Loading ...
Sorry, an error occurred while loading the content.

Re: [Fwd: Re: Apache::AuthenNTLM-2.04 Problems..]

Expand Messages
  • Shannon Eric Peevey
    ... Right-O :) Good explanation and call. Now that I have a windows machine to test against, I find this to be true. This is not true of Samba, though. (As
    Message 1 of 2 , Jan 28, 2004
    • 0 Attachment
      > AuthenNTLM.
      >
      > Right I have managed to sort out the "Can not get NONCE" error. The
      > NONCE is the random data intiality retrieved from the WIN32
      > authorative host, this nonce value is then sent in the Authorization
      > HTTP header to the browser. The Browser then modifies its value using
      > the username and password the user inputs. The AuthenNTLM passes this
      > back to the WIN32 authorative host to get a yes/no response for
      > authentication.
      >
      > My problem was that you can not use a raw IP address (in dotted quad
      > format) for the PDC or BDC arguments in your httpd.conf in the
      > "PerlAddVar ntdomain" config line. This causes this dotted quad
      > format to be the called name which will never match your servers
      > pre-Windows2000 network ID.
      >
      > You should also NOT try and use the post-Windows2000 full servers
      > domain name (unless the complete FQDN is 16 chars or less), since this
      > gets truncated to 16 bytes (that is what the pre-Windows2000 maximum
      > name length is) and will never match your WIN32 servers FQDN.

      Right-O :) Good explanation and call. Now that I have a windows
      machine to test against, I find this to be true. This is not true of
      Samba, though. (As of version 3.0.1-2 on Debian unstable) You can use
      IP Addresses to define your pdc and bdc.

      >
      > Now because you have to use the hostname in the httpd.conf line, and
      > you can not put in the FQDN you have to put in just the hostname part
      > of the FDQN (that is all the characters upto the first fullstop in the
      > FQDN). You then need to make sure the Apache server host can resolve
      > this name to the IP address. One way of doing this would be to add
      > the domain name part into the "search" line of /etc/resolv.conf,
      > another way might be to use /etc/hosts file and/or /etc/host.conf to
      > resolve this its IP (this is untested by me).
      >
      /etc/hosts works fine on my machine.

      > Maybe this information above can be added into the README of the
      > Apache::AuthenNTLM package to further assist the next person.
      >
      I will definitely put it in the next release.

      >
      > Now I am getting past the "Can not get NONCE" error and getting an IE
      > error "The page cannot be displayed", "Cannot find server or DNS Error
      > Internet Explorer". This IE error does not make any sense in this
      > context.
      >
      > Any more ideas on this next problem ?

      Not really, but do you have a firewall misconfigured somewhere?

      speeves
      cws



      --
      Reporting bugs: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
      List etiquette: http://perl.apache.org/maillist/email-etiquette.html
    Your message has been successfully submitted and would be delivered to recipients shortly.