[Samba] samba 4.2 RDP problem (extra debug info)

Achim Gottinger achim at ag-web.biz
Thu Apr 30 07:51:43 MDT 2015 

Hi Louis,

Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:
> Hai..
>
> After a new setup i was confronted again with the unable to login with RDP.
> so here is some extra info for the debugging this.
>
> I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc.
> and again unable to login.
>
> since im trying to setup a smb.conf with minimal changes, i only added :
> auth methods = sam, winbind
>
> restarted samba on both DC's
>
> and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine.
> So i hope this info helps in debugging ..
>
> config file used,
> # Global parameters
> [global]
>          workgroup = DOMAIN
>          realm = DOMAIN.TESTING
>          netbios name = DC1
>          server role = active directory domain controller
>          server services = -dns
>          auth methods = sam, winbind
>          idmap_ldb:use rfc2307 = yes
>
>          interfaces = 127.0.0.1 192.168.0.1
>          bind interfaces only = yes
>          time server = yes
>          wins support = yes
>
>          idmap config * : backend = tdb
>          idmap config * : range = 2000-9999
>          idmap config DOMAIN : backend = ad
>          idmap config DOMAIN : schema_mode = rfc2307
>          idmap config DOMAIN : range = 10000-3999999
>
>          # Use home directory and shell information from AD
>          winbind nss info = rfc2307
>
>          winbind trusted domains only = no
>          winbind use default domain = yes
>          winbind expand groups = 3
>
>
> Greetings,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: Andrew Bartlett [mailto:abartlet at samba.org]
>> Verzonden: maandag 27 april 2015 8:37
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
>>
>> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:
>>> sorry for the noise..
>>>
>>> I missed the solution in my mail. just saw it online..
>>>
>>> The working version for rdp login..
>>> I can confirm also that after adding these to the smb.conf
>>>
>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
>> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc
>>> auth methods = sam, winbind, ntdomain, ntdomain:winbind
>>>
>>> I was able to login with RDP also.
>>> sernet samba 4.2.1 - Windows 7 64bit.
>>>
>> To be VERY clear, neither of these things are solutions.  They are
>> debugging aids, but running in either of these configurations in the
>> long term (I say this because in Samba, suggestions like this
>> turn up in
>> google for years) will just result in pain.
>>
>> 'smb' means the NTVFS file server, and while quite capable, and still
>> tested, it hasn't been worked on in years, and has no support
>> for things
>> like POSIX ACLS, SMB3, VFS modules and unix extensions.
>>
>> the changes to 'auth methods' makes the server behave in a weird
>> combination of an NT4 DC and an AD DC.
>>
>> That said, I find it most intriguing that these help, and that
>> information has been recorded on the bug, and will assist
>> those who made
>> the change between 4.1 and 4.2.
>>
>> Andrew Bartlett
>>
>> -- 
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT
>> http://catalyst.net.nz/services/samba
>>
>>
>>
Looking at the smb.conf manpage the winbind method is prefered in most 
cases. Also I read the manual as the entries are tried in the order used 
in smb.conf. Can you test if it also works with "auth methods = winbind 
sam", seems to me to be an even less intrusive modification. :-)

achim~

More information about the samba mailing list