You are not logged in.
Hello.
I've been using mod_auth_ntlm_winbind+apache2 for NTLM authentication on my Arch web server. I decided to go through and overhaul my old server (thank you dropbear and busybox, makes all the fuss with breaking glibc/filesystem trivial), and in the process samba went to samba4. I'm completely up to date as of yesterday.
Now, all of a sudden I'm unable to get a proper handshake out of ntlm_auth, and nothing has changed with the config of my box.
I'm able to kinit a ticket, klist shows it fine. I'm able to net ads join (I did a net ads leave just to start from scratch), wbinfo -u/-g works fine, net ads info reports sane information, it all _looks_ good, until I try to auth via apache. Then I get a handshake response of "BH NT_STATUS_UNSUCCESSFUL" which seems to be the most vague error ever.
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(483): [client 10.21.80.126] Launched ntlm_helper, pid 7001
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(653): [client 10.21.80.126] creating auth user
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(704): [client 10.21.80.126] parsing reply from helper to YR base64_snipped
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(742): [client 10.21.80.126] got response: TT base64_snipped
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(412): [client 10.21.80.126] sending back base64_snipped
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(1019): [client 10.21.80.126] doing ntlm auth dance
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(485): [client 10.21.80.126] Using existing auth helper 7001
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(704): [client 10.21.80.126] parsing reply from helper to KK base64_snipped
[Fri Oct 11 02:15:10 2013] [debug] mod_auth_ntlm_winbind.c(742): [client 10.21.80.126] got response: BH NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL
[Fri Oct 11 02:15:10 2013] [error] [client 10.21.80.126] (20014)Internal error: ntlm_auth reports Broken Helper: BH NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFULI've cut out the base64 strings (I parsed them in an offline tool, they look fine) just for privacy.
Does anyone have an idea on how to even begin to debug this? I've got no idea where to go, I perused the source of ntlm_auth but it seems to just be a helper into winbind, and that's a bit too big for me to eat right now.
Thanks!
Matt
Offline
Well, I downgraded to samba 3.6.10 (last version I had cached) and everything works now, I only wish I knew what was wrong. I'll stick with 3x. Not sure if I should mark this solved as technically it isn't?
Offline