Loading ...
Sorry, an error occurred while loading the content.

Re: [Fwd: Apache::AuthenNTLM]

Expand Messages
  • Stefano Ciancio
    Hi Francoise, have you checked your IE settings? In Internet options of IE there is somewhere an option to tell IE to automatic authenticate. Stefano On Mon,
    Message 1 of 8 , Nov 3, 2003
    • 0 Attachment
      Hi Francoise,

      have you checked your IE settings? In "Internet options" of IE there is
      somewhere an option to tell IE to automatic authenticate.

      Stefano



      On Mon, 03 Nov 2003 11:05:01 -0600
      Shannon Eric Peevey <speeves@...> wrote:

      >
      >
      > -------- Original Message --------
      > Subject: Apache::AuthenNTLM
      > Date: Mon, 3 Nov 2003 10:56:26 -0000
      > From: francoise dehinbo <Francoise.Dehinbo@...>
      > To: <speeves@...>
      >
      >
      >
      > Hi Shannon,
      >
      > I was hoping you might be able to help me with a problem I'm currently having
      > with this module. Below is a list of the system versions we are currently
      > using in our quest to authenticate users and store their details in a cookie
      > as they access the intranet:
      >
      > Apache 1.3.22
      > mod_perl 1
      > perl 5.6.1
      > Apache::AuthenNTLM 0.01-0.13
      > IE 6.0
      >
      > This is the config that I've added to the modperl http.conf:
      > <Location />
      > PerlAuthenHandler Apache::AuthenNTLM
      > AuthType ntlm
      > AuthName test
      > require valid-user
      >
      > # domain pdc bdc
      > PerlAddVar ntdomain "foxtons itfilep01 adbdc"
      >
      > PerlSetVar defaultdomain FOXTONS
      > PerlSetVar ntlmdebug 2
      > </Location>
      >
      > The problem is that when I open a page, I am prompted to enter my username and
      > password instead of retrieving my login details from the browser. My details
      > are then authenticated and I am then taken to the correct page.
      >
      > When I open the page, the following message is added to the error log:
      > [28323] AuthenNTLM: Start NTLM Authen handler pid = 28323, connection =
      > 143478676 conn_http_hdr = Keep-Alive main = cuser = remote_ip =
      > 172.18.12.60 remote_port = 44050 remote_host = <> version = 0.23[28323]
      > AuthenNTLM: Setup new object[28323] AuthenNTLM: Config Domain = foxtons pdc =
      > itfilep01 bdc = adbdc[28323] AuthenNTLM: Config Default Domain = FOXTONS
      > [28323] AuthenNTLM: Config Fallback Domain =
      > [28323] AuthenNTLM: Config AuthType = ntlm AuthName = test
      > [28323] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
      > [28323] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
      > [28323] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
      > [28323] AuthenNTLM: Authorization Header <not given>
      > [Mon Nov 3 11:11:29 2003] [error] access to / failed for , reason:
      > Bad/Missing NTLM/Basic Authorization Header for /
      >
      > The message was added to the log after a successful login:
      > [28323] AuthenNTLM: Start NTLM Authen handler pid = 28323, connection =
      > 143478676 conn_http_hdr = Keep-Alive main = cuser = remote_ip =
      > 172.18.12.60 remote_port = 44050 remote_host = <> version = 0.23[28323]
      > AuthenNTLM: Setup new object[28323] AuthenNTLM: Config Domain = foxtons pdc =
      > itfilep01 bdc = adbdc[28323] AuthenNTLM: Config Default Domain = FOXTONS
      > [28323] AuthenNTLM: Config Fallback Domain =
      > [28323] AuthenNTLM: Config AuthType = ntlm AuthName = test
      > [28323] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
      > [28323] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
      > [28323] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
      > [28323] AuthenNTLM: Authorization Header NTLM
      > TlRMTVNTUAABAAAAB4IIoAAAAAAAAAAAAAAAAAAAAAA=[28323] AuthenNTLM: Got: 78 84 76
