[Samba] Domain login - XP 64 -> Samba

Dominic Iadicicco diadicic at gmail.com
Sat Jun 18 15:17:23 GMT 2005 

Server's Role (logon server) NOT ADVISED with domain-level security

   Try this.

   make sure that security is set to user level not domain level


On 6/18/05, Brian Ruth <brian at bigkitty.org> wrote:
> Jeremy Allison wrote:
> > On Fri, Jun 17, 2005 at 04:49:18PM -0700, Jeremy Allison wrote:
> >
> >>On Fri, Jun 17, 2005 at 05:38:17PM -0400, Brian Ruth wrote:
> >>
> >>>I currently have samba setup as a file/login server. A variety of
> >>>clients running Windows 2000 and XP 32-bit authenticate normally without
> >>>any issues. I just brought up a Windows XP 64-bit box made the standard
> >>>group policy changes and joined the domain without any issues. When
> >>>attempting to login against the domain Windows returns "A remote
> >>>procedure call (RPC) protocol error occurred".
> >>
> >>I've been looking into this with the help of Björn JACKE <bj at SerNet.DE>.
> >>
> >>So far I've discovered that an XP-64 box seems to do an schannel RPC
> >>NETLOGON bind with packet integrety selected (5), but an XP-32 box
> >>does the same call with packet privacy (6) selected. This may just
> >>be a difference between the registry settings on the 64-bit client test
> >>machine (I don't have one here) and my 32-bit vmware XP test machine.
> >>
> >>It's the reply to the NetrLogonSamLogon request that the 64-bit
> >>client doesn't seem to like - after that it shuts down the connection
> >>and doesn't talk more. The 32-bit client seems happy with the same
> >>reply...
> >>
> >>I'm still investigating, but without a 64-bit client box to test with
> >>it's slow going...
> >
> >
> > Ok, Thanks to Luke Howard of PADL who pointed out the RPC authenticator
> > must be 64-bit aligned I've committed a small fix to the RPC schannel
> > code which I'm hoping will fix the 64-bit Windows domain logon to a
> > Samba PDC.
> >
> > Either check out SAMBA_3_0 SVN code or apply the attached patch to
> > a Samba 3.0.14a tree and if people with this problem (that's you
> > Brian and you Björn :-) could test it I'd appreciate it. We were
> > already 8 byte aligning the authenticators for NTLMSSP sign & seal
> > RPC's but we'd missed doing the same for schannel ones - this fixes
> > that oversight.
> >
> > Please let me know if this fixes it.
> >
> > Thanks,
> >
> >       Jeremy.
> 
> The patched version of 3.0.14a works perfectly.
> 
> Thanks,
> Brian
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list