-------- Original Message -------- Subject: Re: Apache::AuthenNTLM-2.04 Problems.. Date: Wed, 28 Jan 2004 02:31:22 +0000 From: Darryl Miles <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] CC: Shannon Eric Peevey <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]>
NB - Speeves, Please forward to modperl list since I don't think the list robot is accepting any of my submissions.
AuthenNTLM.
Right I have managed to sort out the "Can not get NONCE" error. The NONCE is the random data intiality retrieved from the WIN32 authorative host, this nonce value is then sent in the Authorization HTTP header to the browser. The Browser then modifies its value using the username and password the user inputs. The AuthenNTLM passes this back to the WIN32 authorative host to get a yes/no response for authentication.
My problem was that you can not use a raw IP address (in dotted quad format) for the PDC or BDC arguments in your httpd.conf in the "PerlAddVar ntdomain" config line. This causes this dotted quad format to be the called name which will never match your servers pre-Windows2000 network ID.
You should also NOT try and use the post-Windows2000 full servers domain name (unless the complete FQDN is 16 chars or less), since this gets truncated to 16 bytes (that is what the pre-Windows2000 maximum name length is) and will never match your WIN32 servers FQDN.
Now because you have to use the hostname in the httpd.conf line, and you can not put in the FQDN you have to put in just the hostname part of the FDQN (that is all the characters upto the first fullstop in the FQDN). You then need to make sure the Apache server host can resolve this name to the IP address. One way of doing this would be to add the domain name part into the "search" line of /etc/resolv.conf, another way might be to use /etc/hosts file and/or /etc/host.conf to resolve this its IP (this is untested by me).
Maybe this information above can be added into the README of the Apache::AuthenNTLM package to further assist the next person.
Now I am getting past the "Can not get NONCE" error and getting an IE error "The page cannot be displayed", "Cannot find server or DNS Error Internet Explorer". This IE error does not make any sense in this context.
The last lines in the log are:
[5572] AuthenNTLM: Config Domain = domain pdc = winserv bdc = winserv
[5572] AuthenNTLM: Config Default Domain = domain
[5572] AuthenNTLM: Config Fallback Domain =
[5572] AuthenNTLM: Config AuthType = ntlm AuthName = /
[5572] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[5572] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[5572] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[5572] AuthenNTLM: Authorization Header <not given>
[Wed Jan 28 02:28:16 2004] [error] access to /login_ntlm/process failed for , reason: Bad/Missing NTLM/Basic Authorization Header for /login_ntlm/process
[5573] AuthenNTLM: Config Domain = domain pdc = winserv bdc = winserv
[5573] AuthenNTLM: Config Default Domain = domain
[5573] AuthenNTLM: Config Fallback Domain =
[5573] AuthenNTLM: Config AuthType = ntlm AuthName = /
[5573] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[5573] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[5573] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[5573] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB7IAoAsACwAlAAAABQAFACAAAABDQkNPU0NSWVNUQUxCTFVF
[5573] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 160 11 0 11 0 37 0 0 0 5 0 5 0 32 0 0 0 67 66 67 79 83 67 82 89 83 84 65 76 66 76 85 69
[5573] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=11, domain offset=37, host length=5, host offset=32, host=winserv, domain=domain
[5573] AuthenNTLM: Connect to pdc = winserv bdc = winserv domain = domain
[5573] AuthenNTLM: enter lock
[5573] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1 130 0 0 230 21 15 88 242 175 242 123 0 0 0 0 0 0 0 0
[5573] AuthenNTLM: charencoding = 1
[5573] AuthenNTLM: flags2 = 130
[5573] AuthenNTLM: nonce=æXò¯ò{
[5573] AuthenNTLM: Send header: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAA5hUPWPKv8nsAAAAAAAAAAA==
Any more ideas on this next problem ?
Regards
Darryl L Miles
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
