AuthenNTLM.
Right I have managed to sort out the "Can not get NONCE" error. The NONCE is the random data intiality retrieved from the WIN32 authorative host, this nonce value is then sent in the Authorization HTTP header to the browser. The Browser then modifies its value using the username and password the user inputs. The AuthenNTLM passes this back to the WIN32 authorative host to get a yes/no response for authentication.
My problem was that you can not use a raw IP address (in dotted quad format) for the PDC or BDC arguments in your httpd.conf in the "PerlAddVar ntdomain" config line. This causes this dotted quad format to be the called name which will never match your servers pre-Windows2000 network ID.
You should also NOT try and use the post-Windows2000 full servers domain name (unless the complete FQDN is 16 chars or less), since this gets truncated to 16 bytes (that is what the pre-Windows2000 maximum name length is) and will never match your WIN32 servers FQDN.
Right-O :) Good explanation and call. Now that I have a windows machine to test against, I find this to be true. This is not true of Samba, though. (As of version 3.0.1-2 on Debian unstable) You can use IP Addresses to define your pdc and bdc.
/etc/hosts works fine on my machine.
Now because you have to use the hostname in the httpd.conf line, and you can not put in the FQDN you have to put in just the hostname part of the FDQN (that is all the characters upto the first fullstop in the FQDN). You then need to make sure the Apache server host can resolve this name to the IP address. One way of doing this would be to add the domain name part into the "search" line of /etc/resolv.conf, another way might be to use /etc/hosts file and/or /etc/host.conf to resolve this its IP (this is untested by me).
Maybe this information above can be added into the README of the Apache::AuthenNTLM package to further assist the next person.I will definitely put it in the next release.
Now I am getting past the "Can not get NONCE" error and getting an IE error "The page cannot be displayed", "Cannot find server or DNS Error Internet Explorer". This IE error does not make any sense in this context.
Any more ideas on this next problem ?
Not really, but do you have a firewall misconfigured somewhere?
speeves cws
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
