[Pkg-samba-maint] Bug#828054: NTLM apache2 auth broken in samba

Секретёв Дмитрий Александрович seda at 1mbank.ru
Fri Jun 24 11:10:16 UTC 2016


Package: winbind, samba
Version: 2:4.2.10+dfsg-0+deb8u3

After upgrade packages below has broken ntlm auth in apache2.
Aptitude log:
[ОБНОВЛЕНИЕ] samba:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] samba-common:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] samba-common-bin:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] samba-dsdb-modules:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] samba-libs:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] samba-vfs-modules:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3
[ОБНОВЛЕНИЕ] winbind:amd64 2:4.2.10+dfsg-0+deb8u2 -> 2:4.2.10+dfsg-0+deb8u3

Apache error.log
[Thu Jun 23 14:37:24.438611 2016] [auth_ntlm_winbind:error] [pid 13412:tid 139643437655808] (2)No such file or directory: [client 10.1.3.217:53704] early EOF from helper

Apache trace8 error.log
[Thu Jun 23 15:14:45.118636 2016] [core:trace5] [pid 1915:tid 139685707880192] protocol.c(618): [client 10.1.3.217:57869] Request received from client: GET /login?back_url=http%3A%2F%2Flyra%2F HTTP/1.1
[Thu Jun 23 15:14:45.118730 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(301): [client 10.1.3.217:57869] Headers received from client:
[Thu Jun 23 15:14:45.118744 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Host: lyra
[Thu Jun 23 15:14:45.118755 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
[Thu Jun 23 15:14:45.118763 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Thu Jun 23 15:14:45.118768 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
[Thu Jun 23 15:14:45.118771 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Accept-Encoding: gzip, deflate
[Thu Jun 23 15:14:45.118775 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Connection: keep-alive
[Thu Jun 23 15:14:45.118778 2016] [http:trace4] [pid 1915:tid 139685707880192] http_request.c(305): [client 10.1.3.217:57869]   Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
[Thu Jun 23 15:14:45.118829 2016] [authz_core:debug] [pid 1915:tid 139685707880192] mod_authz_core.c(809): [client 10.1.3.217:57869] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Thu Jun 23 15:14:45.118840 2016] [authz_core:debug] [pid 1915:tid 139685707880192] mod_authz_core.c(809): [client 10.1.3.217:57869] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Thu Jun 23 15:14:45.118850 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(1023): [client 10.1.3.217:57869] doing ntlm auth dance
[Thu Jun 23 15:14:45.119487 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(487): [client 10.1.3.217:57869] Launched ntlm_helper, pid 2006
[Thu Jun 23 15:14:45.119518 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(657): [client 10.1.3.217:57869] creating auth user
[Thu Jun 23 15:14:45.119547 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(708): [client 10.1.3.217:57869] parsing reply from helper to YR TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=\n
[Thu Jun 23 15:14:45.143703 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(746): [client 10.1.3.217:57869] got response: TT TlRMTVNTUAACAAAACgAKADgAAAAFgokCqqY087GZn/kAAAAAAAAAAFwAXABCAAAABgEAAAAAAA9QAEIAQQBOAEsAAgAKAFAAQgBBAE4ASwABAAgATABZAFIAQQAEABAAcABiAGEAbgBrAC4AcgB1AAMAGgBsAHkAcgBhAC4AcABiAGEAbgBrAC4AcgB1AAcACAC6zyvUSM3RAQAAAAA=
[Thu Jun 23 15:14:45.143735 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685707880192] mod_auth_ntlm_winbind.c(416): [client 10.1.3.217:57869] sending back TlRMTVNTUAACAAAACgAKADgAAAAFgokCqqY087GZn/kAAAAAAAAAAFwAXABCAAAABgEAAAAAAA9QAEIAQQBOAEsAAgAKAFAAQgBBAE4ASwABAAgATABZAFIAQQAEABAAcABiAGEAbgBrAC4AcgB1AAMAGgBsAHkAcgBhAC4AcABiAGEAbgBrAC4AcgB1AAcACAC6zyvUSM3RAQAAAAA=
[Thu Jun 23 15:14:45.143746 2016] [core:trace3] [pid 1915:tid 139685707880192] request.c(119): [client 10.1.3.217:57869] auth phase 'check user' gave status 401: /login
[Thu Jun 23 15:14:45.143790 2016] [http:trace3] [pid 1915:tid 139685707880192] http_filters.c(1003): [client 10.1.3.217:57869] Response sent with status 401, headers:
[Thu Jun 23 15:14:45.143798 2016] [http:trace5] [pid 1915:tid 139685707880192] http_filters.c(1010): [client 10.1.3.217:57869]   Date: Thu, 23 Jun 2016 12:14:45 GMT
[Thu Jun 23 15:14:45.143802 2016] [http:trace5] [pid 1915:tid 139685707880192] http_filters.c(1013): [client 10.1.3.217:57869]   Server: Apache/2.4.10 (Debian)
[Thu Jun 23 15:14:45.143807 2016] [http:trace4] [pid 1915:tid 139685707880192] http_filters.c(832): [client 10.1.3.217:57869]   WWW-Authenticate: NTLM TlRMTVNTUAACAAAACgAKADgAAAAFgokCqqY087GZn/kAAAAAAAAAAFwAXABCAAAABgEAAAAAAA9QAEIAQQBOAEsAAgAKAFAAQgBBAE4ASwABAAgATABZAFIAQQAEABAAcABiAGEAbgBrAC4AcgB1AAMAGgBsAHkAcgBhAC4AcABiAGEAbgBrAC4AcgB1AAcACAC6zyvUSM3RAQAAAAA=