      > 77 83 83 80 0 1 0 0 0 7 130 8 160 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0[28323]
      > AuthenNTLM: protocol=NTLMSSP, type=1,
      > flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
      > flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain
      > offset=0, host length=0, host offset=0, host=, domain=[28323] AuthenNTLM:
      > Connect to pdc = itfilep01 bdc = adbdc domain = foxtons[28323] AuthenNTLM:
      > enter lock[28323] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40
      > 0 0 0 1 130 0 0 91 43 72 34 185 122 217 71 0 0 0 0 0 0 0 0[28323] AuthenNTLM:
      > charencoding = 1[28323] AuthenNTLM: flags2 = 130
      > [28323] AuthenNTLM: nonce=[+H"¹zÙG
      > [28323] AuthenNTLM: Send header: NTLM
      > TlRMTVNTUAACAAAAAAAAACgAAAABggAAWytIIrl62UcAAAAAAAAAAA==[28323] AuthenNTLM:
      > Start NTLM Authen handler pid = 28323, connection = 143478676 conn_http_hdr =
      > Keep-Alive main = cuser = remote_ip = 172.18.12.60 remote_port = 44050
      > remote_host = < > version = 0.23[28323] AuthenNTLM: Object exists user = \
      > [28323] AuthenNTLM: Authorization Header NTLM
      > TlRMTVNTUAADAAAAGAAYALIAAAAYABgAygAAAD4APgBAAAAAIgAiAH4AAAASABIAoAAAAAAAAADiA
      > AAABYIAAG0AcAAuAG4AZQB3AGQAZQB2AC4AZABpAGcAaQB0AGEAbAAuAGYAbwB4AHQAbwBuAHMALg
      > BjAG8ALgB1AGsAZgByAGEAbgBjAG8AaQBzAGUALgBkAGUAaABpAG4AYgBvAE0AQQBJAE4AQgBPAEE
      > AUgBEAPqTpbgMNu7kbZm+E49d4f8B3VLCWVfTCzSpyVGdTBqG/xHBXjsndIfyhnyB5nycaA==[283
      > 23] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 178 0 0 0 24 0
      > 24 0 202 0 0 0 62 0 62 0 64 0 0 0 34 0 34 0 126 0 0 0 18 0 18 0 160 0 0 0 0 0
      > 0 0 226 0 0 0 5 130 0 0 109 0 112 0 46 0 110 0 101 0 119 0 100 0 101 0 118 0
      > 46 0 100 0 105 0 103 0 105 0 116 0 97 0 108 0 46 0 102 0 111 0 120 0 116 0 111
      > 0 110 0 115 0 46 0 99 0 111 0 46 0 117 0 107 0 102 0 114 0 97 0 110 0 99 0 111
      > 0 105 0 115 0 101 0 46 0 100 0 101 0 104 0 105 0 110 0 98 0 111 0 77 0 65 0 73
      > 0 78 0 66 0 79 0 65 0 82 0 68 0 250 147 165 184 12 54 238 228 109 153 190 19
      > 143 93 225 255 1 221 82 194 89 87 211 11 52 169 201 81 157 76 26 134 255 17
      > 193 94 59 39 116 135 242 134 124 129 230 124 156 104[28323] AuthenNTLM:
      > protocol=NTLMSSP, type=3, user=francoise.dehinbo, host=MAINBOARD,
      > domain=mp.newdev.digital.foxtons.co.uk, msg_len=0[28323] AuthenNTLM: Verify
      > user francoise.dehinbo via smb server[28323] AuthenNTLM: leave lock
      > [28323] AuthenNTLM: OK pid = 28323, connection = 143478676 cuser =
      > mp.newdev.digital.foxtons.co.uk\francoise.dehinbo ip = 172.18.12.60[28323]
      > AuthenNTLM: Start NTLM Authen handler pid = 28323, connection = 143478676
      > conn_http_hdr = Keep-Alive main = Apache=SCALAR(0x88cdf9c) cuser =
      > mp.newdev.digital.foxtons.co.uk\francoise.dehinbo remote_ip = 172.18.12.60
      > remote_port = 44050 remote_host = < > version = 0.23[28323] AuthenNTLM: Object
      > exists user = mp.newdev.digital.foxtons.co.uk\francoise.dehinbo[28323]
      > AuthenNTLM: Authorization Header NTLM
      > TlRMTVNTUAADAAAAGAAYALIAAAAYABgAygAAAD4APgBAAAAAIgAiAH4AAAASABIAoAAAAAAAAADiA
      > AAABYIAAG0AcAAuAG4AZQB3AGQAZQB2AC4AZABpAGcAaQB0AGEAbAAuAGYAbwB4AHQAbwBuAHMALg
      > BjAG8ALgB1AGsAZgByAGEAbgBjAG8AaQBzAGUALgBkAGUAaABpAG4AYgBvAE0AQQBJAE4AQgBPAEE
      > AUgBEAPqTpbgMNu7kbZm+E49d4f8B3VLCWVfTCzSpyVGdTBqG/xHBXjsndIfyhnyB5nycaA==[283
      > 23] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 178 0 0 0 24 0
      > 24 0 202 0 0 0 62 0 62 0 64 0 0 0 34 0 34 0 126 0 0 0 18 0 18 0 160 0 0 0 0 0
      > 0 0 226 0 0 0 5 130 0 0 109 0 112 0 46 0 110 0 101 0 119 0 100 0 101 0 118 0
      > 46 0 100 0 105 0 103 0 105 0 116 0 97 0 108 0 46 0 102 0 111 0 120 0 116 0 111
      > 0 110 0 115 0 46 0 99 0 111 0 46 0 117 0 107 0 102 0 114 0 97 0 110 0 99 0 111
      > 0 105 0 115 0 101 0 46 0 100 0 101 0 104 0 105 0 110 0 98 0 111 0 77 0 65 0 73
