Hi Speeves, i'm trying to get this package working as I need to do authentication for apache users towards two separate NT domains.
For one domain it works OK, but not for multiple (two) domains. What I found is that only defaultdomain PDC is being contacted neverthless on what domain user specified in dialog box of her browser. I'm using this configuration: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.8a DAV/2 PHP/4.4.4 mod_perl/2.0.4 Perl/v5.8.8 Apache2-AuthenNTLM-0.02 and config files looks like this: bash-3.1# cat ~maniac/public_html/auth/.htaccess PerlAuthenHandler Apache2::AuthenNTLM PerlAddVar ntdomain "ABCD abcd00 abcd01" PerlAddVar ntdomain "EFGHIJKL efgh00 efgh01" PerlSetVar defaultdomain ABCD PerlSetVar fallbackdomain EFGHIJKL PerlSetVar splitdomainprefix 1 PerlSetVar ntlmdebug 10 PerlSetVar ntlmauthoritative off bash-3.1# bash-3.1# egrep '^KeepAlive' /usr/local/apache2/conf/httpd.conf KeepAlive On KeepAliveTimeout 15 bash-3.1# and here is DEBUG: [433] AuthenNTLM: Config Domain = abcd pdc = abcd00 bdc = abcd01 [433] AuthenNTLM: Config Domain = efghijkl pdc = efgh00 bdc = efgh01 [433] AuthenNTLM: Config Default Domain = ABCD [433] AuthenNTLM: Config Fallback Domain = EFGHIJKL [433] AuthenNTLM: Config AuthType = ntlm,basic AuthName = Request Tracker [433] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1 [433] AuthenNTLM: Config NTLMAuthoritative = off BasicAuthoritative = on [433] AuthenNTLM: Config Semaphore key = 23754 timeout = 2 [433] AuthenNTLM: Config SplitDomainPrefix = 1 [433] AuthenNTLM: Authorization Header <not given> [433] AuthenNTLM: Start NTLM Authen handler pid = 433, connection = 148859384 conn_http_hdr = keep-alive main = cuser = remote_ip = 10.43.0.1 remote_port = 13368 remote_host = <> version = 0.02 smbhandle = [433] AuthenNTLM: Object exists user = \ [433] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= [433] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 130 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 [433] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain offset=0, host length=0, host offset=0, host=, domain= [433] handler type == 1 [433] AuthenNTLM: Connect to pdc = abcd00 bdc = abcd01 domain = ABCD [433] AuthenNTLM: enter lock [433] AuthenNTLM: verify handle smbhandle == 148929880 [433] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1 130 0 0 42 225 65 221 113 136 230 1 0 0 0 0 0 0 0 0 [433] AuthenNTLM: charencoding = 1 [433] AuthenNTLM: flags2 = 130 [433] AuthenNTLM: nonce=*?A?q? [433] AuthenNTLM: Send header: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAKuFB3XGI5gEAAAAAAAAAAA== [433] AuthenNTLM: verify handle = 1 smbhandle == 148929880 [433] AuthenNTLM: Start NTLM Authen handler pid = 433, connection = 148859384 conn_http_hdr = keep-alive main = cuser = remote_ip = 10.43.0.1 remote_port = 13368 remote_host = <> version = 0.02 smbhandle = [433] AuthenNTLM: Object exists user = \ [433] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAABAAEABAAAAADgAOAFAAAAAMAAwAXgAAAAAAAAAAAAAAAYIAAEEATABMAEUARwBSAE8AMgB6AHMAdgBpAGQAZQBvAGEAbgBhAGwAbwBnAKN089J3fFjZbtDbfMq+zMdz4/CG8Una1aN089J3fFjZbtDbfMq+zMdz4/CG8Una1Q== [433] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 106 0 0 0 24 0 24 0 130 0 0 0 16 0 16 0 64 0 0 0 14 0 14 0 80 0 0 0 12 0 12 0 94 0 0 0 0 0 0 0 0 0 0 0 1 130 0 0 65 0 76 0 76 0 69 0 71 0 82 0 79 0 50 0 122 0 115 0 118 0 105 0 100 0 101 0 111 0 97 0 110 0 97 0 108 0 111 0 103 0 163 116 243 210 119 124 88 217 110 208 219 124 202 190 204 199 115 227 240 134 241 73 218 213 163 116 243 210 119 124 88 217 110 208 219 124 202 190 204 199 115 227 240 134 241 73 218 213 [433] AuthenNTLM: protocol=NTLMSSP, type=3, user=xyz, host=analog, domain=EFGHIJKL, msg_len=0 [433] handler type == 3 [433] AuthenNTLM: verify handle = 3 smbhandle == 148929880 [433] AuthenNTLM: Verify user xyz via smb server [433] AuthenNTLM: leave lock [433] AuthenNTLM: rc = 3 ntlmhash = ?t??w|X?n??|ʾ??s???I?? As you can see, i'm using my firefox, entering login name "EFGHIJKL\xyz", but module is trying to connect to servers of domain ABCD instead of EFGHIJKL. I'm confused also why there is no domain\user specified in line "[433] AuthenNTLM: Object exists user = \ ", and later, there is line with correct user and domain: "[433] AuthenNTLM: protocol=NTLMSSP, type=3, user=xyz, host=analog, domain=EFGHIJKL, msg_len=0" Many thanks, maniac
