samba - Mar 2009 - winbindd_pam_auth_crap: invalid password length

Hi,

I am using squid+ntlm-helper+samba+winbindd.
Squid mailing list told me to try this one.

When using the setting "Send NTLMv2 Response only" on my windows VISTA
machines I get this error message in my logs.
winbindd_pam_auth_crap: invalid password length.

As soon as I change the setting to "Send NTLMv2 if negotiated" it
works.

Samba v3.2.5
Winbindd v3.2.5
Squid 3.0.STABLE8

I've tried with Samba 3.0.24 and had the same problem.

All is fine when running,
wbinfo -t
wbinfo -u
wbinfo -g


log.wb-DOMAIN :
[2009/03/02 11:18:18,  4]
winbindd/winbindd_dual.c:fork_domain_child(1207) child daemon request
13
[2009/03/02 11:18:18,  3]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1825)  [ 3252]:
pam auth crap domain: DOMAIN user: username
[2009/03/02 11:18:18,  0]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1837)
winbindd_pam_auth_crap: invalid password length 24/264
[2009/03/02 11:18:18,  2]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990)  NTLM CRAP
authentication for user [DOMAIN]\[username] returned
NT_STATUS_INVALID_PARAMETER (PAM: 4)
[2009/03/02 11:18:18,  4]
winbindd/winbindd_dual.c:fork_domain_child(1207)  child daemon request
13
[2009/03/02 11:18:18,  3]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1825)  [ 3252]:
pam auth crap domain: DOAMIN user: username
[2009/03/02 11:18:18,  0]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1837)
winbindd_pam_auth_crap: invalid password length 24/264
[2009/03/02 11:18:18,  2]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990)  NTLM CRAP
authentication for user [DOMAIN]\[username] returned
NT_STATUS_INVALID_PARAMETER (PAM: 4)

smb.conf
        workgroup = DOMAIN
        netbios name = SQUID
        realm = DOMAIN.LOCAL
        security = ads
        password server = dc1, dc2
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = False
        local master = No
        domain master = False
        dns proxy = No
	 log level = 2
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000

i've tried with, client NTLMv2 auth = yes
and still have that problem.

Logs On my win2k3 DC

Special privileges assigned to new logon:
 	User Name:	username
 	Domain:		DOMAIN
 	Logon ID:		(0x0,0x1488CBC6)
 	Privileges:	SeSecurityPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeTakeOwnershipPrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeLoadDriverPrivilege
			SeImpersonatePrivilege
			SeEnableDelegationPrivilege
			SeCreateTokenPrivilege
			SeAssignPrimaryTokenPrivilege

Successful Network Logon:
 	User Name:	username
 	Domain:		DOMAIN
 	Logon ID:		(0x0,0x1488CBC6)
 	Logon Type:	3
 	Logon Process:	Kerberos
 	Authentication Package:	Kerberos
 	Workstation Name:	
 	Logon GUID:	{02291669-0da7-e725-a6be-b67dcef1618b}
 	Caller User Name:	-
 	Caller Domain:	-
 	Caller Logon ID:	-
 	Caller Process ID: -
 	Transited Services: -
 	Source Network Address:	-
 	Source Port:	-

User Logoff:
 	User Name:	username
 	Domain:		DOMAIN
 	Logon ID:		(0x0,0x1488CBC6)
 	Logon Type:	3