      > 0 78 0 66 0 79 0 65 0 82 0 68 0 250 147 165 184 12 54 238 228 109 153 190 19
      > 143 93 225 255 1 221 82 194 89 87 211 11 52 169 201 81 157 76 26 134 255 17
      > 193 94 59 39 116 135 242 134 124 129 230 124 156 104
      > [28323] AuthenNTLM: protocol=NTLMSSP, type=3, user=francoise.dehinbo,
      > host=MAINBOARD, domain=mp.newdev.digital.foxtons.co.uk, msg_len=0[28323]
      > AuthenNTLM: Same connection pid = 28323, connection = 143478676 cuser =
      > mp.newdev.digital.foxtons.co.uk\francoise.dehinbo ip = 172.18.12.60 method =
      > GET Content-Length = type = 3[28323] AuthenNTLM: OK because same connection
      > [28323] AuthenNTLM: Start NTLM Authen handler pid = 28323, connection =
      > 143478676 conn_http_hdr = Keep-Alive main = cuser =
      > mp.newdev.digital.foxtons.co.uk\francoise.dehinbo remote_ip = 172.18.12.60
      > remote_port = 44050 remote_host = < > version = 0.23[28323] AuthenNTLM: Object
      > exists user = mp.newdev.digital.foxtons.co.uk\francoise.dehinbo[28323]
      > AuthenNTLM: Authorization Header NTLM
      > TlRMTVNTUAADAAAAGAAYALIAAAAYABgAygAAAD4APgBAAAAAIgAiAH4AAAASABIAoAAAAAAAAADiA
      > AAABYIAAG0AcAAuAG4AZQB3AGQAZQB2AC4AZABpAGcAaQB0AGEAbAAuAGYAbwB4AHQAbwBuAHMALg
      > BjAG8ALgB1AGsAZgByAGEAbgBjAG8AaQBzAGUALgBkAGUAaABpAG4AYgBvAE0AQQBJAE4AQgBPAEE
      > AUgBEAPqTpbgMNu7kbZm+E49d4f8B3VLCWVfTCzSpyVGdTBqG/xHBXjsndIfyhnyB5nycaA==[283
      > 23] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 178 0 0 0 24 0
      > 24 0 202 0 0 0 62 0 62 0 64 0 0 0 34 0 34 0 126 0 0 0 18 0 18 0 160 0 0 0 0 0
      > 0 0 226 0 0 0 5 130 0 0 109 0 112 0 46 0 110 0 101 0 119 0 100 0 101 0 118 0
      > 46 0 100 0 105 0 103 0 105 0 116 0 97 0 108 0 46 0 102 0 111 0 120 0 116 0 111
      > 0 110 0 115 0 46 0 99 0 111 0 46 0 117 0 107 0 102 0 114 0 97 0 110 0 99 0 111
      > 0 105 0 115 0 101 0 46 0 100 0 101 0 104 0 105 0 110 0 98 0 111 0 77 0 65 0 73
      > 0 78 0 66 0 79 0 65 0 82 0 68 0 250 147 165 184 12 54 238 228 109 153 190 19
      > 143 93 225 255 1 221 82 194 89 87 211 11 52 169 201 81 157 76 26 134 255 17
      > 193 94 59 39 116 135 242 134 124 129 230 124 156 104[28323] AuthenNTLM:
      > protocol=NTLMSSP, type=3, user=francoise.dehinbo, host=MAINBOARD,
      > domain=mp.newdev.digital.foxtons.co.uk, msg_len=0[28323] AuthenNTLM: Same
      > connection pid = 28323, connection = 143478676 cuser =
      > mp.newdev.digital.foxtons.co.uk\francoise.dehinbo ip = 172.18.12.60 method =
      > GET Content-Length = type = 3[28323] AuthenNTLM: OK because same connection
      >
      >
      > We wanted the process to be a transparent login so the user is unaware of
      > what's going on in the background. We do not want it to default to the basic
      > authentication and all users are expect to use only IE 6.0 which is our
      > standard.
      >
      > Any help you can provide to point me in the right direction would be greatly
      > appreciated.
      >
      > Thank you.
      >
      > Kind regards,
      >
      > Françoise Dehinbo
      >
      >
      >
      > Privacy and Confidentiality Notice
      > This is strictly confidential and intended solely for the person or
      > organisation to whom it is addressed. It may contain privileged and
      > confidential information and if you are not an intended recipient, you must
      > not copy, distribute or take any action in reliance on it. If you have
      > received this message in error, please notify us as soon as possible and
      > delete it and any attached files from your system. The views and opinions
      > expressed in this email message are the author's own and may not reflect the
      > views and opinions of the author's employer.
      >
      >
      >
      > --
      > Reporting bugs: http://perl.apache.org/bugs/
      > Mail list info: http://perl.apache.org/maillist/modperl.html

