Hi, I've got a problem trying to set up Apache::AuthenNTLM to secure the administration area for our (mod_perl-based) CMS.
The server setup is as follows: * A lightweight port-80 instance of Apache, which deals with all requests for static content, and proxies everything else over to... * A mod_perl-centric, port-8080 instance of Apache, which deals with all the dynamic, mod_perl-generated content I've setup the authentication on the administration area in the httpd.conf file for the backend, port-8080 server to use AuthenNTLM. When I access a test script directly on the port:8080 server, the authentication works a dream. This seems to confirm, to me, that the settings are basically correct. However, when I try to access the authenticated area through the frontend, port-80 server, the authentication doesn't work. The client gets a variation on the "little grey box" of Basic Authentication, this time with a "domain" field added. Entering details into the box only brings the box back, however. KeepAlive is on for both Apaches. I've enabled "PerlSetVar ntlmdebug 2", and the output for each situation is below. I've asterisked out anything that I think might be unwise to post on a public forum; if it turns out that some of that is needed to figure out what's going on, I'll be glad to revise that heuristic! Firstly, the direct attempt (which worked): [14925] AuthenNTLM: Config Domain = domain1 pdc = **** bdc = **** [14925] AuthenNTLM: Config Default Domain = domain1 [14925] AuthenNTLM: Config Fallback Domain = [14925] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM Authentication Test [14925] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0 [14925] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [14925] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [14925] AuthenNTLM: Authorization Header <not given> [Mon Jul 5 15:03:23 2004] [error] access to /res/env.cgi failed for , reason: Bad/Missing NTLM/Basic Authorization Header for /res/env.cgi [14925] AuthenNTLM: Start NTLM Authen handler pid = 14925, connection = 156590692 conn_http_hdr = Keep-Alive main = cuser = remote_ip = **** remote_port = **** remote_host = < > version = 0.23 [14925] AuthenNTLM: Object exists user = \ [14925] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB7IAoAcABwAoAAAACAAIACAAAABXQkMtVFMtMURPTUFJTjE= [14925] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 160 7 0 7 0 40 0 0 0 8 0 8 0 32 0 0 0 87 66 67 45 84 83 45 49 68 79 77 65 73 78 49 [14925] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=7, domain offset=40, host length=8, host offset=32, host=WBC-TS-1, domain=DOMAIN1 [14925] AuthenNTLM: Connect to pdc = **** bdc = **** domain = domain1 [14925] AuthenNTLM: timed out while waiting for lock (key = 23754) [14925] AuthenNTLM: leave lock [14925] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1 130 0 0 216 117 139 24 181 48 159 61 0 0 0 0 0 0 0 0 [14925] AuthenNTLM: charencoding = 1 [14925] AuthenNTLM: flags2 = 130 [14925] AuthenNTLM: nonce=Øuµ0= [14925] AuthenNTLM: Send header: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAA2HWLGLUwnz0AAAAAAAAAAA== [14925] AuthenNTLM: Start NTLM Authen handler pid = 14925, connection = 156590692 conn_http_hdr = Keep-Alive main = cuser = remote_ip = **** remote_port = **** remote_host = < > version = 0.23 [14925] AuthenNTLM: Object exists user = \ [14925] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAA4ADgBAAAAAEAAQAE4AAAAQABAAXgAAAAAAAACeAAAABYIAAEQATwBNAEEASQBOADEAYQByAHQAaQBjAGwAZQA3AFcAQgBDAC0AVABTAC0AMQBDF+KMFTHlqAmWaSgr17JBJVr6fpDj9dGBGDYhHPRVxYNQsYcPvPYUSpQoEYrg0T8= [14925] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 110 0 0 0 24 0 24 0 134 0 0 0 14 0 14 0 64 0 0 0 16 0 16 0 78 0 0 0 16 0 16 0 94 0 0 0 0 0 0 0 158 0 0 0 5 130 0 0 68 0 79 0 77 0 65 0 73 0 78 0 49 0 97 0 114 0 116 0 105 0 99 0 108 0 101 0 55 0 87 0 66 0 67 0 45 0 84 0 83 0 45 0 49 0 67 23 226 140 21 49 229 168 9 150 105 40 43 215 178 65 37 90 250 126 144 227 245 209 129 24 54 33 28 