Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
From: "Herb Martin" <HerbM AT learnquick DOT com>
To: <cygwin AT cygwin DOT com>
Subject: Exim 4.52 Cygwin 1.5.8 SPA authentication failures warnings in Reject Log
Date: Tue, 23 Aug 2005 20:26:30 -0500
MIME-Version: 1.0
Content-Type: text/plain; 	charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <EILPDBT-0009E0-D1@mail2.learnquick.com>
X-Sign-LQC: HerbM AT learnquick DOT com/2005-08-23 20:26:24/<cygwin AT cygwin DOT com>=nkvpyofe

Would someone running Exim 4.50+ (especially 4.52) on CygWin and using
Microsoft Outlook or Outlook Express with SPA (NTLM) authentication to a
flat file please search your Exim reject log for a warning of the following
type (all one line):

2005-08-23 18:36:53 spa authenticator failed for
cpe-70-112-20-135.austin.res.rr.com (Unagi) 
   [70.112.20.135]: 535 Incorrect authentication 
     data (set_id=HerbM)

The key, "spa authenticator" failed.

If you have no such erros unders this setup, would you please post (or send
to me privately) the relevant authenticator and a (sanitized) snippet of
your password file so I can check my format.

The weird part is that the authentication actually seems to work correctly,
the user is authenticated (an incorrect password will fail and not work as
expected so it doesn't seem to be getting through another way -- and all
other authenticators have been commented out of the exim.conf file.)

Here is my authenticator:

begin authenticators

spa:
    driver = spa
    public_name = NTLM
    server_password = ${lookup{$1}lsearch{/etc/authpwd}}
    server_set_id = $1

(I have tried it both with and without that last line:
	"server_set_id".)

My "/etc/authpwd" password file is:
username:password
user2:password2
etc:and_so_on

Another weird thing, it always shows the interCap version of the "username"
(HerbM as opposed to herbm) even though Outlook is set to use "herbm" and
the file has the lower case version (I have also tried changing both to
match Intercap and it still "works" but the failure also appears in the
reject log.)

I have tried making sure the /etc/authpwd is "UNIX style line endings (lf
not cr/lf) but that change had no effect.

My working assumption (pure guess) is that Outlook is FIRST sending the
"user logon name", maybe with domain included, and then perhaps failing over
to the configured (in Outlook) name and that somehow works but this doesn't
really hold together as a satifying answer.

--
Herb Martin


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/