Bug 2124 - mod_ntlm_auth returns error when trying Negotiate authentication
Summary: mod_ntlm_auth returns error when trying Negotiate authentication
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: ntlm_auth tool (show other bugs)
Version: 3.0.9
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-05 15:06 UTC by Avi Miller
Modified: 2005-02-09 16:47 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Avi Miller 2004-12-05 15:06:38 UTC 
When mod_ntlm_winbind is configured to support NTLM/Negotiate authentication,
when trying to authenticate with Internet Explorer 6
(v6.0.2900.2180.xpsp_sp2_rtm.040803-2158), it generates the following error in
logs/error_log:

[2004/12/06 09:05:28, 1] utils/ntlm_auth.c:manage_gss_spnego_request(856)
[Mon Dec  6 09:05:28 2004] [error] [client 192.168.100.105] failed to parse
response from helper

This is both when logged into and logged out of the Active Directory.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-09 08:43:37 UTC 
Andrew, any idea what to do with this one?
Comment 2 Andrew Bartlett 2005-02-09 15:00:14 UTC 
I think the issue is that ntlm_auth is pushing some of the debug to STDOUT, not
STDERR, so it ends up in the parse stream.
Comment 3 Andrew Bartlett 2005-02-09 16:47:30 UTC 
OK, so the issue is simply that the Samba3 gss-spengo is very poor, and only
works in very particular situations.

(the debug stream suff was a red herring)

Samba4 has a much more robust implementation of this, and this is where my
development effort is.  (The intention is to make Samba4's ntlm_auth able to
sanely hook into the rest of Samba3).