Robert Schetterer
2005-Mar-26 12:30 UTC
[Samba] pppd 2.4.3 winbind auth domain name included in the windows vpn client settings
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Andrew, i ve had succes with using auth for pppd to winbind to my ldap smb pdc 3.13. (Also i rebuild a suse rpm for this and ported the stripped domain patch up to 2.4.3 the patch works nice with chap auth but this is not what i desire ) i wanna use windbind for auth as it just works very nice but there is a question i can include the domain name in my windows vpn connection setting, as you surly know, if i do so winbind seems to cut the domain name so the auth fails in log i have something like this ~ NTLM CRAP authentication for user [ROB]\[Administrator] returned NT_STATUS_NO_SUCH_USER (PAM: 10) the real name of the domain is ROBO all works nice without having the domain name included in the vpn con setting ( the stripped domain patch is out of use in anyway for winbind auth, it seems winbind just passes it, so this is no solution anyway ,cause the domain name must be seen by winbind to auth , the failure seems to me is the the cutting of the name, having it activated in the client setting ) have you any idea about this? - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \********************************** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \********************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCRVXR+Jw+56iSjEkRAvvbAKDNjPmUieAOwTQuVfDs2td0ugxmjwCeMczl FCGhAJ8ikQEqURCvgLcicxI=TWMW -----END PGP SIGNATURE-----
Andrew Bartlett
2005-Mar-27 11:36 UTC
[Samba] Re: pppd 2.4.3 winbind auth domain name included in the windows vpn client settings
On Sat, 2005-03-26 at 13:30 +0100, Robert Schetterer wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Andrew, > i ve had succes with using auth for pppd to winbind to my ldap smb pdc > 3.13.> ~ NTLM CRAP authentication for user [ROB]\[Administrator] returned > NT_STATUS_NO_SUCH_USER (PAM: 10) > > the real name of the domain is ROBOThe issue is that the base64 code in that patch is suspect. I tried to modify the code to use the base64 code already in the ppp code, but it just made my head spin (see eap.c). To be honest, I've let this slide - it seems to happen to 'some people', clearly it's length-based, but I wonder if it's something else too. In any case, replace the base64 code with 'known good' code and it should be OK... Feel free to file bugs with the ppp maintainer too, as thats where we have to get the patches to in the end. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050327/f64e549b/attachment.bin