Easy patch for mod_ntlm

One of my customers is migrating all the machines and infrastucture servers to the Active Directory. More than one hundred users with firstname.lastname usernames. There are some apache web servers using famous mod_ntlm.

Although it’s a very old module, there is no need to replace it, because it works fine. But for some users they’ve got messages like this in the apache error_log:

[Thu Mar 30 19:44:41 2006] [error] [client 192.168.0.1] ntlm_decode_msg failed: type: 3, host: "OURHOST", user: "", domain: "OURDOMAIN", error: 16
[Thu Mar 30 19:44:41 2006] [error] [client 192.168.0.1] missing/corrupt NTLM header 165569360 26048

The solution was simple (but I was unable to find it in bug reports or anywhere else), some usernames were too long for mod_ntlm. So, edit the MAX_USERLEN constant in file ntlmssp.inc.c to satisfy your needs, re-build and re-install the module.

4 myšlenky k “Easy patch for mod_ntlm

  1. Hello friend,

    Thank you for your post. I have a similar problem, BUT, with another error code.

    [Wed Oct 22 16:52:22 2008] [error] [client 10.1.119.9] ntlm_decode_msg failed: type: 3, host: “MAP-0E847BC068C”, user: “miguelangel.alvarez”, domain: “”, error: 64

    But my MAX_DOMLEN is defined with 32. And the name of the machine error domain is “WORKGROUP”. This error occurred only some PC’s.

    Please, if you can help-me, I thank you so much.

    Best regards,
    Anderson Marques

  2. Hi Mr. Anderson,

    I haven’t seen this code for 2+ years, so I can’t unfortunately help you any other way than giving you an advice that you should look on the message content (it’s probably mangled somehow). When you know what’s in there, you have solved 80 percent of the problem.

    BR,
    Jirka Pech

Napsat komentář

Vaše emailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *

Time limit is exhausted. Please reload CAPTCHA.

Tato stránka používá Akismet k omezení spamu. Podívejte se, jak vaše data z komentářů zpracováváme..