Samba 3.0.21b cannot join domain that does not offer schannel

John P Janosik jpjanosi at us.ibm.com
Fri Feb 10 17:56:25 GMT 2006


I noticed after upgrading a test server that "net rpc join" on a Samba 
3.0.21<a,b> server with security=domain will no longer join a Samba domain 
when the DC has "server schannel = no" in the config.

Here is the output:

[root at jpjlin source]# /usr/local/samba/bin/net rpc join -S jpjlin -U 
ajpjanos
Password:
[2006/02/10 11:39:10.739937, 0] 
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from 
server jpjlin for domain JPJLIN3.
[2006/02/10 11:39:10.740511, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
  Error connecting to NETLOGON pipe. Error was 
NT_STATUS_INVALID_NETWORK_RESPONSE
Unable to join domain JPJLIN3.

Looking at a higher log level it seems the join actually worked OK.  The 
domain join verification at the end net_rpc_join_newstyle() in 
utils/net_rpc_join.c doesn't check to see if the server isn't offering 
schannel.

John Janosik
jpjanosi at us.ibm.com


More information about the samba-technical mailing list