samba - Oct 2005 - Unified logons with winbind and tdbsam backend

I am trying to setup unified logons to my VPN users.

My goal is to get rid of chap.secrets file and use winbind to authenticate 
against tdbsam password backend located in the PDC (Fedora Core 1) running 
with Samba 3.0.21pre1. I have tried with older Samba versions without 
success. Using winbind should allow password changes from the Windows XP 
Pro -client using CTRL+ALT+DEL.

Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should 
(according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in 
ppp(2.4.3)-configuration file.

Testing with ntlm_auth and wbinfo -a from the server both succeed with given 
username (and domain+winbind separator+username) and password combination 
but I can't logon from Windows XP client via winbind. Without winbind 
(ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and 
wbinfo -g doesn't work.

I receive following error messages with ppp-debug option:
utils/ntlm_auth.c:manage_squid_request(1592)
fgets() failed! dying..... errno=1 (Operation not permitted)
Peer DOMAIN\\user failed CHAP authentication

I haven't tried yet with LDAP because I want keep things simple and my 
network is small.

Had anybody get this working with a similar configuration?

I am trying to setup unified logons to my VPN users.

My goal is to get rid of chap.secrets file and use winbind to authenticate
against tdbsam password backend located in the PDC (Fedora Core 1) running
with Samba 3.0.21pre1. I have tried with older Samba versions without
success. Using winbind should allow password changes from the Windows XP
Pro (SP2) -client using CTRL+ALT+DEL.

Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should
(according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in
ppp(2.4.3)-configuration file.

Testing with ntlm_auth and wbinfo -a from the server both succeed with given
username (and domain+winbind separator+username) and password combination
but I can't logon from Windows XP client via winbind. Without winbind
(ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and
wbinfo -g doesn't work.

I receive following error messages with ppp-debug option:
utils/ntlm_auth.c:manage_squid_request(1592)
fgets() failed! dying..... errno=1 (Operation not permitted)
Peer DOMAIN\\user failed CHAP authentication

I haven't tried yet with LDAP because I want keep things simple and my
network is small.

Had anybody get this working with a similar configuration?

Juha Pietik?inen

I am trying to setup unified logons to my VPN (L2TP/IPsec) users.

My goal is to get rid of chap.secrets file and use winbind to authenticate
against tdbsam password backend located in the PDC (Fedora Core 1) running
with Samba 3.0.21pre1. I have tried also with older Samba versions without
success. Using winbind should allow password changes from the Windows XP
Pro (SP2) -client using CTRL+ALT+DEL.

Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should
(according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in
ppp(2.4.3)-configuration file.

Testing with ntlm_auth and wbinfo -a from the server both succeed with given
username (and domain+winbind separator+username) and password combination
but I can't logon from Windows XP client using winbind. Without winbind
(ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and
wbinfo -g doesn't work.

I receive following error messages with ppp-debug option:
utils/ntlm_auth.c:manage_squid_request(1592)
fgets() failed! dying..... errno=1 (Operation not permitted)
Peer DOMAIN\\user failed CHAP authentication

I haven't tried yet with LDAP because I want keep things simple and my
network is small.

Has anybody get this working with a similar configuration?

Juha Pietik?inen