[Samba] Urgent Samba / Squid NTLM Auth Problems
Alex Sharaz
A.Sharaz at Hull.ac.uk
Wed Mar 8 09:43:28 GMT 2006
hi,
I've been having the same problem here with ntlm_auth and NTLMv2 except that
in my case I'm trying to get a radius server to authenticate against our AD
server.
Our desktop services team have configured their end to only accept NTLMv2.
The radius server expects the linux box to be a member of the AD domain and
then uses ntlm_auth as shown in the log snippet below. You always get a
wrong password error message irrespective of whether the user exists or not.
I am using the Red Hat version of samba as supplied in RHEL V4.0
(Samba version 3.0.10-1.4E.2)
The program uses
/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
if I use ntlm-auth --username=xxx --password=yyy --domain=a.b.c.d
then everything works just fine.
in a previous message Andrew said that ntlm_auth requires
use_ntlm_negotiate on set up in squid.conf
Given that I seem to have the same problem is there any general smb.conf
param i can set to configure the equivalent functionality?
My smb.conf file has
[global]
workgroup = ADIR
security = domain
password server = 150.237.54.198
realm = ADIR.HULL.AC.UK
preferred master = no
server string = Hull Comms support server
security = ADS
use spnego = yes
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
bind interfaces only =yes
interfaces =150.237.47.22 127.0.0.1
client NTLMv2 auth=yes
# ldap ssl = start_tls
TIA
alex
Tue Mar 7 11:16:39 2006: DEBUG: Handling request with Handler
'ConvertedFromEAPMSCHAPV2=1'
Tue Mar 7 11:16:39 2006: DEBUG: Handling with Radius::AuthNTLM:
Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM looks for match with fred
[fred]
Tue Mar 7 11:16:39 2006: INFO: Starting NtlmAuthProg: /usr/bin/ntlm_auth
--helper-protocol=ntlm-server-1
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Request-User-Session-Key:
Yes
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute
Request-LanMan-Session-Key: Yes
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute LANMAN-Challenge:
c5b8a3ec1c76b78d
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Response:
b2f40e83aab003b7e7d0c0e36b7d5b1a5652b49f5da06026
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute NT-Domain::
QURJUi5IVUxMLkFDLlVL
Tue Mar 7 11:16:39 2006: DEBUG: Passing attribute Username:: ZnJlZA==
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authenticated: No
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: Authentication-Error:
Wrong Password
Tue Mar 7 11:16:39 2006: DEBUG: Received attribute: .
Tue Mar 7 11:16:39 2006: WARNING: NTLM Could not authenticate user: Wrong
Password
Tue Mar 7 11:16:39 2006: DEBUG: Radius::AuthNTLM REJECT: AuthBy NTLM
Password check failed: fred [fred]
Tue Mar 7 11:16:39 2006: DEBUG: AuthBy NTLM result: REJECT, AuthBy NTLM
Password check failed
Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:Access-Request called
Tue Mar 7 11:16:39 2006: DEBUG: calling_station_hook:exited
Tue Mar 7 11:16:39 2006: INFO: Access rejected for fred: AuthBy NTLM
Password check failed
Tue Mar 7 11:16:39 2006: DEBUG: Converted EAP-MSCHAPV2 response Packet
dump:
--
View this message in context: http://www.nabble.com/Urgent-Samba-Squid-NTLM-Auth-Problems-t507168.html#a3297403
Sent from the Samba - General forum at Nabble.com.
More information about the samba
mailing list