NTLM Authentication against Apache

From SifWiki

Jump to: navigation, search

This article doesn't yet tell you how to setup NTLM Auth, for that, try this: http://mkeadle.org/index.php?p=13

If you're getting this error: 

send_ntlm_challenge: no conn. handle...trouble communicating with PDC/BDC? returning internal server error

Firstly, set up your DNS! Make sure your Primary Domain Controller IP address both reverse and forward resolves. It's not good enough that you have an entry in /etc/hosts or that the normal DNS server in /etc/resolv.conf can resolve the address, you *must* also make sure that PDC will forward/reverse resolve too.

Secondly, make sure that you've defined the Authentication in Apache as follows, don't try to use the dotted IP address instead, it won't work: 

AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMBasicAuth off
NTLMBasicRealm SIFTAH
NTLMDomain SIFTAH.NET
NTLMServer PDC.SIFTAH.NET
#NTLMBackup BDC.SIFTAH.NET
Require valid-user

In my example above I don't have a BDC (Backup Domain Controller) specified, hence it's commented out.

There are a number of versions of the mod_ntlm module floating about the net, they will compile against Apache 2.0.55 with a bit of twiddling, I had limited progress with the mod_ntlm from SourceForge and so I used this version of the module, which seems to include a couple of bug fixes: http://modntlm.jamiekerwick.co.uk/



Retrieved from "http://wiki.siftah.com/NTLM_Authentication_against_Apache"
Personal tools