      --
      Reporting bugs: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
    • Shannon Eric Peevey
      ... It sounds like something like Apache-AuthCookie would be more useful here. Apache-AuthenNTLM is wired to accept input to the auth windows, and doesn t
      Message 2 of 8 , Nov 3, 2003
      • 0 Attachment
        >
        >
        >
        >>-------- Original Message --------
        >>Subject: Apache::AuthenNTLM
        >>Date: Mon, 3 Nov 2003 10:56:26 -0000
        >>From: francoise dehinbo <Francoise.Dehinbo@...>
        >>To: <speeves@...>
        >>
        >>
        >>
        >>Hi Shannon,
        >>
        >>I was hoping you might be able to help me with a problem I'm currently having
        >>with this module. Below is a list of the system versions we are currently
        >>using in our quest to authenticate users and store their details in a cookie
        >>as they access the intranet:
        >>
        >>
        >>
        It sounds like something like Apache-AuthCookie would be more useful
        here. Apache-AuthenNTLM is wired to accept input to the auth windows,
        and doesn't check the browser for cookies, etc. I'm not sure how you
        propose to authenticate from the cookie, but it shouldn't be too
        difficult of a job to add NTLM authentication capabilities on top of
        Apache-AuthCookie. (I see we already have Apache-AuthCookieLDAP and
        Apache-AuthCookieDBI, for reference...)

