[Samba] Samba 4 Domain Provisioning
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 19 02:21:35 MST 2014
Which version of squid are you running, default wheezy 3.1.x
and you did add proxy user to the winbindd_priv group?
I can suggest you recompile squid from jessie, its a pretty easy one.
there are know problems with ntlm auth, in at the point of testing that one myself.
scheduled for next week.
I do already run 3.4.8 on my wheezy servers. 3.3.8 had some serious bugs.
* Urgency high due to security fixes
[ Amos Jeffries <amosjeffries at squid-cache.org> ]
* New upstream release (Closes: #737008)
- Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002)
- Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999)
+ pinger remote DoS vulnerabilities
- Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312)
see also :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754339
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: jacques.serfontein at gmail.com
>[mailto:samba-bounces at lists.samba.org] Namens Jacques Serfontein
>Verzonden: maandag 17 november 2014 16:39
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba 4 Domain Provisioning
>
>Hi,
>
>I have been having issues with NTLMv2 on newly provisioned
>domains, using
>Samba 4.1 from backports on Debian Wheezy.
>
>Everything seems to be working fine, except for NTLMv2
>authentication with
>Squid and "ntlm_auth" on newer Windows versions.
>
>If I set "Lmcompatibility" down on the Windows PCs, then authentication
>works, but that is temporary workaround at best.
>
>I have tried installing and reinstalling on numerous VMs,
>trying to isolate
>the cause, but to no avail, and I know the config is working,
>since copying
>a previously provisioned domain (/etc/samba/smb.conf +
>/var/lib/samba) to
>the new server works as expected.
>
>Increasing the log level yields to following:
>
>schannel_fetch_session_key_tdb: restored schannel info key
>SECRETS/SCHANNEL/SERVER
>schannel_store_session_key_tdb: stored schannel info with key
>SECRETS/SCHANNEL/SERVER
>auth_check_password_send: Checking password for unmapped user
>[PC001]\[Administrator]@[PC001]
>auth_check_password_send: mapped user is:
>[DOMAIN]\[Administrator]@[PC001]
>ntlm_password_check: NTLMv2 password check failed
>ntlm_password_check: Lanman passwords NOT PERMITTED for user
>Administrator
>ntlm_password_check: LM password, NT MD4 password in LM field and LMv2
>failed for user Administrator
>auth_check_password_recv: sam_ignoredomain authentication for user
>[DOMAIN\Administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
>
>Any help would be greatly appreciated, since I have run out of ideas...
>
>Regards,
>Jacques
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list