[Samba] samba 4.2 RDP problem (extra debug info)

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 07:31:18 MDT 2015


After a new setup i was confronted again with the unable to login with RDP. 
so here is some extra info for the debugging this. 

I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. 
and again unable to login. 

since im trying to setup a smb.conf with minimal changes, i only added : 
auth methods = sam, winbind 

restarted samba on both DC's 

and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. 
So i hope this info helps in debugging .. 

config file used, 
# Global parameters
        workgroup = DOMAIN 
        realm = DOMAIN.TESTING
        netbios name = DC1
        server role = active directory domain controller
        server services = -dns
        auth methods = sam, winbind
        idmap_ldb:use rfc2307 = yes

        interfaces =
        bind interfaces only = yes
        time server = yes
        wins support = yes

        idmap config * : backend = tdb
        idmap config * : range = 2000-9999
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000-3999999

        # Use home directory and shell information from AD
        winbind nss info = rfc2307

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind expand groups = 3



>-----Oorspronkelijk bericht-----
>Van: Andrew Bartlett [mailto:abartlet at samba.org] 
>Verzonden: maandag 27 april 2015 8:37
>Aan: L.P.H. van Belle
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
>On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:
>> sorry for the noise.. 
>> I missed the solution in my mail. just saw it online.. 
>> The working version for rdp login.. 
>> I can confirm also that after adding these to the smb.conf 
>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
>netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, 
>browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc
>> auth methods = sam, winbind, ntdomain, ntdomain:winbind
>> I was able to login with RDP also. 
>> sernet samba 4.2.1 - Windows 7 64bit. 
>To be VERY clear, neither of these things are solutions.  They are
>debugging aids, but running in either of these configurations in the
>long term (I say this because in Samba, suggestions like this 
>turn up in
>google for years) will just result in pain. 
>'smb' means the NTVFS file server, and while quite capable, and still
>tested, it hasn't been worked on in years, and has no support 
>for things
>like POSIX ACLS, SMB3, VFS modules and unix extensions.
>the changes to 'auth methods' makes the server behave in a weird
>combination of an NT4 DC and an AD DC.  
>That said, I find it most intriguing that these help, and that
>information has been recorded on the bug, and will assist 
>those who made
>the change between 4.1 and 4.2.
>Andrew Bartlett
>Andrew Bartlett                       http://samba.org/~abartlet/
>Authentication Developer, Samba Team  http://samba.org
>Samba Developer, Catalyst IT          

More information about the samba mailing list