speeves at unt
Jan 27, 2004, 10:03 PM
Views: 6442
Permalink
|
|
[Fwd: Re: Apache::AuthenNTLM-2.04 Problems..]
|
|
-------- Original Message --------
Subject: Re: Apache::AuthenNTLM-2.04 Problems..
Date: Wed, 28 Jan 2004 02:31:22 +0000
From: Darryl Miles <modperl-list[at]the-morg.org>
To: modperl[at]perl.apache.org
CC: Shannon Eric Peevey <speeves[at]unt.edu>
References: <40074075.7070406[at]the-morg.org>
NB - Speeves, Please forward to modperl list since I don't think the
list robot is accepting any of my submissions.
AuthenNTLM.
Right I have managed to sort out the "Can not get NONCE" error. The
NONCE is the random data intiality retrieved from the WIN32 authorative
host, this nonce value is then sent in the Authorization HTTP header to
the browser. The Browser then modifies its value using the username and
password the user inputs. The AuthenNTLM passes this back to the WIN32
authorative host to get a yes/no response for authentication.
My problem was that you can not use a raw IP address (in dotted quad
format) for the PDC or BDC arguments in your httpd.conf in the
"PerlAddVar ntdomain" config line. This causes this dotted quad format
to be the called name which will never match your servers
pre-Windows2000 network ID.
You should also NOT try and use the post-Windows2000 full servers domain
name (unless the complete FQDN is 16 chars or less), since this gets
truncated to 16 bytes (that is what the pre-Windows2000 maximum name
length is) and will never match your WIN32 servers FQDN.
Now because you have to use the hostname in the httpd.conf line, and you
can not put in the FQDN you have to put in just the hostname part of the
FDQN (that is all the characters upto the first fullstop in the FQDN).
You then need to make sure the Apache server host can resolve this name
to the IP address. One way of doing this would be to add the domain
name part into the "search" line of /etc/resolv.conf, another way might
be to use /etc/hosts file and/or /etc/host.conf to resolve this its IP
(this is untested by me).
Maybe this information above can be added into the README of the
Apache::AuthenNTLM package to further assist the next person.
Now I am getting past the "Can not get NONCE" error and getting an IE
error "The page cannot be displayed", "Cannot find server or DNS Error
Internet Explorer". This IE error does not make any sense in this context.
The last lines in the log are:
[5572] AuthenNTLM: Config Domain = domain pdc = winserv bdc = winserv
[5572] AuthenNTLM: Config Default Domain = domain
[5572] AuthenNTLM: Config Fallback Domain =
[5572] AuthenNTLM: Config AuthType = ntlm AuthName = /
[5572] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[5572] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[5572] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[5572] AuthenNTLM: Authorization Header <not given>
[Wed Jan 28 02:28:16 2004] [error] access to /login_ntlm/process failed
for , reason: Bad/Missing NTLM/Basic Authorization Header for
/login_ntlm/process
[5573] AuthenNTLM: Config Domain = domain pdc = winserv bdc = winserv
[5573] AuthenNTLM: Config Default Domain = domain
[5573] AuthenNTLM: Config Fallback Domain =
[5573] AuthenNTLM: Config AuthType = ntlm AuthName = /
[5573] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[5573] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
[5573] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[5573] AuthenNTLM: Authorization Header NTLM
TlRMTVNTUAABAAAAB7IAoAsACwAlAAAABQAFACAAAABDQkNPU0NSWVNUQUxCTFVF
[5573] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 160 11 0
11 0 37 0 0 0 5 0 5 0 32 0 0 0 67 66 67 79 83 67 82 89 83 84 65 76 66 76
85 69
[5573] AuthenNTLM: protocol=NTLMSSP, type=1,
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=11,
domain offset=37, host length=5, host offset=32, host=winserv, domain=domain
[5573] AuthenNTLM: Connect to pdc = winserv bdc = winserv domain = domain
[5573] AuthenNTLM: enter lock
[5573] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0
1 130 0 0 230 21 15 88 242 175 242 123 0 0 0 0 0 0 0 0
[5573] AuthenNTLM: charencoding = 1
[5573] AuthenNTLM: flags2 = 130
[5573] AuthenNTLM: nonce=æXò¯ò{
[5573] AuthenNTLM: Send header: NTLM
TlRMTVNTUAACAAAAAAAAACgAAAABggAA5hUPWPKv8nsAAAAAAAAAAA==
Any more ideas on this next problem ?
Regards
Darryl L Miles
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
|
[Fwd: Re: Apache::AuthenNTLM-2.04 Problems..]
