[Samba] samba 4.2 RDP problem

Andrew Bartlett abartlet at samba.org
Tue Apr 14 18:27:46 MDT 2015


On Tue, 2015-03-17 at 19:27 -0400, me at tdiehl.org wrote:
> Hi,
> 
> On Tue, 17 Mar 2015, Heinz Hölzl wrote:
> 
> >>> Hello Heinz,
> >>>
> >>> Am 13.03.2015 um 18:26 schrieb Heinz Hölzl:
> >>>> i did some tests wit samba 4.2 as a ADS DC on arch linux.
> >>>> On a Win8.1 client i can do local logins as every user,
> >>>> i can login via RDP as local user, but i am not able to
> >>>> login as a domain user via RDP.
> >>>> After the loginscreen, appears  "Welcome" and the
> >>>> mousepointer continues to spinn....
> >>>>
> >>>> Same issue on Ubuntu 14.04, samba 4.2 installed from source.
> >>>>
> >>>> On Ubuntu and samba 4.1.17 (installed also from source) all works fine.
> >>>
> >>> I don't have 4.2 in production at work. But I tried in my test
> >>> environment here at home (2 DCs - both 4.2.0):
> >>>
> >>> RDP
> >>> Win10 -> Win81: OK
> >>> Win10 -> Win7: OK
> >>> Win81 -> Win7: OK
> >>> Win7 -> Win81: OK
> >>>
> >>> For testing I created a new user (no home drive, no logonscript, no
> >>> server base profile, etc.) in AD and allowed the domain group "domain
> >>> users" to login via RDP on all three machines.
> >>>
> >>> I can't see a problem here.
> >>>
> >>> * What does the Windows event log says?
> >>> * Any interesting messages on your DC logfile?
> >>> * Can you temporary disable logonscript, connection of home drive, etc.)?
> >>>
> >>>
> >>> Regards,
> >>> Marc
> >>
> >> hi,
> >>
> >> i see nothing in the eventviewer, and no errors in the samba logs.
> >>
> >> With samba 4.1.17 i can see a lot of rpc commands:
> >> ...
> >>
> >> 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787)
> >>   api_pipe_bind_req: winreg -> winreg rpc service
> >>   check_bind_req for \winreg
> >>   check_bind_req: winreg -> winreg rpc service
> >>   ldb_wrap open of secrets.ldb
> >>   check_bind_req for \winreg
> >>   check_bind_req: winreg -> winreg rpc service
> >>   ldb_wrap open of privilege.ldb
> >>   api_rpcTNP: rpc command: WINREG_OPENHKLM
> >>   api_pipe_bind_req: winreg -> winreg rpc service
> >>   check_bind_req for \winreg
> >>   check_bind_req: winreg -> winreg rpc service
> >>   api_rpcTNP: rpc command: WINREG_OPENHKLM
> >>   api_rpcTNP: rpc command: WINREG_GETVERSION
> >>   api_rpcTNP: rpc command: WINREG_OPENKEY
> >>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
> >>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
> >>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
> >>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
> >> .....
> >>
> >>
> >> on samba 4.2.0 there is olnly the first rpc command:
> >> ...
> >> 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341)
> >>   api_pipe_bind_req: winreg -> winreg rpc service
> >>   check_bind_req for winreg
> >>   check_bind_req: winreg -> winreg rpc service
> >>   ldb_wrap open of secrets.ldb
> >>   check_bind_req for winreg
> >>   check_bind_req: winreg -> winreg rpc service
> >>   ldb_wrap open of privilege.ldb
> >>   api_rpcTNP: rpc command: WINREG_OPENHKLM
> >>
> >> and here the login hangs...
> >
> >
> >
> >
> > Edit:
> > I used wireshark to compare the communication between client and server:
> >
> > On samba 4.1.17
> > in the log.smbd there is a WINREG_OPENHKLM request.
> > on Wireshark i see the following:
> > - WINREG: OPENHKLM request
> > - SMB2: Read Request File: winreg
> > - SMB2: Read Response, Error: STATUS_END_OF_FILE
> > - SMB2: Close Request File: winfre
> > - SMB2: Close Response
> > ...
> >
> > On samba 4.2.0
> > in the log.smbd there is a WINREG_OPENHKLM request.
> > on Wireshark i see the following:
> > - WINREG: OPENHKLM request
> > - SMB2: Read Request File: winreg
> > - SMB2: Read Response, Error: STATUS_PENDING
> 
> I too am seeing this problem. I just setup a new Domain on a single 4.2 DC
> compiled from src (No sernet rpms available yet) :-( running on a Centos 7 VM.
> 
> I have 3 win 7 machines in my office. If I login to the console using a domain
> account and then try to rdp to that machine I immediatly get a login prompt as
> expected. Once I put in the username and passwd, the
> welcome screen and the spinning cursor come up and that is as far as I can get.
> I left this run for over an hour but was never able to login. It does not matter
> which machine I rdp to. The results are the same. Also, the console
> on the machine I am trying to establish the rdp session with, never locks.
> 
> I can login to any local machine account via rdp and it works as advertised.
> 
> I did look at a packet dump on the machine I am trying to rdp to and I see
> the above packets in the output. I do not have a 4.1 controller to test with.
> 
> If someone wants to see a .pcap file, let me know. Most of the traffic in the
> .pcap file is between the 2 machines trying to establish the rdp session. There
> are only a few packets going to the DC.
> 
> Anyone have any ideas how to troubleshoot this?

Yes, I would be interested in seeing that packet capture and any logs
(please turn up the log level). 

Andrew Bartlett.

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba mailing list