        speeves
        cws



        --
        Reporting bugs: http://perl.apache.org/bugs/
        Mail list info: http://perl.apache.org/maillist/modperl.html
      • Shannon Eric Peevey
        ... Subject: Apache::AuthenNTLM Date: Tue, 6 Jan 2004 13:46:16 +0100 (CET) From: Wiebe Kloosterman To: speeves@unt.edu Hallo, I do
        Message 3 of 8 , Jan 6, 2004
        • 0 Attachment
          -------- Original Message --------
          Subject: Apache::AuthenNTLM
          Date: Tue, 6 Jan 2004 13:46:16 +0100 (CET)
          From: Wiebe Kloosterman <wiebe@...>
          To: speeves@...



          Hallo,

          I do have problems running Apache::AuthenNTLM
          i am running the folowing config in httpd.conf

          <Location /ntlm>
          PerlAuthenHandler Apache::AuthenNTLM
          AuthType "ntlm"
          AuthName testntlm
          require valid-user
          PerlAddVar ntdomain "XXX XX100A XX0001"
          PerlSetVar defaultdomain XXX
          PerlSetVar ntlmdebug 1
          </Location>

          and this wat i get in the error_log


          [15380] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
          [15380] AuthenNTLM: Config Default Domain = XXX
          [15380] AuthenNTLM: Config Fallback Domain =
          [15380] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
          [15380] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
          [15380] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
          [15380] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
          [15380] AuthenNTLM: Authorization Header <not given>
          [Tue Jan 6 13:24:49 2004] [error] access to /ntlm/ failed for , reason:
          Bad/Missing NTLM/Basic Authorization Header for /ntlm/
          [15381] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
          [15381] AuthenNTLM: Config Default Domain = XXX
          [15381] AuthenNTLM: Config Fallback Domain =
          [15381] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
          [15381] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
          [15381] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
          [15381] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
          [15381] AuthenNTLM: Authorization Header NTLM
          [15381] AuthenNTLM: protocol=NTLMSSP, type=1,
          flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
          flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
          offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
          [15381] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
          [15381] AuthenNTLM: timed out while waiting for lock (key = 23754)
          [15381] AuthenNTLM: leave lock
          [15381] AuthenNTLM: charencoding = 1
          [15381] AuthenNTLM: flags2 = 130
          [15381] AuthenNTLM: Send header: NTLM ...

          when i do change PerlSetVar ntlmdebug to 2 than i get this

          [20641] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
          [20641] AuthenNTLM: Config Default Domain = XXX
          [20641] AuthenNTLM: Config Fallback Domain =
          [20641] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
          [20641] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
          [20641] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
          [20641] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
          [20641] AuthenNTLM: Authorization Header <not given>
          [Tue Jan 6 13:43:19 2004] [error] access to /ntlm/ failed for , reason:
          Bad/Missing NTLM/Basic Authorization Header for /ntlm/
          [20642] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
          [20642] AuthenNTLM: Config Default Domain = XXX
          [20642] AuthenNTLM: Config Fallback Domain =
          [20642] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
          [20642] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
          [20642] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on
          [20642] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
          [20642] AuthenNTLM: Authorization Header NTLM
          TlRMTVNTUAABAAAAB7IAAAMAAwAmAAAABgAGACAAAABXUzAxODVSWkc=
          [20642] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 0 3 0 3 0
          38 0 0 0 6 0 6 0 32 0 0 0 87 83 48 49 56 53 82 90 71
          [20642] AuthenNTLM: protocol=NTLMSSP, type=1,
          flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
          flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
          offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
          [20642] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
          [20642] AuthenNTLM: timed out while waiting for lock (key = 23754)
          [20642] AuthenNTLM: leave lock
          [20642] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0
          1 130 0 0 103 190 213 45 246 110 141 69 0 0 0 0 0 0 0 0
          [20642] AuthenNTLM: charencoding = 1
          [20642] AuthenNTLM: flags2 = 130E
          [20642] AuthenNTLM: Send header: NTLM
          TlRMTVNTUAACAAAAAAAAACgAAAABggAAZ77VLfZujUUAAAAAAAAAAA==


          Any ideas?
          Wiebe Kloosterman



          --
          Reporting bugs: http://perl.apache.org/bugs/
          Mail list info: http://perl.apache.org/maillist/modperl.html
        • Harris, Jason (DIS)
          Hello Shannon, I ve used this module before, but I have not seen this symptom. Maybe your Apache cannot connect to your PDC/DC ? What happens, when logged on
          Message 4 of 8 , Jan 6, 2004
          • 0 Attachment
            Hello Shannon,

            I've used this module before, but I have not seen this symptom. Maybe your
            Apache cannot connect to your PDC/DC ? What happens, when logged on to your
            webserver, you try to ping XX100A or XX1000? Is there a firewall or NAT
            between webserver and PDC ?

            Jason Harris


            -----Original Message-----
            From: Shannon Eric Peevey
            To: modperl@...
            Sent: 1/6/2004 9:59 AM
            Subject: [Fwd: Apache::AuthenNTLM]



            -------- Original Message --------
            Subject: Apache::AuthenNTLM
            Date: Tue, 6 Jan 2004 13:46:16 +0100 (CET)
            From: Wiebe Kloosterman <wiebe@...>
            To: speeves@...



