[Samba] samba 4.2 RDP problem (extra debug info)

Thu Apr 30 08:18:25 MDT 2015

I see with in Achim response, " Also I read the manual . . ." 

What manual? How do I a copy of "the manual?" 

Just asking. 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [4]

"Everyone deserves an award!!"

On 2015-04-30 08:51, Achim Gottinger wrote: 

> Hi Louis,
> 
> Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:
> Hai.. After a new setup i was confronted again with the unable to login with RDP. so here is some extra info for the debugging this. I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. and again unable to login. since im trying to setup a smb.conf with minimal changes, i only added : auth methods = sam, winbind restarted samba on both DC's and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. So i hope this info helps in debugging .. config file used, # Global parameters [global] workgroup = DOMAIN realm = DOMAIN.TESTING netbios name = DC1 server role = active directory domain controller server services = -dns auth methods = sam, winbind idmap_ldb:use rfc2307 = yes interfaces = 127.0.0.1 192.168.0.1 bind interfaces only = yes time server = yes wins support = yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config DOMAIN : backend = ad idmap config DOMAIN : schema_mode = rfc
 2307
idmap config DOMAIN : range = 10000-3999999 # Use home directory and shell information from AD winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind expand groups = 3 Greetings, Louis -----Oorspronkelijk bericht----- Van: Andrew Bartlett [mailto:abartlet at samba.org] Verzonden: maandag 27 april 2015 8:37 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: sorry for the noise.. I missed the solution in my mail. just saw it online.. The working version for rdp login.. I can confirm also that after adding these to the smb.conf dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc auth methods = sam, winbind, ntdomain, ntdomain:winbind I was able to login with RDP also. sernet samba 4.2.1 - Windows 7 64bi
 t. To be
VERY clear, neither of these things are solutions. They are debugging aids, but running in either of these configurations in the long term (I say this because in Samba, suggestions like this turn up in google for years) will just result in pain. 'smb' means the NTVFS file server, and while quite capable, and still tested, it hasn't been worked on in years, and has no support for things like POSIX ACLS, SMB3, VFS modules and unix extensions. the changes to 'auth methods' makes the server behave in a weird combination of an NT4 DC and an AD DC. That said, I find it most intriguing that these help, and that information has been recorded on the bug, and will assist those who made the change between 4.1 and 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team http://samba.org [2] Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba [3]

Looking at the smb.conf manpage the winbind method is prefered in most
cases. Also I read the manual as the entries are tried in the order used
in smb.conf. Can you test if it also works with "auth methods = winbind
sam", seems to me to be an even less intrusive modification. :-)

achim~

Links:
------
[1] http://samba.org/~abartlet/
[2] http://samba.org
[3] http://catalyst.net.nz/services/samba
[4] http://www.donelsontrophy.com