[Samba] samba 3.2 breaks ppp winbind plugin

Andrew Bartlett abartlet at samba.org
Wed Jul 30 04:00:49 GMT 2008

On Tue, 2008-07-29 at 18:13 +0200, Pim Zandbergen wrote:
> We have a system running fedora 8 using pptpd from the poptop yum 
> repository.
> See http://www.poptop.org/
> pptpd/pppd use the winbind plugin from the ppp package to authenticate 
> to Active Directory.
> This works just fine. 
> Then I found the same setup would not work on a fedora 9 setup.

So, this is winbind from Samba 3 (Fedora 8) failing to work with a Samba
3.2 PDC from Fedora 9?

> What's happening when things don't work is that the XP client
> comes with this error, after a successful authentication:
> "Error 778: It was not possible to verify the identity of the server"
> Wireshark shows that the XP client is terminating the connection
> immediately after a successful CHAP handshake.

This almost certainly means the session key returned from the PDC to the
member server (where winbind and radius are) and calculated into the
MSCHAPv2 response is incorrect/missing/etc.

Look for it being missing first - check with strace/gdb/etc in pppd to
see what broke about the interaction with ntlm_auth.   

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080730/94bb554a/attachment.bin

More information about the samba mailing list