Bug 5777 - Winbindd ntlm_auth for Windows 2008 - user and domain names truncated
Summary: Winbindd ntlm_auth for Windows 2008 - user and domain names truncated
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.2
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-09-19 09:58 UTC by chris@igaware.com
Modified: 2008-10-14 09:13 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description chris@igaware.com 2008-09-19 09:58:20 UTC

I have Samba 3.2.4 joined to a Windows 2008 domain and I'm using ntlm_auth helper with ntlmssp to authenticate squid sessions.
All has worked fine with samba-3.0.27 and Windows versions less than 2008. However, I had to upgrade to Samba 3.2 to join to a Windows 2008 ADS.
All is fine apart from the fact that the NTLMSSP username and domain have the last character missing causing the authntication to fail for everyone.
This is what I get in the Samba Winbindd log ( the real domain is CMK and the real user name is ACCOUNTS.TEMP).

[2008/09/19 15:35:58,  2] winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(19
  NTLM CRAP authentication for user [CM]\[ACCOUNTS.TEM] returned NT_STATUS_NO_SU

As you can see the last character of the Domain and username is missing causing the authentication to fail.

Here's my setup
Samba 3.2.4.
Squid 2.5.STABLE10
Windows Server (R) 2008 Standard 6001 Service Pack 1] [Windows Server (R) 2008 Standard 6.0

I have Samba joined to a Windows 2008 ADS domain and wbinfo -u etc works fine.
I have Samba 3.2.4 installed and I'm using NTLMSSP authentication with SQUID.

This is a real show stopper at the moment.
Any ideas?

Regards, Chris.
Comment 1 chris@igaware.com 2008-10-14 09:13:40 UTC

I found that the problem was nothing to do with Samba, but with the old version of Squid I was running. Upgraded to Squid 2.7 and all OK.

Regards, Chris.