Description of problem: I am having problems getting mod_auth_ntlm_winbind to work. I have a Fedora 7 box, with Samba (including Winbind) and Apache set up. Note that I have NTLM authentication working in Squid, which suggests that Samba is configured properly. I have set up mod_auth_ntlm_winbind with standard configuration directives: <Directory "/var/www/html/ntlm"> AuthName "NTLM Authentication thingy" NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user </Directory> Now, whenever I try to access a protected page from Internet Explorer, the browser immediately shows the "This page cannot be displayed" error page. Apache log has the following: [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(1042): [client 192.168.1.81] doing ntlm auth dance [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(483): [client 192.168.1.81] Launched ntlm_helper, pid 23135 [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(653): [client 192.168.1.81] creating auth user [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(704): [client 192.168.1.81] parsing reply from helper to YR TlRMTVNTUAABAAAAB7IIogYABgAtAAAABQAFACgAAAAFASgKAAAAD0FMRVBIQ1NfTFRE\n [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(742): [client 192.168.1.81] got response: TT TlRMTVNTUAACAAAADAAMADAAAAAFgomiSWRrq1xZYHUAAAAAAAAAAHIAcgA8AAAAQwBTAF8ATABUAEQA AgAMAEMAUwBfAEwAVABEAAEAEABSAEEASQBOAEIATwBXADIABAAYAGMAcwBsAHQAZAAuAGMAbwBtAC4A dQBhAAMAKgByAGEAaQBuAGIAbwB3ADIALgBjAHMAbAB0AGQALgBjAG8AbQAuAHUAYQAAAAAA [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(412): [client 192.168.1.81] sending back TlRMTVNTUAACAAAADAAMADAAAAAFgomiSWRrq1xZYHUAAAAAAAAAAHIAcgA8AAAAQwBTAF8ATABUAEQA AgAMAEMAUwBfAEwAVABEAAEAEABSAEEASQBOAEIATwBXADIABAAYAGMAcwBsAHQAZAAuAGMAbwBtAC4A dQBhAAMAKgByAGEAaQBuAGIAbwB3ADIALgBjAHMAbAB0AGQALgBjAG8AbQAuAHUAYQAAAAAA [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(1042): [client 192.168.1.81] doing ntlm auth dance [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(483): [client 192.168.1.81] Launched ntlm_helper, pid 23136 [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(653): [client 192.168.1.81] creating auth user [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(704): [client 192.168.1.81] parsing reply from helper to YR TlRMTVNTUAABAAAAB7IIogYABgAtAAAABQAFACgAAAAFASgKAAAAD0FMRVBIQ1NfTFRE\n [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(742): [client 192.168.1.81] got response: TT TlRMTVNTUAACAAAADAAMADAAAAAFgomi+UqzMLRhfgoAAAAAAAAAAHIAcgA8AAAAQwBTAF8ATABUAEQA AgAMAEMAUwBfAEwAVABEAAEAEABSAEEASQBOAEIATwBXADIABAAYAGMAcwBsAHQAZAAuAGMAbwBtAC4A dQBhAAMAKgByAGEAaQBuAGIAbwB3ADIALgBjAHMAbAB0AGQALgBjAG8AbQAuAHUAYQAAAAAA [Wed Apr 02 12:58:27 2008] [debug] mod_auth_ntlm_winbind.c(412): [client 192.168.1.81] sending back TlRMTVNTUAACAAAADAAMADAAAAAFgomi+UqzMLRhfgoAAAAAAAAAAHIAcgA8AAAAQwBTAF8ATABUAEQA AgAMAEMAUwBfAEwAVABEAAEAEABSAEEASQBOAEIATwBXADIABAAYAGMAcwBsAHQAZAAuAGMAbwBtAC4A dQBhAAMAKgByAGEAaQBuAGIAbwB3ADIALgBjAHMAbAB0AGQALgBjAG8AbQAuAHUAYQAAAAAA Version-Release number of selected component (if applicable): mod_auth_ntlm_winbind-0.0.0-0.5.20071128svn794.fc7 httpd-2.2.8-1.fc7 samba-3.0.28-0.fc7 How reproducible: Always Steps to Reproduce: 1. Install mod_auth_ntlm_winbind 2. Configure it using sample configuration from the README file 3. Try to access a protected page in Internet Explorer Actual results: Browser displays "This page cannot be displayed" error page. Expected results: The user is authenticated transparently and the protected page is shown. Additional info:
I figured it out. NTLM authentication doesn't work if keep-alive is disabled in Apache. Unfortunately, Fedora default httpd.conf has "KeepAlive off". Setting it to "on" resolves the problem. It would be nice if the mod_auth_ntlm_winbind's docs mentioned this, or even if some warning was issued when installing the module.
Add comment to the config file.