244 85 197 131 80 177 135 15 188 246 20 74 148 40 17 138 224 209 63 [14925] AuthenNTLM: protocol=NTLMSSP, type=3, user=****, host=****, domain=DOMAIN1, msg_len=0 [14925] AuthenNTLM: Verify user **** via smb server [14925] AuthenNTLM: OK pid = 14925, connection = 156590692 cuser = **** ip = **** Next, the attempt via the port-80 Apache proxy. The following is taken from the port-8080 error log, so at least some of the data is being proxied properly. [14927] AuthenNTLM: Config Domain = domain1 pdc = **** bdc = **** [14927] AuthenNTLM: Config Default Domain = domain1 [14927] AuthenNTLM: Config Fallback Domain = [14927] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM Authentication Test [14927] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0 [14927] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [14927] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [14927] AuthenNTLM: Authorization Header <not given> [Mon Jul 5 15:04:48 2004] [error] access to /res/env.cgi failed for , reason: Bad/Missing NTLM/Basic Authorization Header for /res/env.cgi [14928] AuthenNTLM: Config Domain = domain1 pdc = **** bdc = **** [14928] AuthenNTLM: Config Default Domain = domain1 [14928] AuthenNTLM: Config Fallback Domain = [14928] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM Authentication Test [14928] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0 [14928] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [14928] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [14928] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB7IAoAcABwAoAAAACAAIACAAAABXQkMtVFMtMURPTUFJTjE= [14928] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 160 7 0 7 0 40 0 0 0 8 0 8 0 32 0 0 0 87 66 67 45 84 83 45 49 68 79 77 65 73 78 49 [14928] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=7, domain offset=40, host length=8, host offset=32, host=****, domain=DOMAIN1 [14928] AuthenNTLM: Connect to pdc = **** bdc = **** domain = domain1 [14928] AuthenNTLM: timed out while waiting for lock (key = 23754) [14928] AuthenNTLM: leave lock [14928] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1 130 0 0 237 54 160 59 210 45 73 31 0 0 0 0 0 0 0 0 [14928] AuthenNTLM: charencoding = 1 [14928] AuthenNTLM: flags2 = 130 [14928] AuthenNTLM: nonce=í6 ;Ò-I [14928] AuthenNTLM: Send header: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAA7TagO9ItSR8AAAAAAAAAAA== [14931] AuthenNTLM: Config Domain = domain1 pdc = **** bdc = **** [14931] AuthenNTLM: Config Default Domain = domain1 [14931] AuthenNTLM: Config Fallback Domain = [14931] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM Authentication Test [14931] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0 [14931] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [14931] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [14931] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAADAAAAGAAYAG4AAAAYABgAhgAAAA4ADgBAAAAAEAAQAE4AAAAQABAAXgAAAAAAAACeAAAABYIAAEQATwBNAEEASQBOADEAYQByAHQAaQBjAGwAZQA3AFcAQgBDAC0AVABTAC0AMQBiv3n6p8JPs2uUTnt8MF2EP4hRjEh2tCiqD+KoKwflU3uqx/pgoASpny765wJy6Hp= [14931] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 110 0 0 0 24 0 24 0 134 0 0 0 14 0 14 0 64 0 0 0 16 0 16 0 78 0 0 0 16 0 16 0 94 0 0 0 0 0 0 0 158 0 0 0 5 130 0 0 68 0 79 0 77 0 65 0 73 0 78 0 49 0 97 0 114 0 116 0 105 0 99 0 108 0 101 0 55 0 87 0 66 0 67 0 45 0 84 0 83 0 45 0 49 0 98 191 121 250 167 194 79 179 107 148 78 123 124 48 93 132 63 136 81 140 72 118 180 40 170 15 226 168 43 7 229 83 123 170 199 250 96 160 4 169 159 46 250 231 2 114 232 122 [14931] AuthenNTLM: protocol=NTLMSSP, type=3, user=****, host=****, domain=DOMAIN1, msg_len=0 [Mon Jul 5 15:04:50 2004] [error] access to /res/env.cgi failed for , reason: SMB Server connection not open in state 3 for /res/env.cgi Any ideas would be very much appreciated. Cheers, Andrew. -- :: article seven Andrew Green automatic internet [EMAIL PROTECTED] | www.article7.co.uk -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html