Hi,
When using the setting "Send NTLMv2 Response only" on my windows
machines i get this error message in my samba log.
winbindd_pam_auth_crap: invalid password length 24/260
It's working when Using "Send NTLMv2 if negotiated" setting.
Samba:Version 3.0.24-1
Squid Cache: Version 2.6.STABLE18
configure options:
'--host=i686-pc-linux-gnu'
'--build=i686-pc-linux-gnu'
'--target=i586-endian-linux'
'--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin'
'--sysconfdir=/etc'
'--includedir=/usr/include'
'--libdir=/usr/lib'
'--libexecdir=/usr/libexec'
'--sharedstatedir=/usr/com'
'--mandir=/usr/share/man'
'--infodir=/usr/share/info'
'--exec_prefix=/usr'
'--bindir=/usr/sbin'
'--libexecdir=/usr/lib/squid'
'--localstatedir=/var'
'--datadir=/usr/share'
'--sysconfdir=/etc/squid'
'--enable-epoll'
'--enable-snmp'
'--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs'
'--enable-ssl' '--with-openssl=/usr/kerberos'
'--enable-delay-pools'
'--enable-linux-netfilter'
'--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm'
'--enable-digest-auth-helpers=password'
'--with-winbind-auth-challenge'
'--enable-useragent-log'
'--enable-referer-log'
'--disable-dependency-tracking'
'--enable-cachemgr-hostname=localhost'
'--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests'
'--disable-ident-lookups'
'--enable-truncate'
'--enable-arp-acl'
'--with-large-files'
'--enable-follow-x-forwarded-for'
'--enable-wccpv2'
'--enable-fd-config'
'--with-maxfd=102762'
squid.conf #
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
smb.conf
workgroup = domain.local
password server = dc1 dc2
security = ADS
realm = domain.local
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = Yes
local master = no
winbind separator = +
unix charset = UTF8
hosts allow = localhost
interfaces = br0 br1 br2
bind interfaces only = yes
preferred master = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
client NTLMv2 auth = yes
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
DOMAIN.LOCAL = {
kdc = dc1
kdc = dc2
}
[domain_realm]
.kerberos.server = dc1
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
