[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modperl
Subject: Re: [Fwd: Re: Apache::AuthenNTLM-2.04 Problems..]
From: Shannon Eric Peevey <speeves () unt ! edu>
Date: 2004-01-28 9:02:13
Message-ID: 40177A95.5010303 () unt ! edu
[Download RAW message or body]
> AuthenNTLM.
>
> Right I have managed to sort out the "Can not get NONCE" error. The
> NONCE is the random data intiality retrieved from the WIN32
> authorative host, this nonce value is then sent in the Authorization
> HTTP header to the browser. The Browser then modifies its value using
> the username and password the user inputs. The AuthenNTLM passes this
> back to the WIN32 authorative host to get a yes/no response for
> authentication.
>
> My problem was that you can not use a raw IP address (in dotted quad
> format) for the PDC or BDC arguments in your httpd.conf in the
> "PerlAddVar ntdomain" config line. This causes this dotted quad
> format to be the called name which will never match your servers
> pre-Windows2000 network ID.
>
> You should also NOT try and use the post-Windows2000 full servers
> domain name (unless the complete FQDN is 16 chars or less), since this
> gets truncated to 16 bytes (that is what the pre-Windows2000 maximum
> name length is) and will never match your WIN32 servers FQDN.
Right-O :) Good explanation and call. Now that I have a windows
machine to test against, I find this to be true. This is not true of
Samba, though. (As of version 3.0.1-2 on Debian unstable) You can use
IP Addresses to define your pdc and bdc.
>
> Now because you have to use the hostname in the httpd.conf line, and
> you can not put in the FQDN you have to put in just the hostname part
> of the FDQN (that is all the characters upto the first fullstop in the
> FQDN). You then need to make sure the Apache server host can resolve
> this name to the IP address. One way of doing this would be to add
> the domain name part into the "search" line of /etc/resolv.conf,
> another way might be to use /etc/hosts file and/or /etc/host.conf to
> resolve this its IP (this is untested by me).
>
/etc/hosts works fine on my machine.
> Maybe this information above can be added into the README of the
> Apache::AuthenNTLM package to further assist the next person.
>
I will definitely put it in the next release.
>
> Now I am getting past the "Can not get NONCE" error and getting an IE
> error "The page cannot be displayed", "Cannot find server or DNS Error
> Internet Explorer". This IE error does not make any sense in this
> context.
>
> Any more ideas on this next problem ?
Not really, but do you have a firewall misconfigured somewhere?
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic