RE: [exim] Exim 4.52 SPA "authentication failured" warnings …

Top Page
Delete this message
Reply to this message
Author: Herb Martin
Date:  
To: exim-users
Subject: RE: [exim] Exim 4.52 SPA "authentication failured" warnings butAuthentication SUCCEEDS
From John Jetmore>
> [ Herb asked:] > >
> > My working assumption (pure guess) is that Outlook is FIRST sending
> > the "user logon name", maybe with domain included, and then perhaps
> > failing over to the configured (in Outlook) name and that somehow
> > works but this doesn't really hold together as a satisfying answer.
>
> use tcpdump or ethereal or the like to snoop the transaction.
> Although not everything's explicitly obvious, there's enough
> that you can tell if a single client is trying multiple auth attempts.


Ok, I didn't bother simply because I had assumed it
would all be encoded and unhelpful but I will try it.

Outlook is in fact trying to authenticate twice -- first
time fails, second succeeds; both are NTLM.

Since I only have "one authenticator" in Exim, this
approaches proof that Outlook is sending wrong credentials
(or making another mistake) prior to sending the correct
(configured) credentials.

It's not perfect proof since in theory Exim could be
doing something incorrect it is close.

Thanks for prodding to me capture it, even if I don't
know what the authentication packets contain.

I also think I want your "swaks" (and visited your
website when searching Google to find out what that
is.) <grin>

This looks like a great tool even if my original
problem remains -- recently I was looking for a
tool to test UNIX socket programs and of course
now I need to test the NTLM authentication and
so it has many valuable uses. (Thanks)

--
Herb Martin



> jetmore.org/john/code/#swaks:
>
> > swaks -t jetmore@??? -q rcpt -a MSN
> Username: ***************
> Password: ***************
> === Trying home.jetmore.net:25...
> === Connected to home.jetmore.net.
> <- 220 home.jetmore.net ESMTP Exim 4.50 Fri, 26 Aug 2005
> 14:37:14 -0500 -> EHLO waldorf.cinergycom.net
> <- 250-home.jetmore.net Hello waldorf.cinergycom.net [216.135.3.7]
> <- 250-SIZE 52428800
> <- 250-PIPELINING
> <- 250-AUTH CRAM-MD5 MSN
> <- 250-STARTTLS
> <- 250 HELP
> -> AUTH MSN
> <- 334 NTLM supported
> -> TlRMTVNTUAABAAAAB7IAAAAAAAAAAAAAAAAAAAAAAAA=
> <- 334
> TlRMTVNTUAACAAAAAAAAAAAoAAABggAAqxWN/WI576oAAAAAAAAAAAAAAAAAAAAA
> ->
> TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAAFgAWAHAAAAAWAB
> YAhgAAAAAAAABcAAAAAYIAAFpx5oJ32w/8GXBnJIMTwrnTRob8aA2hAgyOpFw3
> A6BR0J6ZopyEP9x+by91N0oXCmoAZQB0AG0AbwByAGUAQABmAG8AbwBqAGUAdA
> BtAG8AcgBlAEAAZgBvAG8A
> <- 235 Authentication succeeded
> -> MAIL FROM:<jetmore@???>
> <- 250 OK
> -> RCPT TO:<jetmore@???>
> <- 250 Accepted
> -> QUIT
> <- 221 home.jetmore.net closing connection === Connection
> closed by foreign host.
>
> --John
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>