The Samba-Bugzilla – Bug 5777
Winbindd ntlm_auth for Windows 2008 - user and domain names truncated
Last modified: 2008-10-14 09:13:40 UTC
I have Samba 3.2.4 joined to a Windows 2008 domain and I'm using ntlm_auth helper with ntlmssp to authenticate squid sessions.
All has worked fine with samba-3.0.27 and Windows versions less than 2008. However, I had to upgrade to Samba 3.2 to join to a Windows 2008 ADS.
All is fine apart from the fact that the NTLMSSP username and domain have the last character missing causing the authntication to fail for everyone.
This is what I get in the Samba Winbindd log ( the real domain is CMK and the real user name is ACCOUNTS.TEMP).
[2008/09/19 15:35:58, 2] winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(19
NTLM CRAP authentication for user [CM]\[ACCOUNTS.TEM] returned NT_STATUS_NO_SU
CH_USER (PAM: 10)
As you can see the last character of the Domain and username is missing causing the authentication to fail.
Here's my setup
Windows Server (R) 2008 Standard 6001 Service Pack 1] [Windows Server (R) 2008 Standard 6.0
I have Samba joined to a Windows 2008 ADS domain and wbinfo -u etc works fine.
I have Samba 3.2.4 installed and I'm using NTLMSSP authentication with SQUID.
This is a real show stopper at the moment.
I found that the problem was nothing to do with Samba, but with the old version of Squid I was running. Upgraded to Squid 2.7 and all OK.