[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: [Fwd: Re: Apache::AuthenNTLM-2.04 Problems..]
From:       Shannon Eric Peevey <speeves () unt ! edu>
Date:       2004-01-28 9:02:13
Message-ID: 40177A95.5010303 () unt ! edu
[Download RAW message or body]


> AuthenNTLM.
>
> Right I have managed to sort out the "Can not get NONCE" error.  The 
> NONCE is the random data intiality retrieved from the WIN32 
> authorative host, this nonce value is then sent in the Authorization 
> HTTP header to the browser.  The Browser then modifies its value using 
> the username and password the user inputs.  The AuthenNTLM passes this 
> back to the WIN32 authorative host to get a yes/no response for 
> authentication.
>
> My problem was that you can not use a raw IP address (in dotted quad 
> format) for the PDC or BDC arguments in your httpd.conf in the 
> "PerlAddVar ntdomain" config line.  This causes this dotted quad 
> format to be the called name which will never match your servers 
> pre-Windows2000 network ID.
>
> You should also NOT try and use the post-Windows2000 full servers 
> domain name (unless the complete FQDN is 16 chars or less), since this 
> gets truncated to 16 bytes (that is what the pre-Windows2000 maximum 
> name length is) and will never match your WIN32 servers FQDN.

Right-O :)  Good explanation and call.  Now that I have a windows 
machine to test against, I find this to be true.  This is not true of 
Samba, though.  (As of version 3.0.1-2 on Debian unstable)  You can use 
IP Addresses to define your pdc and bdc.

>
> Now because you have to use the hostname in the httpd.conf line, and 
> you can not put in the FQDN you have to put in just the hostname part 
> of the FDQN (that is all the characters upto the first fullstop in the 
> FQDN). You then need to make sure the Apache server host can resolve 
> this name to the IP address.  One way of doing this would be to add 
> the domain name part into the "search" line of /etc/resolv.conf, 
> another way might be to use /etc/hosts file and/or /etc/host.conf to 
> resolve this its IP (this is untested by me).
>
/etc/hosts works fine on my machine.

> Maybe this information above can be added into the README of the 
> Apache::AuthenNTLM package to further assist the next person.
>
I will definitely put it in the next release. 

>
> Now I am getting past the "Can not get NONCE" error and getting an IE 
> error "The page cannot be displayed", "Cannot find server or DNS Error 
> Internet Explorer".  This IE error does not make any sense in this 
> context.
>
> Any more ideas on this next problem ?

Not really, but do you have a firewall misconfigured somewhere?

speeves
cws



-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

[prev in list] [next in list] [prev in thread] [next in thread]