Topic: PPTP MSCHAP Authentication failure

[Paul McEnery]

Hi

Recently I had a problem on version 5.5 where certain users could not log in via PPTP. The windows error was "username or password is invalid on the domain". On inspection of /var/log/messages the error was "MSCHAP authentication failure". I knew that the passwords for PPTP are verified against the /etc/smbpasswd file. But the password was right as I could correctly browse the network with these usernames, and access shares on this server using the same username/password that I used while tying to login via PPTP.

Eventually I found the problem to be that there was a user with the same name as the server, and that all users that were added after this particular user were unable to login via PPTP. I found that if I edited the /etc/smbpasswd file and moved the entry for the user that had the same name as the server to the end of the file, then all user were able to login via PPTP again.

The problem appears to be that while libsmbpw is going through the /etc/smbpasswd it seems to not parse, or correctly parse lines after it encounters one with a username that is the same as the server name.

I spent many hours troubleshooting this, and I hope that this message could save someone some time if they encounter this problem.

Kind regards,

Paul McEnery
'LinuxIT - Experts in Open Source'
http://www.linuxit.com

[Charlie Brady]

Paul McEnery wrote:

> Recently I had a problem on version 5.5 where certain users
> could not log in via PPTP.
...
> Eventually I found the problem to be that there was a user
> with the same name as the server, and that all users that
> were added after this particular user were unable to login
> via PPTP. I found that if I edited the /etc/smbpasswd file
> and moved the entry for the user that had the same name as
> the server to the end of the file, then all user were able to
> login via PPTP again.
>
> The problem appears to be that while libsmbpw is going
> through the /etc/smbpasswd it seems to not parse, or
> correctly parse lines after it encounters one with a username
> that is the same as the server name.
>
> I spent many hours troubleshooting this, and I hope that this
> message could save someone some time if they encounter this
> problem.

Good work tracking that down Paul.

Note that this isn't really the best place to report problems such as this. Please be sure to report the problem in detail to bugs@e-smith.com. You might also raise the issue on the devinfo mailing list, in case someone there is interested to try to fix the problem. And you might also report the problem to the libsmb maintainers (if you can find them - they seem to be 404 at present).

Charlie

[Charlie Brady]

Charlie Brady wrote:

> Note that this isn't really the best place to report problems
> such as this. Please be sure to report the problem in detail
> to bugs@e-smith.com. You might also raise the issue on the
> devinfo mailing list, in case someone there is interested to
> try to fix the problem. And you might also report the problem
> to the libsmb maintainers (if you can find them - they seem
> to be 404 at present).

You might try a more recent version of the library. It's available in RPM form:

http://www.pergamentum.com/~atp/software/libsmb/

Charlie