[Samba] samba 3.2 breaks ppp winbind plugin

Pim Zandbergen P.Zandbergen at macroscoop.nl
Tue Jul 29 16:13:27 GMT 2008

We have a system running fedora 8 using pptpd from the poptop yum 
See http://www.poptop.org/

pptpd/pppd use the winbind plugin from the ppp package to authenticate 
to Active Directory.
This works just fine. 

Then I found the same setup would not work on a fedora 9 setup.

In order to exclude any possible configuration errors I built
a virtual machine and simulated an upgrade. This is what I found:

- fedora 8 out of the box works just fine
- fedora 8 yummed up-to-date still works fine
- after upgrading to fc9 it stops working
- yum update would not change things
- reverting to last f8 kernel would not help
- reverting to last f8 ppp rpm would not help
- reverting to pptpd rpm built for f8 would not help
- reverting to last f8 samba rpms would help!

What's happening when things don't work is that the XP client
comes with this error, after a successful authentication:

"Error 778: It was not possible to verify the identity of the server"

I can see in the log files and in wireshark traces that the authentication
was indeed successful. If I, on purpose, type a wrong password, I get
the authentication failure message one would expect.

Wireshark shows that the XP client is terminating the connection
immediately after a successful CHAP handshake.

I've seen several reports of this error on the poptop mailing list, all 
Maybe they are seeing the same problem.

Fedora 9 comes with a major Samba update, from 3.0 to 3.2
The winbind plugin that pptpd is using is supplied by Samba,
so of course  winbind bugs or changes affect pptpd.

Still I wonder what exactly broke, as winbind is in fact
authenticating just fine.


More information about the samba mailing list