Bug 2124 - mod_ntlm_auth returns error when trying Negotiate authentication
mod_ntlm_auth returns error when trying Negotiate authentication
Product: Samba 3.0
Classification: Unclassified
Component: ntlm_auth tool
All Linux
: P3 normal
: none
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2004-12-05 15:06 UTC by Avi Miller
Modified: 2005-02-09 16:47 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Avi Miller 2004-12-05 15:06:38 UTC
When mod_ntlm_winbind is configured to support NTLM/Negotiate authentication,
when trying to authenticate with Internet Explorer 6
(v6.0.2900.2180.xpsp_sp2_rtm.040803-2158), it generates the following error in

[2004/12/06 09:05:28, 1] utils/ntlm_auth.c:manage_gss_spnego_request(856)
[Mon Dec  6 09:05:28 2004] [error] [client] failed to parse
response from helper

This is both when logged into and logged out of the Active Directory.
Comment 1 Gerald (Jerry) Carter 2005-02-09 08:43:37 UTC
Andrew, any idea what to do with this one?
Comment 2 Andrew Bartlett 2005-02-09 15:00:14 UTC
I think the issue is that ntlm_auth is pushing some of the debug to STDOUT, not
STDERR, so it ends up in the parse stream.

Comment 3 Andrew Bartlett 2005-02-09 16:47:30 UTC
OK, so the issue is simply that the Samba3 gss-spengo is very poor, and only
works in very particular situations.

(the debug stream suff was a red herring)

Samba4 has a much more robust implementation of this, and this is where my
development effort is.  (The intention is to make Samba4's ntlm_auth able to
sanely hook into the rest of Samba3).