            Hallo,

            I do have problems running Apache::AuthenNTLM
            i am running the folowing config in httpd.conf

            <Location /ntlm>
            PerlAuthenHandler Apache::AuthenNTLM
            AuthType "ntlm"
            AuthName testntlm
            require valid-user
            PerlAddVar ntdomain "XXX XX100A XX0001"
            PerlSetVar defaultdomain XXX
            PerlSetVar ntlmdebug 1
            </Location>

            and this wat i get in the error_log


            [15380] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
            [15380] AuthenNTLM: Config Default Domain = XXX
            [15380] AuthenNTLM: Config Fallback Domain =
            [15380] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
            [15380] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
            [15380] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative =
            on
            [15380] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
            [15380] AuthenNTLM: Authorization Header <not given>
            [Tue Jan 6 13:24:49 2004] [error] access to /ntlm/ failed for ,
            reason:
            Bad/Missing NTLM/Basic Authorization Header for /ntlm/
            [15381] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
            [15381] AuthenNTLM: Config Default Domain = XXX
            [15381] AuthenNTLM: Config Fallback Domain =
            [15381] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
            [15381] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
            [15381] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative =
            on
            [15381] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
            [15381] AuthenNTLM: Authorization Header NTLM
            [15381] AuthenNTLM: protocol=NTLMSSP, type=1,
            flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
            flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3,
            domain
            offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
            [15381] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
            [15381] AuthenNTLM: timed out while waiting for lock (key = 23754)
            [15381] AuthenNTLM: leave lock
            [15381] AuthenNTLM: charencoding = 1
            [15381] AuthenNTLM: flags2 = 130
            [15381] AuthenNTLM: Send header: NTLM ...

            when i do change PerlSetVar ntlmdebug to 2 than i get this

            [20641] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
            [20641] AuthenNTLM: Config Default Domain = XXX
            [20641] AuthenNTLM: Config Fallback Domain =
            [20641] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
            [20641] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
            [20641] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative =
            on
            [20641] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
            [20641] AuthenNTLM: Authorization Header <not given>
            [Tue Jan 6 13:43:19 2004] [error] access to /ntlm/ failed for ,
            reason:
            Bad/Missing NTLM/Basic Authorization Header for /ntlm/
            [20642] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
            [20642] AuthenNTLM: Config Default Domain = XXX
            [20642] AuthenNTLM: Config Fallback Domain =
            [20642] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
            [20642] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
            [20642] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative =
            on
            [20642] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
            [20642] AuthenNTLM: Authorization Header NTLM
            TlRMTVNTUAABAAAAB7IAAAMAAwAmAAAABgAGACAAAABXUzAxODVSWkc=
            [20642] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 0 3 0 3
            0
            38 0 0 0 6 0 6 0 32 0 0 0 87 83 48 49 56 53 82 90 71
            [20642] AuthenNTLM: protocol=NTLMSSP, type=1,
            flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
            flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3,
            domain
            offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
            [20642] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
            [20642] AuthenNTLM: timed out while waiting for lock (key = 23754)
            [20642] AuthenNTLM: leave lock
            [20642] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0
            0
            1 130 0 0 103 190 213 45 246 110 141 69 0 0 0 0 0 0 0 0
            [20642] AuthenNTLM: charencoding = 1
            [20642] AuthenNTLM: flags2 = 130E
            [20642] AuthenNTLM: Send header: NTLM
            TlRMTVNTUAACAAAAAAAAACgAAAABggAAZ77VLfZujUUAAAAAAAAAAA==


            Any ideas?
            Wiebe Kloosterman



            --
            Reporting bugs: http://perl.apache.org/bugs/
            Mail list info: http://perl.apache.org/maillist/modperl.html

            --
            Reporting bugs: http://perl.apache.org/bugs/
            Mail list info: http://perl.apache.org/maillist/modperl.html
          • Shannon Eric Peevey
            Hi! Sorry for not getting back sooner!! We have been busy getting to know our 2 month old baby :) ... Looks like the ntlmsemtimeout isn t long enough...
            Message 5 of 8 , Jan 9, 2004
            • 0 Attachment
              Hi!

