FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-26-2010, 08:13 AM
Alexey Lobanov
 
Default NTLM: incorrect bytecount for NEGPROT response data

Hello all.

I use several Debian servers running since 2005. All them use
Samba->NTLM->Cyrus SASL authentication chain for Cyrus IMAP and Postfix
SMTP services, in very trivial form:


pwcheck_method: saslauthd
mech_list: plain ntlm
ntlm_server: 127.0.0.1

The problem: upon upgrade from Samba 3.0 to Samba 3.2, the NTLM
athentication dies both for SMTP and IMAP clients, with the following
log records:


Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM server step 1
Jul 22 17:40:22 obolon postfix/smtpd[26140]: client flags: ffff8207
Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM: incorrect bytecount
for NEGPROT response data

Same happens both with Debian-provided Samba (3.2.5 in Lenny) and with
self-built Samba 3.2.4; no difference. Old self-built Samba 3.0.25
authenticates SASL clents fine, without any problems.


Can anyone offer any explanations, configuration changes or diagnostic
tests?


Alexey


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4D43A0.4040509@gctrials.com">http://lists.debian.org/4C4D43A0.4040509@gctrials.com
 
Old 07-28-2010, 01:06 PM
Alexey Lobanov
 
Default NTLM: incorrect bytecount for NEGPROT response data

Self-reply.

The essence of problem seems to be the stalled Cyrus SASL version in
Debian. Both 2.1.22 in Stable and 2.1.23 in Testing have
"plugins/ntlm.c" code unchanged since 2005.


This piece of code had been patched by CMU team intensively in 2009
only, in version 2.1.24.


So, I still do not know what to do with production servers. Either to
freeze Samba at 3.0.X or compile Cyrus SASL 2.1.24 from source.


Alexey

On 26/07/10 12:13, Alexey Lobanov wrote:



Hello all.

I use several Debian servers running since 2005. All them use
Samba->NTLM->Cyrus SASL authentication chain for Cyrus IMAP and Postfix
SMTP services, in very trivial form:


pwcheck_method: saslauthd
mech_list: plain ntlm
ntlm_server: 127.0.0.1

The problem: upon upgrade from Samba 3.0 to Samba 3.2, the NTLM
athentication dies both for SMTP and IMAP clients, with the following
log records:


Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM server step 1
Jul 22 17:40:22 obolon postfix/smtpd[26140]: client flags: ffff8207
Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM: incorrect bytecount
for NEGPROT response data

Same happens both with Debian-provided Samba (3.2.5 in Lenny) and with
self-built Samba 3.2.4; no difference. Old self-built Samba 3.0.25
authenticates SASL clents fine, without any problems.


Can anyone offer any explanations, configuration changes or diagnostic
tests?


Alexey





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C502B60.2010804@gctrials.com">http://lists.debian.org/4C502B60.2010804@gctrials.com
 

Thread Tools




All times are GMT. The time now is 09:00 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org