[Thu Jun 23 15:14:45.143812 2016] [http:trace4] [pid 1915:tid 139685707880192] http_filters.c(832): [client 10.1.3.217:57869]   Content-Length: 451
[Thu Jun 23 15:14:45.143815 2016] [http:trace4] [pid 1915:tid 139685707880192] http_filters.c(832): [client 10.1.3.217:57869]   Keep-Alive: timeout=5, max=98
[Thu Jun 23 15:14:45.143819 2016] [http:trace4] [pid 1915:tid 139685707880192] http_filters.c(832): [client 10.1.3.217:57869]   Connection: Keep-Alive
[Thu Jun 23 15:14:45.143822 2016] [http:trace4] [pid 1915:tid 139685707880192] http_filters.c(832): [client 10.1.3.217:57869]   Content-Type: text/html; charset=iso-8859-1
[Thu Jun 23 15:14:45.155851 2016] [core:trace5] [pid 1915:tid 139685691094784] protocol.c(618): [client 10.1.3.217:57869] Request received from client: GET /login?back_url=http%3A%2F%2Flyra%2F HTTP/1.1
[Thu Jun 23 15:14:45.155906 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(301): [client 10.1.3.217:57869] Headers received from client:
[Thu Jun 23 15:14:45.155915 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Host: lyra
[Thu Jun 23 15:14:45.155920 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
[Thu Jun 23 15:14:45.155924 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Thu Jun 23 15:14:45.155927 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
[Thu Jun 23 15:14:45.155931 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Accept-Encoding: gzip, deflate
[Thu Jun 23 15:14:45.155950 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Connection: keep-alive
[Thu Jun 23 15:14:45.155955 2016] [http:trace4] [pid 1915:tid 139685691094784] http_request.c(305): [client 10.1.3.217:57869]   Authorization: NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABAAAAACAAIAEAAAAAWABYASAAAAAAAAAAAAAAABYIIAHMAZQBkAGEAVwBPAFIASwBTAFQAQQBUAEkATwBOADFAqecCdeahAAAAAAAAAAAAAAAAAAAAAAsPchUvocbQMMupS2WfSHEqKsCfiBTjAA==
[Thu Jun 23 15:14:45.155996 2016] [authz_core:debug] [pid 1915:tid 139685691094784] mod_authz_core.c(809): [client 10.1.3.217:57869] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Thu Jun 23 15:14:45.156005 2016] [authz_core:debug] [pid 1915:tid 139685691094784] mod_authz_core.c(809): [client 10.1.3.217:57869] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Thu Jun 23 15:14:45.156012 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685691094784] mod_auth_ntlm_winbind.c(1023): [client 10.1.3.217:57869] doing ntlm auth dance
[Thu Jun 23 15:14:45.156029 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685691094784] mod_auth_ntlm_winbind.c(489): [client 10.1.3.217:57869] Using existing auth helper 2006
[Thu Jun 23 15:14:45.156050 2016] [auth_ntlm_winbind:debug] [pid 1915:tid 139685691094784] mod_auth_ntlm_winbind.c(708): [client 10.1.3.217:57869] parsing reply from helper to KK TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABAAAAACAAIAEAAAAAWABYASAAAAAAAAAAAAAAABYIIAHMAZQBkAGEAVwBPAFIASwBTAFQAQQBUAEkATwBOADFAqecCdeahAAAAAAAAAAAAAAAAAAAAAAsPchUvocbQMMupS2WfSHEqKsCfiBTjAA==\n
[Thu Jun 23 15:14:45.159977 2016] [auth_ntlm_winbind:error] [pid 1915:tid 139685691094784] (2)No such file or directory: [client 10.1.3.217:57869] early EOF from helper
[Thu Jun 23 15:14:45.160022 2016] [core:trace3] [pid 1915:tid 139685691094784] request.c(119): [client 10.1.3.217:57869] auth phase 'check user' gave status 500: /login
[Thu Jun 23 15:14:45.160039 2016] [http:trace3] [pid 1915:tid 139685691094784] http_filters.c(1003): [client 10.1.3.217:57869] Response sent with status 500, headers:
[Thu Jun 23 15:14:45.160046 2016] [http:trace5] [pid 1915:tid 139685691094784] http_filters.c(1010): [client 10.1.3.217:57869]   Date: Thu, 23 Jun 2016 12:14:45 GMT
[Thu Jun 23 15:14:45.160050 2016] [http:trace5] [pid 1915:tid 139685691094784] http_filters.c(1013): [client 10.1.3.217:57869]   Server: Apache/2.4.10 (Debian)
[Thu Jun 23 15:14:45.160054 2016] [http:trace4] [pid 1915:tid 139685691094784] http_filters.c(832): [client 10.1.3.217:57869]   Content-Length: 597
[Thu Jun 23 15:14:45.160058 2016] [http:trace4] [pid 1915:tid 139685691094784] http_filters.c(832): [client 10.1.3.217:57869]   Connection: close
[Thu Jun 23 15:14:45.160061 2016] [http:trace4] [pid 1915:tid 139685691094784] http_filters.c(832): [client 10.1.3.217:57869]   Content-Type: text/html; charset=iso-8859-1
[Thu Jun 23 15:14:45.160106 2016] [core:trace6] [pid 1915:tid 139685691094784] core_filters.c(527): [client 10.1.3.217:57869] core_output_filter: flushing because of FLUSH bucket

