samba - Jan 2005 - pptp/pppd 2.4.3 ntlm auth acts different to your example

Hi Andrew i studied
http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
and did
linux:~ # wbinfo -p
Ping to winbindd succeeded on fd 4
linux:~ # wbinfo -t
checking the trust secret via RPC calls succeeded
( joining the domain itself worked as you described , but after building 
a  machine account

net rpc join -S localhost)

next lines
would be ( taken from  your report )
ntlm_auth --username=example --domain=EXAMPLE
 but this is what i get

ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
-b enables load-balancing among controllers
-f enables failover among controllers (DEPRECATED and always active)
-l changes behavior on domain controller failyures to last-ditch.
-d enables debugging statements if DEBUG was defined at build-time.

You MUST specify at least one Domain Controller.
You can use either \ or / as separator between the domain name
and the controller name
ntlm_auth: invalid option -- O
unknown option: -?. Exiting
ntlm_auth usage:
ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
-b enables load-balancing among controllers
-f enables failover among controllers (DEPRECATED and always active)
-l changes behavior on domain controller failyures to last-ditch.
-d enables debugging statements if DEBUG was defined at build-time.

You MUST specify at least one Domain Controller.
You can use either \ or / as separator between the domain name
and the controller name

(i double checked the pptpd logs and winbind logs
it seems clear that winbind is never asked by the plugin)

myppp.options
plugin winbind.so
ntlm_auth-helper "/usr/sbin/ntlm_auth --helper-protocol=ntlm-server-1"

/usr/sbin/ntlm_auth is taken out of squid helpers

its not a failure from general pptpd/pppd cause it works like charme 
with chap only

Any idea?
Best Regards

Andrew Bartlett schrieb:
>On Tue, 2005-01-04 at 10:07 +0100, Robert Schetterer wrote:
>  
>
>>Hi Andrew,
>>thx for this info so i have to do more study,
>>its clear to me that and how to join a samba pdc, but
>>is it possible to join the pdc/smb domain on the same pdc machine?
>>    
>>
>
>Quite possible.  Standard practice.
>
>net rpc join -S localhost
>
>Andrew Bartlett
>
>  
>

Hi @ll,
the problem is partly solved
 ntlm auth from squid and samba
have the same name
but different paths on suse 9.2
 linux:~ # locate ntlm_auth
/usr/bin/ntlm_auth (samba)
/usr/sbin/ntlm_auth (squid)
so they act different
/usr/bin/ntlm_auth --username=example --domain=EXAMPLE
shows up the desired results as described by Andrew
Regards



Robert Schetterer schrieb:
> Hi Andrew i studied
> http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf
> and did
> linux:~ # wbinfo -p
> Ping to winbindd succeeded on fd 4
> linux:~ # wbinfo -t
> checking the trust secret via RPC calls succeeded
> ( joining the domain itself worked as you described , but after 
> building a  machine account
>
> net rpc join -S localhost)
>
> next lines
> would be ( taken from  your report )
> ntlm_auth --username=example --domain=EXAMPLE
> but this is what i get
>
> ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
> -b enables load-balancing among controllers
> -f enables failover among controllers (DEPRECATED and always active)
> -l changes behavior on domain controller failyures to last-ditch.
> -d enables debugging statements if DEBUG was defined at build-time.
>
> You MUST specify at least one Domain Controller.
> You can use either \ or / as separator between the domain name
> and the controller name
> ntlm_auth: invalid option -- O
> unknown option: -?. Exiting
> ntlm_auth usage:
> ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
> -b enables load-balancing among controllers
> -f enables failover among controllers (DEPRECATED and always active)
> -l changes behavior on domain controller failyures to last-ditch.
> -d enables debugging statements if DEBUG was defined at build-time.
>
> You MUST specify at least one Domain Controller.
> You can use either \ or / as separator between the domain name
> and the controller name
>
> (i double checked the pptpd logs and winbind logs
> it seems clear that winbind is never asked by the plugin)
>
> myppp.options
> plugin winbind.so
> ntlm_auth-helper "/usr/sbin/ntlm_auth
--helper-protocol=ntlm-server-1"
>
> /usr/sbin/ntlm_auth is taken out of squid helpers
>
> its not a failure from general pptpd/pppd cause it works like charme 
> with chap only
>
> Any idea?
> Best Regards
>
> Andrew Bartlett schrieb:
>
>> On Tue, 2005-01-04 at 10:07 +0100, Robert Schetterer wrote:
>>  
>>
>>> Hi Andrew,
>>> thx for this info so i have to do more study,
>>> its clear to me that and how to join a samba pdc, but
>>> is it possible to join the pdc/smb domain on the same pdc machine?
>>>   
>>
>>
>> Quite possible.  Standard practice.
>>
>> net rpc join -S localhost
>>
>> Andrew Bartlett
>>
>>  
>>