[Samba] winbind and pptpd authentication failure

John Anderson ardour at semiosix.com
Wed Sep 8 15:02:15 MDT 2010


On 09/07/10 18:03, John Anderson wrote:
> In other words, the ntlm-auth helper and AD server says OK, but the
> hashes aren't equal, which causes ppp to say "mutual authentication
> failed". I hacked the ppp sources (chap_ms.c) gently to output the two
> hashes.

More information on this. On the successful authentications, only 
winbindd log messages appear. As soon as the failures start, I'm seeing 
both winbindd and nss_wins logs. See below.

Sep 08 22:23:53 [pppd] Connect: ppp0 <--> /dev/pts/2
Sep 08 22:23:53 [pppd] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth 
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth 
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [CHAP Challenge id=0xb6 
<065eda9bb89b955c470a8c08ee1331b7>, name = "pptpd"]
Sep 08 22:23:53 [pppd] rcvd [CHAP Response id=0xb6 
<e4e3a8f7980e2dd9c91d75fbd09419ba0000000000000000e2871f07c9f667fd187a77557eb2b2bb9e3f29d032dd9c8600>, 
  name = "xxxxx"]
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677348,  3] 
winbindd/winbindd_misc.c:352(winbindd_interface_version)_
Sep 08 22:23:53 [winbindd] [29196]: request interface version_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677445,  3] 
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)_
Sep 08 22:23:53 [winbindd] [29196]: request location of privileged pipe_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677604,  3] 
winbindd/winbindd_misc.c:362(winbindd_domain_name)_
Sep 08 22:23:53 [winbindd] [29196]: request domain name_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677754,  3] 
winbindd/winbindd_pam.c:1770(winbindd_pam_auth_crap)_
Sep 08 22:23:53 [winbindd] [29196]: pam auth crap domain: [DOMAIN] user: 
xxxxx_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677835,  4] 
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:53 [nss_wins] child daemon request 14_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677876,  3] 
winbindd/winbindd_pam.c:1841(winbindd_dual_pam_auth_crap)_
Sep 08 22:23:53 [nss_wins] [29059]: pam auth crap domain: DOMAIN user: 
xxxxx_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.764921,  4] 
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 14_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765032,  4] 
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] child daemon request 20_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765065,  3] 
winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)_
Sep 08 22:23:54 [nss_wins] [29059]: list trusted domains_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765089,  3] 
winbindd/winbindd_ads.c:1269(trusted_domains)_
Sep 08 22:23:54 [nss_wins] ads: trusted_domains_
Sep 08 22:23:54 [pppd] sent [CHAP Success id=0xb6 
"S=0489FC874F2839394594E615501D11803B128914 M=Access granted"]
Sep 08 22:23:54 [pppd] sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765974,  4] 
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 20_
Sep 08 22:23:54 [pppd] rcvd [LCP TermReq id=0x2 "Failed to authenticate 
ourselves to peer"]
Sep 08 22:23:54 [pppd] LCP terminated by peer (Failed to authenticate 
ourselves to peer)

bye
John


More information about the samba mailing list