[Samba] samba 4.2 RDP problem (extra debug info)
achim at ag-web.biz
Thu Apr 30 07:51:43 MDT 2015
Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:
> After a new setup i was confronted again with the unable to login with RDP.
> so here is some extra info for the debugging this.
> I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc.
> and again unable to login.
> since im trying to setup a smb.conf with minimal changes, i only added :
> auth methods = sam, winbind
> restarted samba on both DC's
> and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine.
> So i hope this info helps in debugging ..
> config file used,
> # Global parameters
> workgroup = DOMAIN
> realm = DOMAIN.TESTING
> netbios name = DC1
> server role = active directory domain controller
> server services = -dns
> auth methods = sam, winbind
> idmap_ldb:use rfc2307 = yes
> interfaces = 127.0.0.1 192.168.0.1
> bind interfaces only = yes
> time server = yes
> wins support = yes
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config DOMAIN : backend = ad
> idmap config DOMAIN : schema_mode = rfc2307
> idmap config DOMAIN : range = 10000-3999999
> # Use home directory and shell information from AD
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind expand groups = 3
>> -----Oorspronkelijk bericht-----
>> Van: Andrew Bartlett [mailto:abartlet at samba.org]
>> Verzonden: maandag 27 april 2015 8:37
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
>> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:
>>> sorry for the noise..
>>> I missed the solution in my mail. just saw it online..
>>> The working version for rdp login..
>>> I can confirm also that after adding these to the smb.conf
>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
>> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc
>>> auth methods = sam, winbind, ntdomain, ntdomain:winbind
>>> I was able to login with RDP also.
>>> sernet samba 4.2.1 - Windows 7 64bit.
>> To be VERY clear, neither of these things are solutions. They are
>> debugging aids, but running in either of these configurations in the
>> long term (I say this because in Samba, suggestions like this
>> turn up in
>> google for years) will just result in pain.
>> 'smb' means the NTVFS file server, and while quite capable, and still
>> tested, it hasn't been worked on in years, and has no support
>> for things
>> like POSIX ACLS, SMB3, VFS modules and unix extensions.
>> the changes to 'auth methods' makes the server behave in a weird
>> combination of an NT4 DC and an AD DC.
>> That said, I find it most intriguing that these help, and that
>> information has been recorded on the bug, and will assist
>> those who made
>> the change between 4.1 and 4.2.
>> Andrew Bartlett
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT
Looking at the smb.conf manpage the winbind method is prefered in most
cases. Also I read the manual as the entries are tried in the order used
in smb.conf. Can you test if it also works with "auth methods = winbind
sam", seems to me to be an even less intrusive modification. :-)
More information about the samba