[Samba] NTLM_AUTH failing?
Andrew Bartlett
abartlet at samba.org
Sat Oct 31 08:34:36 UTC 2015
On Fri, 2015-10-30 at 09:53 -0400, Ryan Ashley wrote:
> Rowland, I tried that already, but I made two break-throughs. First,
> I
> went to a location where it was working. I realized then that I had
> put
> in the SID for the PPTP group at that location. You know, the
> "S-1-15-xyz" number? Now while I was there, I noted that they were
> running 4.1 stable. I upgraded them to 4.3 stable. Guess what? The
> VPN
> broke! Something with ntlm_auth and 4.3 stable is borked. I cannot
> use
> the name, SID, or anything to make it work. Then I realized that the
> VPN
> stopped working at the other location when I upgraded from 4.2 stable
> to
> 4.3 stable.
>
> So, has something changed in 4.3 from 4.2 and/or 4.1? Why does using
> the
> SID work great in 4.1 and 4.2 but doesn't in 4.3? Can i safely
> downgrade
> to 4.2 stable from 4.3 stable?
At most you would need to clean out the tdbs (which, if you are just
using the server for VPN authentication shouldn't have any local info
in it) and rejoin the domain.
It would be very interesting if you could reproduce on a git tree, and
then do a git bisect to determine when it failed. Sadly there are no
automated tests for the ntlm-server-1 protocol.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list