Bug 5777 - Winbindd ntlm_auth for Windows 2008 - user and domain names truncated
Winbindd ntlm_auth for Windows 2008 - user and domain names truncated
Status: RESOLVED INVALID
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
3.2.2
x86 Linux
: P3 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-19 09:58 UTC by chris@igaware.com
Modified: 2008-10-14 09:13 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description chris@igaware.com 2008-09-19 09:58:20 UTC
Hi,

I have Samba 3.2.4 joined to a Windows 2008 domain and I'm using ntlm_auth helper with ntlmssp to authenticate squid sessions.
All has worked fine with samba-3.0.27 and Windows versions less than 2008. However, I had to upgrade to Samba 3.2 to join to a Windows 2008 ADS.
All is fine apart from the fact that the NTLMSSP username and domain have the last character missing causing the authntication to fail for everyone.
This is what I get in the Samba Winbindd log ( the real domain is CMK and the real user name is ACCOUNTS.TEMP).

[2008/09/19 15:35:58,  2] winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(19
96)
  NTLM CRAP authentication for user [CM]\[ACCOUNTS.TEM] returned NT_STATUS_NO_SU
CH_USER (PAM: 10)

As you can see the last character of the Domain and username is missing causing the authentication to fail.

Here's my setup
Samba 3.2.4.
Squid 2.5.STABLE10
Windows Server (R) 2008 Standard 6001 Service Pack 1] [Windows Server (R) 2008 Standard 6.0
Linux 2.6.20.15

I have Samba joined to a Windows 2008 ADS domain and wbinfo -u etc works fine.
I have Samba 3.2.4 installed and I'm using NTLMSSP authentication with SQUID.

This is a real show stopper at the moment.
Any ideas?

Regards, Chris.
Comment 1 chris@igaware.com 2008-10-14 09:13:40 UTC
Hi,

I found that the problem was nothing to do with Samba, but with the old version of Squid I was running. Upgraded to Squid 2.7 and all OK.

Regards, Chris.