After downgrade samba and winbind to 2:4.2.10+dfsg-0+deb8u2 problem was solved.

--
С уважением,
Секретёв Дмитрий Александрович
Главный специалист
Отдела системного обеспечения и эксплуатации
тел.:

+7 (861) 279-09-77

e-mail:

seda at 1mbank.ru<mailto:seda at 1mbank.ru>

сайт:

www.1mbank.ru<http://www.1mbank.ru/>

г. Краснодар, ул. Красная, 139, корп. 2, 2 этаж, офис  215, (вход со двора)
8 800 100 5 100 Из России звонок бесплатный
Полезную информацию о продуктах Банка "Первомайский" легко узнать, нажав нужную кнопку!
[1m_logo]<https://www.1mbank.ru/?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=1mbank>        [1m_live] <https://www.1mbank.ru/individual/?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=individual>       [1m_biz] <https://www.1mbank.ru/corporate/?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=corporate>       [1m_vac] <http://krasnodar.hh.ru/employer/46702?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=employer>

Подружитесь с нами                                           [Facebook] <https://www.facebook.com/1mbank?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=fb>           [twitter] <https://twitter.com/1mbank?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=tw>            [вк] <http://vk.com/1mbank?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=vk>           [одноклассники] <http://www.odnoklassniki.ru/pervomaiskiibank?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=ok>           [google] <https://plus.google.com/u/0/b/101236972014363208865/101236972014363208865/posts?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=g+>           [instagram] <https://instagram.com/bank_pervomaisky/?utm_source=outlook&utm_medium=email&utm_term=podpis&utm_campaign=instagram>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6342 bytes
Desc: image001.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3481 bytes
Desc: image002.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0011.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3600 bytes
Desc: image003.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0012.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 3187 bytes
Desc: image004.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0013.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 852 bytes
Desc: image005.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0014.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 855 bytes
Desc: image006.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0015.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 820 bytes
Desc: image007.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0016.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 836 bytes
Desc: image008.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0017.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 894 bytes
Desc: image009.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0018.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.jpg
Type: image/jpeg
Size: 9263 bytes
Desc: image010.jpg
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160624/983136f8/attachment-0019.jpg>


More information about the Pkg-samba-maint mailing list