[Samba] Domain login - XP 64 -> Samba
Jeremy Allison
jra at samba.org
Sat Jun 18 04:29:07 GMT 2005
On Fri, Jun 17, 2005 at 04:49:18PM -0700, Jeremy Allison wrote:
> On Fri, Jun 17, 2005 at 05:38:17PM -0400, Brian Ruth wrote:
> > I currently have samba setup as a file/login server. A variety of
> > clients running Windows 2000 and XP 32-bit authenticate normally without
> > any issues. I just brought up a Windows XP 64-bit box made the standard
> > group policy changes and joined the domain without any issues. When
> > attempting to login against the domain Windows returns "A remote
> > procedure call (RPC) protocol error occurred".
>
> I've been looking into this with the help of Björn JACKE <bj at SerNet.DE>.
>
> So far I've discovered that an XP-64 box seems to do an schannel RPC
> NETLOGON bind with packet integrety selected (5), but an XP-32 box
> does the same call with packet privacy (6) selected. This may just
> be a difference between the registry settings on the 64-bit client test
> machine (I don't have one here) and my 32-bit vmware XP test machine.
>
> It's the reply to the NetrLogonSamLogon request that the 64-bit
> client doesn't seem to like - after that it shuts down the connection
> and doesn't talk more. The 32-bit client seems happy with the same
> reply...
>
> I'm still investigating, but without a 64-bit client box to test with
> it's slow going...
Ok, Thanks to Luke Howard of PADL who pointed out the RPC authenticator
must be 64-bit aligned I've committed a small fix to the RPC schannel
code which I'm hoping will fix the 64-bit Windows domain logon to a
Samba PDC.
Either check out SAMBA_3_0 SVN code or apply the attached patch to
a Samba 3.0.14a tree and if people with this problem (that's you
Brian and you Björn :-) could test it I'd appreciate it. We were
already 8 byte aligning the authenticators for NTLMSSP sign & seal
RPC's but we'd missed doing the same for schannel ones - this fixes
that oversight.
Please let me know if this fixes it.
Thanks,
Jeremy.
-------------- next part --------------
Index: rpc_server/srv_pipe.c
===================================================================
--- rpc_server/srv_pipe.c (revision 7706)
+++ rpc_server/srv_pipe.c (working copy)
@@ -162,7 +162,7 @@
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
p->hdr.flags |= RPC_FLG_LAST;
- if ((auth_seal || auth_verify) && (data_len_left % 8)) {
+ if ((auth_seal || auth_verify || p->netsec_auth_validated) && (data_len_left % 8)) {
ss_padding_len = 8 - (data_len_left % 8);
DEBUG(10,("create_next_pdu: adding sign/seal padding of %u\n",
ss_padding_len ));
More information about the samba-technical
mailing list