NTLM: incorrect bytecount for NEGPROT response data

Alexey Lobanov A.Lobanov at gctrials.com
Thu Jul 29 04:39:59 EDT 2010


Hello all.

I use several Debian servers running since 2005. All them use
Samba->NTLM->Cyrus SASL authentication chain for Cyrus IMAP and Postfix
SMTP services, in very trivial form:

pwcheck_method: saslauthd
mech_list: plain ntlm
ntlm_server: 127.0.0.1

The problem: upon upgrade from Samba 3.0 to Samba 3.2, the NTLM
athentication dies both for SMTP and IMAP clients, with the following
log records:

Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM server step 1
Jul 22 17:40:22 obolon postfix/smtpd[26140]: client flags: ffff8207
Jul 22 17:40:22 obolon postfix/smtpd[26140]: NTLM: incorrect bytecount
for NEGPROT response data

Same happens both with Debian-provided Samba (3.2.5 in Lenny) and with
self-built Samba 3.2.4; no difference. Old self-built Samba 3.0.25 and 
3.0.28 authenticates SASL clents fine, without any problems.

Can anyone offer any explanations, configuration changes or diagnostic
tests?

Alexey



More information about the Cyrus-sasl mailing list