[Samba] NTLM_AUTH failing?

Ryan Ashley ryana at reachtechfp.com
Fri Oct 30 13:53:50 UTC 2015 

Rowland, I tried that already, but I made two break-throughs. First, I
went to a location where it was working. I realized then that I had put
in the SID for the PPTP group at that location. You know, the
"S-1-15-xyz" number? Now while I was there, I noted that they were
running 4.1 stable. I upgraded them to 4.3 stable. Guess what? The VPN
broke! Something with ntlm_auth and 4.3 stable is borked. I cannot use
the name, SID, or anything to make it work. Then I realized that the VPN
stopped working at the other location when I upgraded from 4.2 stable to
4.3 stable.

So, has something changed in 4.3 from 4.2 and/or 4.1? Why does using the
SID work great in 4.1 and 4.2 but doesn't in 4.3? Can i safely downgrade
to 4.2 stable from 4.3 stable?

Lead IT/IS Specialist
Reach Technology FP, Inc

On 10/28/2015 02:24 PM, Rowland Penny wrote:
> On 28/10/15 18:10, Ryan Ashley wrote:
>> That is client setup. We have that under control. Our Linux users use
>> Network Manager to connect and our Windows users use the stuff built
>> into Windows. My problem is server-side. The server is a PPTP VPN
>> (running via pptpd) and I have to add the lines below to make it work.
>>
>> plugin winbind.so
>> ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
>>
>> Now, that allows ALL domain users to connect. We only want users in the
>> "PPTP" domain group to use the VPN, so we do this instead.
>>
>> plugin winbind.so
>> ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
>> --require-membership-of=KIGM\\PPTP"
>>
>> The issue is that ntlm_auth does not see that as a string and it won't
>> work. I cannot use quotes because the parameters are quoted, so I am
>> stuck.
>>
>> Lead IT/IS Specialist
>> Reach Technology FP, Inc
>>
>> On 10/28/2015 10:06 AM, Rowland Penny wrote:
>>> This might help:
>>> https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient
>>>
>>>
>>> Rowland
>>>
>>>
>>
>
> How about single quotes ? i.e.
>
> ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> --require-membership-of='KIGM\\PPTP'"
>
>
> Rowland
>
>
>

More information about the samba mailing list