Hi,
I am using squid+ntlm-helper+samba+winbindd.
Squid mailing list told me to try this one.
When using the setting "Send NTLMv2 Response only" on my windows VISTA
machines I get this error message in my logs.
winbindd_pam_auth_crap: invalid password length.
As soon as I change the setting to "Send NTLMv2 if negotiated" it works.
Samba v3.2.5
Winbindd v3.2.5
Squid 3.0.STABLE8
I've tried with Samba 3.0.24 and had the same problem.
All is fine when running,
wbinfo -t
wbinfo -u
wbinfo -g
log.wb-DOMAIN :
[2009/03/02 11:18:18, 4]
winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request
13
[2009/03/02 11:18:18, 3]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1825) [ 3252]:
pam auth crap domain: DOMAIN user: username
[2009/03/02 11:18:18, 0]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1837)
winbindd_pam_auth_crap: invalid password length 24/264
[2009/03/02 11:18:18, 2]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990) NTLM CRAP
authentication for user [DOMAIN]\[username] returned
NT_STATUS_INVALID_PARAMETER (PAM: 4)
[2009/03/02 11:18:18, 4]
winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request
13
[2009/03/02 11:18:18, 3]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1825) [ 3252]:
pam auth crap domain: DOAMIN user: username
[2009/03/02 11:18:18, 0]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1837)
winbindd_pam_auth_crap: invalid password length 24/264
[2009/03/02 11:18:18, 2]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990) NTLM CRAP
authentication for user [DOMAIN]\[username] returned
NT_STATUS_INVALID_PARAMETER (PAM: 4)
smb.conf
workgroup = DOMAIN
netbios name = SQUID
realm = DOMAIN.LOCAL
security = ads
password server = dc1, dc2
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = False
local master = No
domain master = False
dns proxy = No
log level = 2
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
i've tried with, client NTLMv2 auth = yes
and still have that problem.
Logs On my win2k3 DC
Special privileges assigned to new logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x1488CBC6)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
Successful Network Logon:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x1488CBC6)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {02291669-0da7-e725-a6be-b67dcef1618b}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
User Logoff:
User Name: username
Domain: DOMAIN
Logon ID: (0x0,0x1488CBC6)
Logon Type: 3
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
