[Samba] Domain login - XP 64 -> Samba
brian at bigkitty.org
Sat Jun 18 15:05:51 GMT 2005
Jeremy Allison wrote:
> On Fri, Jun 17, 2005 at 04:49:18PM -0700, Jeremy Allison wrote:
>>On Fri, Jun 17, 2005 at 05:38:17PM -0400, Brian Ruth wrote:
>>>I currently have samba setup as a file/login server. A variety of
>>>clients running Windows 2000 and XP 32-bit authenticate normally without
>>>any issues. I just brought up a Windows XP 64-bit box made the standard
>>>group policy changes and joined the domain without any issues. When
>>>attempting to login against the domain Windows returns "A remote
>>>procedure call (RPC) protocol error occurred".
>>I've been looking into this with the help of Björn JACKE <bj at SerNet.DE>.
>>So far I've discovered that an XP-64 box seems to do an schannel RPC
>>NETLOGON bind with packet integrety selected (5), but an XP-32 box
>>does the same call with packet privacy (6) selected. This may just
>>be a difference between the registry settings on the 64-bit client test
>>machine (I don't have one here) and my 32-bit vmware XP test machine.
>>It's the reply to the NetrLogonSamLogon request that the 64-bit
>>client doesn't seem to like - after that it shuts down the connection
>>and doesn't talk more. The 32-bit client seems happy with the same
>>I'm still investigating, but without a 64-bit client box to test with
>>it's slow going...
> Ok, Thanks to Luke Howard of PADL who pointed out the RPC authenticator
> must be 64-bit aligned I've committed a small fix to the RPC schannel
> code which I'm hoping will fix the 64-bit Windows domain logon to a
> Samba PDC.
> Either check out SAMBA_3_0 SVN code or apply the attached patch to
> a Samba 3.0.14a tree and if people with this problem (that's you
> Brian and you Björn :-) could test it I'd appreciate it. We were
> already 8 byte aligning the authenticators for NTLMSSP sign & seal
> RPC's but we'd missed doing the same for schannel ones - this fixes
> that oversight.
> Please let me know if this fixes it.
The patched version of 3.0.14a works perfectly.
More information about the samba-technical