              Sorry for not getting back sooner!! We have been busy getting to know
              our 2 month old baby :)

              >
              > when i do change PerlSetVar ntlmdebug to 2 than i get this
              >
              > [20641] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
              > [20641] AuthenNTLM: Config Default Domain = XXX
              > [20641] AuthenNTLM: Config Fallback Domain =
              > [20641] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
              > [20641] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
              > [20641] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative
              > = on
              > [20641] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
              > [20641] AuthenNTLM: Authorization Header <not given>
              > [Tue Jan 6 13:43:19 2004] [error] access to /ntlm/ failed for , reason:
              > Bad/Missing NTLM/Basic Authorization Header for /ntlm/
              > [20642] AuthenNTLM: Config Domain = xxx pdc = XX100A bdc = XX0001
              > [20642] AuthenNTLM: Config Default Domain = XXX
              > [20642] AuthenNTLM: Config Fallback Domain =
              > [20642] AuthenNTLM: Config AuthType = ntlm AuthName = testntlm
              > [20642] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
              > [20642] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative
              > = on
              > [20642] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
              > [20642] AuthenNTLM: Authorization Header NTLM
              > TlRMTVNTUAABAAAAB7IAAAMAAwAmAAAABgAGACAAAABXUzAxODVSWkc=
              > [20642] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 0 3 0 3 0
              > 38 0 0 0 6 0 6 0 32 0 0 0 87 83 48 49 56 53 82 90 71
              > [20642] AuthenNTLM: protocol=NTLMSSP, type=1,
              > flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET),
              > flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=3, domain
              > offset=38, host length=6, host offset=32, host=WS0185, domain=XXX
              > [20642] AuthenNTLM: Connect to pdc = XX100A bdc = XX0001 domain = xxx
              > [20642] AuthenNTLM: timed out while waiting for lock (key = 23754)

              Looks like the ntlmsemtimeout isn't long enough...

              =head2 PerlSetVar ntlmsemtimout

              This set the timeout value used to wait for the semaphore. The default
              is two seconds.
              It is very small because during the time Apache waits for the semaphore,
              no other
              authentication request can be sent to the windows server. Also
              Apache::AuthenNTLM
              only asks the windows server once per keep-alive connection, this
              timeout value
              should be as small as possible.

              Try increasing that and see if that helps.

              speeves
              cws


              --
              Reporting bugs: http://perl.apache.org/bugs/
              Mail list info: http://perl.apache.org/maillist/modperl.html
            • Shannon Eric Peevey
              ... hmmm... Maybe I need a bit more information about the problem that you are having. The logs point to a problem with a timeout that is put into place to
              Message 6 of 8 , Jan 9, 2004
              • 0 Attachment
                Quoting Wiebe Kloosterman <wiebe@...>:

                > i have set "PerlSetVar ntlmsemtimout" but no change in syslog for timeout.

                hmmm... Maybe I need a bit more information about the problem that you are
                having. The logs point to a problem with a timeout that is put into place to
                keep multiple auth cycles from starting at the same time... (One connection is
                not releasing the lock on the semaphore before the timeout of the second
                request.) I would tend to start thinking like Jason on this. Have you tried
                using another smb client, (such as smbclient), to connect from your web server
                machine? Does it also fail?

                > small typo in help, must be "PerlSetVar ntlmsemtimeout" but that did also
                > not help me.
                Thanks for catching this. I will fix it in the next release.

                --
                Shannon Eric Peevey
                Computer Systems Manager
                UNT - Central Web Support
                (940)369-8876


                -------------------------------------------------
                This mail sent through IMP: http://horde.org/imp/

                --
                Reporting bugs: http://perl.apache.org/bugs/
                Mail list info: http://perl.apache.org/maillist/modperl.html
              • Shannon Eric Peevey
                ... No problem. Thanks for letting us know the solution. speeves cws -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info:
                Message 7 of 8 , Jan 15, 2004
                • 0 Attachment
                  Wiebe Kloosterman wrote:

                  >Shannon,
                  >I found my problem, KeepAlive wasn't turned on.
                  >
                  >i am sorry
                  >
                  >Wiebe Kloosterman
                  >
                  >
                  No problem. Thanks for letting us know the solution.

                  speeves
                  cws


                  --
                  Reporting bugs: http://perl.apache.org/bugs/
                  Mail list info: http://perl.apache.org/maillist/modperl.html
                Your message has been successfully submitted and would be delivered to recipients shortly.