Apache2-AuthenNTLM-0.02 -> multiple domains issue

Apache2-AuthenNTLM-0.02 -> multiple domains issue

am 01.12.2008 22:47:45 von maniac

Hi Speeves,

i'm trying to get this package working as I need to do authentication for
apache users towards two separate NT domains.

For one domain it works OK, but not for multiple (two) domains.
What I found is that only defaultdomain PDC is being contacted neverthless
on what domain user specified in dialog box of her browser.

I'm using this configuration:

Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.8a DAV/2 PHP/4.4.4 mod_perl/2.0.4 Perl/v5.8.8

Apache2-AuthenNTLM-0.02

and config files looks like this:

bash-3.1# cat ~maniac/public_html/auth/.htaccess
PerlAuthenHandler Apache2::AuthenNTLM
PerlAddVar ntdomain "ABCD abcd00 abcd01"
PerlAddVar ntdomain "EFGHIJKL efgh00 efgh01"
PerlSetVar defaultdomain ABCD
PerlSetVar fallbackdomain EFGHIJKL
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 10
PerlSetVar ntlmauthoritative off
bash-3.1#

bash-3.1# egrep '^KeepAlive' /usr/local/apache2/conf/httpd.conf
KeepAlive On
KeepAliveTimeout 15
bash-3.1#


and here is DEBUG:

[433] AuthenNTLM: Config Domain = abcd pdc = abcd00 bdc = abcd01
[433] AuthenNTLM: Config Domain = efghijkl pdc = efgh00 bdc = efgh01
[433] AuthenNTLM: Config Default Domain = ABCD
[433] AuthenNTLM: Config Fallback Domain = EFGHIJKL
[433] AuthenNTLM: Config AuthType = ntlm,basic AuthName = Request Tracker
[433] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[433] AuthenNTLM: Config NTLMAuthoritative = off BasicAuthoritative = on
[433] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[433] AuthenNTLM: Config SplitDomainPrefix = 1
[433] AuthenNTLM: Authorization Header
[433] AuthenNTLM: Start NTLM Authen handler pid = 433, connection = 148859384 conn_http_hdr = keep-alive main = cuser = remote_ip = 10.43.0.1 remote_port = 13368 remote_host = <> version = 0.02 smbhandle =
[433] AuthenNTLM: Object exists user = \
[433] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
[433] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 130 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
[433] AuthenNTLM: protocol=NTLMSSP, type=1, flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), flags2=130(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=0, domain offset=0, host length=0, host offset=0, host=, domain=
[433] handler type == 1
[433] AuthenNTLM: Connect to pdc = abcd00 bdc = abcd01 domain = ABCD
[433] AuthenNTLM: enter lock
[433] AuthenNTLM: verify handle smbhandle == 148929880
[433] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 0 1 130 0 0 42 225 65 221 113 136 230 1 0 0 0 0 0 0 0 0
[433] AuthenNTLM: charencoding = 1
[433] AuthenNTLM: flags2 = 130
[433] AuthenNTLM: nonce=*?A?q?
[433] AuthenNTLM: Send header: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAKuFB3XGI5gEAAAAAAAAAAA==
[433] AuthenNTLM: verify handle = 1 smbhandle == 148929880
[433] AuthenNTLM: Start NTLM Authen handler pid = 433, connection = 148859384 conn_http_hdr = keep-alive main = cuser = remote_ip = 10.43.0.1 remote_port = 13368 remote_host = <> version = 0.02 smbhandle =
[433] AuthenNTLM: Object exists user = \
[433] AuthenNTLM: Authorization Header NTLM TlRMTVNTUAADAAAAGAAYAGoAAAAYABgAggAAABAAEABAAAAADgAOAFAAAAAM AAwAXgAAAAAAAAAAAAAAAYIAAEEATABMAEUARwBSAE8AMgB6AHMAdgBpAGQA ZQBvAGEAbgBhAGwAbwBnAKN089J3fFjZbtDbfMq+zMdz4/CG8Una1aN089J3 fFjZbtDbfMq+zMdz4/CG8Una1Q==
[433] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 106 0 0 0 24 0 24 0 130 0 0 0 16 0 16 0 64 0 0 0 14 0 14 0 80 0 0 0 12 0 12 0 94 0 0 0 0 0 0 0 0 0 0 0 1 130 0 0 65 0 76 0 76 0 69 0 71 0 82 0 79 0 50 0 122 0 115 0 118 0 105 0 100 0 101 0 111 0 97 0 110 0 97 0 108 0 111 0 103 0 163 116 243 210 119 124 88 217 110 208 219 124 202 190 204 199 115 227 240 134 241 73 218 213 163 116 243 210 119 124 88 217 110 208 219 124 202 190 204 199 115 227 240 134 241 73 218 213
[433] AuthenNTLM: protocol=NTLMSSP, type=3, user=xyz, host=analog, domain=EFGHIJKL, msg_len=0
[433] handler type == 3
[433] AuthenNTLM: verify handle = 3 smbhandle == 148929880
[433] AuthenNTLM: Verify user xyz via smb server
[433] AuthenNTLM: leave lock
[433] AuthenNTLM: rc = 3 ntlmhash = ?t??w|X?n??|ʾ??s???I??


As you can see, i'm using my firefox, entering login name "EFGHIJKL\xyz", but module is trying to connect to servers of domain ABCD instead of EFGHIJKL.

I'm confused also why there is no domain\user specified in line "[433] AuthenNTLM: Object exists user = \ ", and later, there is line with correct user and domain: "[433] AuthenNTLM: protocol=NTLMSSP, type=3, user=xyz, host=analog, domain=EFGHIJKL, msg_len=0"

Many thanks,

maniac