DrFX - 2007-03-15

I've been banging my head on this one and maybe its time to ask a 
more base question...

There are two servers in question separated by 50 miles distance. The 
IIS server has old client applications that employ NTLM security. We 
are redesigning clients' web site and deploying a series of 
additional applications on an Apache box. Client has approx 3500-4000 
existing users...

so I've been attempting to use mod_ntlm to breach the gap and use the 
NTLM authentication from the IIS box to gain access on the Apache 
1.3.x box. We've opened port 139 to the apache's IPs only. I've tried 
the orig sorceforge mod, as well a Jamie's patched version w/o success.

Jamie's version is currently installed w/ add'l fixes to MAX_USELEN,
and to force WWW-Authentication. I've also commented out the MSIE
SSL section of the httpd.conf.

But I'm getting the feeling that all this ASSUMES that both the 
apache box and the IIS box are on the same network and controlled by 
the same DNS? Is this true or can I actually get it to work across 
multiple domains over the internet.

Thanks in advance

I've tried a variety of htaccess configurations, but the latest
htaccess file looks like:
AuthName "NPA NTLM Auth"
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain splitzone.net
NTLMServer splitzone      // have also tried the IP yy.yy.yy.yy (no chg in error)
require valid-user

RewriteEngine On
RewriteCond %{REMOTE_PORT} (.*)
RewriteRule .* - [E=R_P:%1]

RequestHeader add X-Remote-Port %{R_P}e

The recent error using the patched version indicates that my server is resolving splitzone to its IPaddr (yy.yy.yy.yy)...

[Wed Mar 14 20:29:25 2007] [error] [client xx.xx.xx.xx] 135781320 7220 /SPLITZ/- ap_getword_white failed
[Wed Mar 14 20:29:25 2007] [error] [client xx.xx.xx.xx] 135781320 7220 /SPLITZ/- missing/corrupt NTLM header
[Wed Mar 14 20:32:40 2007] [error] (110)Connection timed out: 7219 - RFCNB_Call: RFCNB_IP_Connect to yy.yy.yy.yy and port 139 failed
[Wed Mar 14 20:32:40 2007] [error] (-1)Unknown error 4294967295: 7219 - RFCNB_Name_To_IP failed:  Service Address -
[Wed Mar 14 20:32:40 2007] [error] [client xx.xx.xx.xx] 135781320 7219 /SPLITZ/- send_ntlm_challenge: no conn. handle...trouble communicating with PDC/BDC? returning internal server error

Using the orig sourceforge mod, the error was/is...

[Wed Mar 14 18:30:10 2007] [error] [client xx.xx.xx.xx] creating new ntlm_connection 135774000 6475
[Wed Mar 14 18:30:10 2007] [error] [client xx.xx.xx.xx] ap_getword_white failed 135774000 6475
[Wed Mar 14 18:30:10 2007] [error] [client xx.xx.xx.xx] missing/corrupt NTLM header 135774000 6475
[Wed Mar 14 18:30:17 2007] [error] [client xx.xx.xx.xx] creating new ntlm_connection 135774000 6480
[Wed Mar 14 18:30:17 2007] [notice] [client xx.xx.xx.xx] got auth_line "TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA="
[Wed Mar 14 18:30:17 2007] [notice] [client xx.xx.xx.xx] got header with host "", domain ""
[Wed Mar 14 18:30:17 2007] [error] [client xx.xx.xx.xx] received msg1 135774000 6480
[Wed Mar 14 18:33:26 2007] [error] [client xx.xx.xx.xx] send_ntlm_challenge: no conn. handle...trouble communicating with PDC/BDC? returning internal server error