I’m trying to get the auth_ntlm_winbind_module working with only basic authentication. I already have winbind running on the system, so this seemed like the quickest way to get my web server authenticating with my AD. I have it working to a point, but I'm stuck because it only authenticates if I enter my domain/username. If I omit the domain, it fails: My Configuration is: <Directory /usr/local/web/docs> NTLMAuth off AuthName "Please Enter your ID for Access" NTLMBasicAuth on NTLMBasicRealm ap PlaintextAuthHelper "/usr/local/apache2/conf/ntlm_auth --helper-protocol=squid-2.5-basic" NTLMBasicAuthoritative on AuthType Basic require valid-user Options FollowSymLinks +ExecCGI </Directory> When I log in with my domain and id (ap\mike) it works: [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(1028): [client 130.113.220.121] client wishes to re-authenticate this TCP socket [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(1051): [client 130.113.220.121] trying basic auth [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(530): [client 130.113.220.121] Using existing auth helper 17737 [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(554): [client 130.113.220.121] creating auth user for plaintext [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(630): [client 130.113.220.121] got response: OK [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(633): [client 130.113.220.121] authentication succeeded! [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(646): [client 130.113.220.121] authenticated ap\\mike [Wed Apr 14 15:59:32 2010] [debug] mod_auth_ntlm_winbind.c(983): [client 130.113.220.121] authenticate domain user ap\\mike: OK When I exclude the domain in my login (mike), it fails: [Wed Apr 14 16:01:18 2010] [debug] mod_auth_ntlm_winbind.c(1051): [client 130.113.220.121] trying basic auth [Wed Apr 14 16:01:18 2010] [debug] mod_auth_ntlm_winbind.c(992): [client 130.113.220.121] authenticate local user mike: FAILED Any idea what I'm missing? Apache version is 2.0.59 running on Solaris 10. -Mike
begin:vcard fn:Mike Diggins n:Diggins;Mike org:McMaster University;Technology Services adr:BSB 246;;1280 Main St. West;Hamilton;Ontario;L8S4K1;CANADA email;internet:mike.diggins@xxxxxxxxxxx title:Network Analyst tel;work:905-525-9140 Ext. 27471 tel;fax:905-528-3773 url:https://www.mcmaster.ca/uts/network version:2.1 end:vcard
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|