NTLM authentication not working

Dan White dwhite at olp.net
Mon Apr 13 11:19:05 EDT 2020


On 04/11/20 00:53 +0200, Michal Bruncko wrote:
>I am trying to use NTLM autentication (using cyrus-sasl-ntlm) for 
>cyrus-imapd server for user authentication.
>
>in imapd.conf:
>
>sasl_ntlm_server:       dc1.example.com
>sasl_ntlm_v2:           yes
>sasl_mech_list:         PLAIN NTLM LOGIN
>
>dc1.example.com is samba 4 AD DC, I have tried also samba 4.2 in NT4 
>PDC mode, but with same results.
>
>in maillog:
>
>Apr 10 23:32:30 mail cyrus/imaps[10078]: NTLM server step 1
>Apr 10 23:32:30 mail cyrus/imaps[10078]: client flags: ffff8207
>Apr 10 23:32:33 mail cyrus/imaps[10078]: badlogin: 
>client.example.local [172.17.0.13] NTLM [SASL(0): successful result: ]
>
>which corresponds to following samba log messages:
>
>[2020/04/10 23:52:00.583266,  3] ../source3/smbd/process.c:1880(process_smb)
>  Transaction 0 of length 51 (0 toread)
>[2020/04/10 23:52:00.583359,  3] 
>../source3/smbd/process.c:1489(switch_message)
>  switch message SMBnegprot (pid 28556) conn 0x0
>[2020/04/10 23:52:00.586326,  3] 
>../source3/smbd/negprot.c:576(reply_negprot)
>  Requested protocol [NT LM 0.12]
>[2020/04/10 23:52:00.586887,  3] ../source3/smbd/negprot.c:377(reply_nt1)
>  not using SPNEGO
>[2020/04/10 23:52:00.586969,  3] 
>../source3/smbd/negprot.c:684(reply_negprot)
>  Selected protocol NT LM 0.12
>[2020/04/10 23:52:00.591116,  3] 
>../source3/smbd/server_exit.c:249(exit_server_common)
>  Server exit (failed to receive smb request)

Hi Michal,

You can increase libsasl's logging with the following in your imapd.conf:

sasl_log_level: 7

See: https://github.com/cyrusimap/cyrus-sasl/blob/master/include/sasl.h for
a description of the available log levels. You may need to modify your
syslog configuration to accept more verbose auth.* levels.

-- 
Dan White


More information about the Cyrus-sasl mailing list