NTLM authentication not working
Dan White
dwhite at olp.net
Mon Apr 13 11:19:05 EDT 2020
On 04/11/20 00:53 +0200, Michal Bruncko wrote:
>I am trying to use NTLM autentication (using cyrus-sasl-ntlm) for
>cyrus-imapd server for user authentication.
>
>in imapd.conf:
>
>sasl_ntlm_server: dc1.example.com
>sasl_ntlm_v2: yes
>sasl_mech_list: PLAIN NTLM LOGIN
>
>dc1.example.com is samba 4 AD DC, I have tried also samba 4.2 in NT4
>PDC mode, but with same results.
>
>in maillog:
>
>Apr 10 23:32:30 mail cyrus/imaps[10078]: NTLM server step 1
>Apr 10 23:32:30 mail cyrus/imaps[10078]: client flags: ffff8207
>Apr 10 23:32:33 mail cyrus/imaps[10078]: badlogin:
>client.example.local [172.17.0.13] NTLM [SASL(0): successful result: ]
>
>which corresponds to following samba log messages:
>
>[2020/04/10 23:52:00.583266, 3] ../source3/smbd/process.c:1880(process_smb)
> Transaction 0 of length 51 (0 toread)
>[2020/04/10 23:52:00.583359, 3]
>../source3/smbd/process.c:1489(switch_message)
> switch message SMBnegprot (pid 28556) conn 0x0
>[2020/04/10 23:52:00.586326, 3]
>../source3/smbd/negprot.c:576(reply_negprot)
> Requested protocol [NT LM 0.12]
>[2020/04/10 23:52:00.586887, 3] ../source3/smbd/negprot.c:377(reply_nt1)
> not using SPNEGO
>[2020/04/10 23:52:00.586969, 3]
>../source3/smbd/negprot.c:684(reply_negprot)
> Selected protocol NT LM 0.12
>[2020/04/10 23:52:00.591116, 3]
>../source3/smbd/server_exit.c:249(exit_server_common)
> Server exit (failed to receive smb request)
Hi Michal,
You can increase libsasl's logging with the following in your imapd.conf:
sasl_log_level: 7
See: https://github.com/cyrusimap/cyrus-sasl/blob/master/include/sasl.h for
a description of the available log levels. You may need to modify your
syslog configuration to accept more verbose auth.* levels.
--
Dan White
More information about the Cyrus-sasl
mailing list