[Samba] winbind and pptpd authentication failure
John Anderson
ardour at semiosix.com
Wed Sep 8 15:02:15 MDT 2010
On 09/07/10 18:03, John Anderson wrote:
> In other words, the ntlm-auth helper and AD server says OK, but the
> hashes aren't equal, which causes ppp to say "mutual authentication
> failed". I hacked the ppp sources (chap_ms.c) gently to output the two
> hashes.
More information on this. On the successful authentications, only
winbindd log messages appear. As soon as the failures start, I'm seeing
both winbindd and nss_wins logs. See below.
Sep 08 22:23:53 [pppd] Connect: ppp0 <--> /dev/pts/2
Sep 08 22:23:53 [pppd] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [CHAP Challenge id=0xb6
<065eda9bb89b955c470a8c08ee1331b7>, name = "pptpd"]
Sep 08 22:23:53 [pppd] rcvd [CHAP Response id=0xb6
<e4e3a8f7980e2dd9c91d75fbd09419ba0000000000000000e2871f07c9f667fd187a77557eb2b2bb9e3f29d032dd9c8600>,
name = "xxxxx"]
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677348, 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)_
Sep 08 22:23:53 [winbindd] [29196]: request interface version_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677445, 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)_
Sep 08 22:23:53 [winbindd] [29196]: request location of privileged pipe_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677604, 3]
winbindd/winbindd_misc.c:362(winbindd_domain_name)_
Sep 08 22:23:53 [winbindd] [29196]: request domain name_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677754, 3]
winbindd/winbindd_pam.c:1770(winbindd_pam_auth_crap)_
Sep 08 22:23:53 [winbindd] [29196]: pam auth crap domain: [DOMAIN] user:
xxxxx_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677835, 4]
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:53 [nss_wins] child daemon request 14_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677876, 3]
winbindd/winbindd_pam.c:1841(winbindd_dual_pam_auth_crap)_
Sep 08 22:23:53 [nss_wins] [29059]: pam auth crap domain: DOMAIN user:
xxxxx_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.764921, 4]
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 14_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765032, 4]
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] child daemon request 20_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765065, 3]
winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)_
Sep 08 22:23:54 [nss_wins] [29059]: list trusted domains_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765089, 3]
winbindd/winbindd_ads.c:1269(trusted_domains)_
Sep 08 22:23:54 [nss_wins] ads: trusted_domains_
Sep 08 22:23:54 [pppd] sent [CHAP Success id=0xb6
"S=0489FC874F2839394594E615501D11803B128914 M=Access granted"]
Sep 08 22:23:54 [pppd] sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765974, 4]
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 20_
Sep 08 22:23:54 [pppd] rcvd [LCP TermReq id=0x2 "Failed to authenticate
ourselves to peer"]
Sep 08 22:23:54 [pppd] LCP terminated by peer (Failed to authenticate
ourselves to peer)
bye
John
More information about the samba
mailing list