to be performed ?
Darryl
--- End Message ---
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
