[squid-users] winbindd_pam_auth_crap: invalid password length 24/260

From: Charles Regan <charles.regan_at_gmail.com>
Date: Sun, 22 Feb 2009 15:55:25 -0400

Hi,

When using the setting "Send NTLMv2 Response only" on my windows
machines i get this error message in my samba log.
winbindd_pam_auth_crap: invalid password length 24/260

It's working when Using "Send NTLMv2 if negotiated" setting.

Samba:Version 3.0.24-1

Squid Cache: Version 2.6.STABLE18
configure options:
'--host=i686-pc-linux-gnu'
'--build=i686-pc-linux-gnu'
'--target=i586-endian-linux'
'--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin'
'--sysconfdir=/etc'
'--includedir=/usr/include'
'--libdir=/usr/lib'
'--libexecdir=/usr/libexec'
'--sharedstatedir=/usr/com'
'--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--exec_prefix=/usr'
'--bindir=/usr/sbin'
'--libexecdir=/usr/lib/squid'
'--localstatedir=/var'
'--datadir=/usr/share'
'--sysconfdir=/etc/squid'
'--enable-epoll'
'--enable-snmp'
'--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs'
'--enable-ssl' '--with-openssl=/usr/kerberos'
'--enable-delay-pools'
'--enable-linux-netfilter'
'--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm'
'--enable-digest-auth-helpers=password'
'--with-winbind-auth-challenge'
'--enable-useragent-log'
'--enable-referer-log'
'--disable-dependency-tracking'
'--enable-cachemgr-hostname=localhost'
'--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests'
'--disable-ident-lookups'
'--enable-truncate'
'--enable-arp-acl'
'--with-large-files'
'--enable-follow-x-forwarded-for'
'--enable-wccpv2'
'--enable-fd-config'
'--with-maxfd=102762'

squid.conf #
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20

smb.conf
workgroup = domain.local
password server = dc1 dc2
security = ADS
realm = domain.local
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = Yes
local master = no
winbind separator = +
unix charset = UTF8
hosts allow = localhost
interfaces = br0 br1 br2
bind interfaces only = yes
preferred master = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
client NTLMv2 auth = yes

krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
 default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
 default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
 preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

[realms]
 DOMAIN.LOCAL = {
 kdc = dc1
 kdc = dc2
}

[domain_realm]
 .kerberos.server = dc1

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
Received on Sun Feb 22 2009 - 19:55:29 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 23 2009 - 12:00:01 MST