On 09/07/10 18:03, John Anderson wrote:
In other words, the ntlm-auth helper and AD server says OK, but the
hashes aren't equal, which causes ppp to say "mutual authentication
failed". I hacked the ppp sources (chap_ms.c) gently to output the two
hashes.
More information on this. On the successful authentications, only
winbindd log messages appear. As soon as the failures start, I'm seeing
both winbindd and nss_wins logs. See below.
Sep 08 22:23:53 [pppd] Connect: ppp0 <--> /dev/pts/2
Sep 08 22:23:53 [pppd] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic
0x2859426> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth
chap MS-v2> <magic 0x6d016105> <pcomp> <accomp>]
Sep 08 22:23:53 [pppd] sent [CHAP Challenge id=0xb6
<065eda9bb89b955c470a8c08ee1331b7>, name = "pptpd"]
Sep 08 22:23:53 [pppd] rcvd [CHAP Response id=0xb6
<e4e3a8f7980e2dd9c91d75fbd09419ba0000000000000000e2871f07c9f667fd187a77557eb2b2bb9e3f29d032dd9c8600>,
name = "xxxxx"]
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677348, 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)_
Sep 08 22:23:53 [winbindd] [29196]: request interface version_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677445, 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)_
Sep 08 22:23:53 [winbindd] [29196]: request location of privileged pipe_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677604, 3]
winbindd/winbindd_misc.c:362(winbindd_domain_name)_
Sep 08 22:23:53 [winbindd] [29196]: request domain name_
Sep 08 22:23:53 [winbindd] [2010/09/08 22:23:53.677754, 3]
winbindd/winbindd_pam.c:1770(winbindd_pam_auth_crap)_
Sep 08 22:23:53 [winbindd] [29196]: pam auth crap domain: [DOMAIN] user:
xxxxx_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677835, 4]
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:53 [nss_wins] child daemon request 14_
Sep 08 22:23:53 [nss_wins] [2010/09/08 22:23:53.677876, 3]
winbindd/winbindd_pam.c:1841(winbindd_dual_pam_auth_crap)_
Sep 08 22:23:53 [nss_wins] [29059]: pam auth crap domain: DOMAIN user:
xxxxx_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.764921, 4]
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 14_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765032, 4]
winbindd/winbindd_dual.c:1517(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] child daemon request 20_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765065, 3]
winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)_
Sep 08 22:23:54 [nss_wins] [29059]: list trusted domains_
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765089, 3]
winbindd/winbindd_ads.c:1269(trusted_domains)_
Sep 08 22:23:54 [nss_wins] ads: trusted_domains_
Sep 08 22:23:54 [pppd] sent [CHAP Success id=0xb6
"S=0489FC874F2839394594E615501D11803B128914 M=Access granted"]
Sep 08 22:23:54 [pppd] sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Sep 08 22:23:54 [nss_wins] [2010/09/08 22:23:54.765974, 4]
winbindd/winbindd_dual.c:1525(fork_domain_child)_
Sep 08 22:23:54 [nss_wins] Finished processing child request 20_
Sep 08 22:23:54 [pppd] rcvd [LCP TermReq id=0x2 "Failed to authenticate
ourselves to peer"]
Sep 08 22:23:54 [pppd] LCP terminated by peer (Failed to authenticate
ourselves to peer)
bye
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
