Bug#807588: libapache2-mod-auth-ntlm-winbind: failed to write NTLMSSP string to helper - wrote 0 bytes

Olivier Bitsch Thu, 10 Dec 2015 07:16:10 -0800

Package: libapache2-mod-auth-ntlm-winbind
Version: 0.0.0.lorikeet+svn+801-4
Severity: important
Tags: upstream




-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libapache2-mod-auth-ntlm-winbind depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.10-10+deb8u3
ii  libc6                               2.19-18+deb8u1
ii  winbind                             2:4.1.17+dfsg-2

libapache2-mod-auth-ntlm-winbind recommends no packages.

libapache2-mod-auth-ntlm-winbind suggests no packages.

-- no debconf information

Dear team,

I'm currently trying to configure NTLM authentication with Apache and
Winbind, unfortunately, the system is quite unstable. I used the same
setup without any problem with Wheezy version. Basically, the
authentication is working, but sometime, Apache results to a 500 error
due to winbind fatal error.

apache error:

[Wed Dec 09 15:52:45.034561 2015] [auth_ntlm_winbind:debug] [pid
991:tid 140251209066240] mod_auth_ntlm_winbind.c(1023): [client
172.25.136.113:60780] doing ntlm auth dance
[Wed Dec 09 15:52:45.034566 2015] [auth_ntlm_winbind:debug] [pid
991:tid 140251209066240] mod_auth_ntlm_winbind.c(489): [client
172.25.136.113:60780] Using existing auth helper 1451
[Wed Dec 09 15:52:45.034569 2015] [auth_ntlm_winbind:debug] [pid
991:tid 140251209066240] mod_auth_ntlm_winbind.c(657): [client
172.25.136.113:60780] creating auth user
[Wed Dec 09 15:52:45.034576 2015] [auth_ntlm_winbind:debug] [pid
991:tid 140251209066240] mod_auth_ntlm_winbind.c(698): [client
172.25.136.113:60780] failed to write NTLMSSP string to helper - wrote 0
bytes

winbind error:

[2015/12/09 16:22:59.520222, 5]
.../source3/winbindd/winbindd_pam.c:180(append_unix_username)
Setting unix username to [olivierb]
[2015/12/09 16:22:59.520258, 5]
.../source3/winbindd/winbindd_pam.c:2003(winbindd_dual_pam_auth_crap)
NTLM CRAP authentication for user [EUROPE]\[olivierb] returned
NT_STATUS_OK (PAM: 0)
[2015/12/09 16:22:59.520283, 4]
.../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 14
[2015/12/09 16:22:59.521614, 4]
.../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 14
[2015/12/09 16:22:59.521654, 3]
.../source3/winbindd/winbindd_pam.c:1896(winbindd_dual_pam_auth_crap)
[ 730]: pam auth crap domain: EUROPE user: olivierb
[2015/12/09 16:22:59.521686, 5]
.../libcli/auth/credentials.c:146(netlogon_creds_step)
seed 6363d063:94cad84d
[2015/12/09 16:22:59.521711, 5]
.../libcli/auth/credentials.c:151(netlogon_creds_step)
seed+time b9cc02c4:94cad84d
[2015/12/09 16:22:59.521735, 5]
.../libcli/auth/credentials.c:156(netlogon_creds_step)
CLIENT 8be40e66:9cc2d67e
[2015/12/09 16:22:59.521758, 5]
.../libcli/auth/credentials.c:162(netlogon_creds_step)
seed+time+1 b9cc02c5:94cad84d
[2015/12/09 16:22:59.521782, 5]
.../libcli/auth/credentials.c:167(netlogon_creds_step)
SERVER f91ffc67:cd8cdad5
[2015/12/09 16:22:59.521828, 5]
.../source3/rpc_client/cli_pipe.c:761(rpc_api_pipe_send)
rpc_api_pipe: host S217124RGVW209.europe.EASYJET.LOCAL
[2015/12/09 16:22:59.555846, 5]
.../source3/rpc_client/cli_pipe.c:100(rpc_read_send)
rpc_read_send: data_to_read: 40
[2015/12/09 16:22:59.555919, 2]
.../source3/winbindd/winbindd_pam.c:2003(winbindd_dual_pam_auth_crap)
NTLM CRAP authentication for user [EUROPE]\[olivierb] returned
NT_STATUS_WRONG_PASSWORD (PAM: 7)
[2015/12/09 16:22:59.555951, 4]
.../source3/winbindd/winbindd_dual.c:1346(child_handler)
Finished processing child request 14

Here my config files :

smb.conf:

[global]
netbios name = XXX
workgroup = EUROPE
security = ads
realm = EUROPE.XXX.LOCAL
encrypt passwords = yes
password server = xxx.xxx.local

idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 500-40000

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

dns proxy = no
wins support = no

log level = 7

client schannel = no
client ntlmv2 auth = yes
client use spnego = yes

apache:

<Location / >
NTLMAuth on
AuthType NTLM
AuthName "Redmine NTLM Authentication"
NTLMAuthHelper "/usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
require valid-user
</Location>

Bug#807588: libapache2-mod-auth-ntlm-winbind: failed to write NTLMSSP string to helper - wrote 0 bytes

Reply via email to