[Samba] samba 4.2 RDP problem (extra debug info)

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 08:33:46 MDT 2015 

Hai Achim, 

i have tested the following : 

auth methods = winbind 

result RDP login works, 
ADUC does not work. 

test with : 
auth methods = winbind, sam

RDP and ADUC works, DNS tools also works. 

logged in as DOMAIN\administrator 


Greetz, 

Louis



>-----Oorspronkelijk bericht-----
>Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org] 
>Namens Achim Gottinger
>Verzonden: donderdag 30 april 2015 15:52
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba 4.2 RDP problem (extra debug info)
>
>Hi Louis,
>
>Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:
>> Hai..
>>
>> After a new setup i was confronted again with the unable to 
>login with RDP.
>> so here is some extra info for the debugging this.
>>
>> I used RDP to connect a Windows 7 64 bit, connected in rdp 
>with ipadres of the pc.
>> and again unable to login.
>>
>> since im trying to setup a smb.conf with minimal changes, i 
>only added :
>> auth methods = sam, winbind
>>
>> restarted samba on both DC's
>>
>> and yes.. im able to login again, ADUC works, i can add 
>users .. and DNS tool did also work fine.
>> So i hope this info helps in debugging ..
>>
>> config file used,
>> # Global parameters
>> [global]
>>          workgroup = DOMAIN
>>          realm = DOMAIN.TESTING
>>          netbios name = DC1
>>          server role = active directory domain controller
>>          server services = -dns
>>          auth methods = sam, winbind
>>          idmap_ldb:use rfc2307 = yes
>>
>>          interfaces = 127.0.0.1 192.168.0.1
>>          bind interfaces only = yes
>>          time server = yes
>>          wins support = yes
>>
>>          idmap config * : backend = tdb
>>          idmap config * : range = 2000-9999
>>          idmap config DOMAIN : backend = ad
>>          idmap config DOMAIN : schema_mode = rfc2307
>>          idmap config DOMAIN : range = 10000-3999999
>>
>>          # Use home directory and shell information from AD
>>          winbind nss info = rfc2307
>>
>>          winbind trusted domains only = no
>>          winbind use default domain = yes
>>          winbind expand groups = 3
>>
>>
>> Greetings,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: Andrew Bartlett [mailto:abartlet at samba.org]
>>> Verzonden: maandag 27 april 2015 8:37
>>> Aan: L.P.H. van Belle
>>> CC: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
>>>
>>> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:
>>>> sorry for the noise..
>>>>
>>>> I missed the solution in my mail. just saw it online..
>>>>
>>>> The working version for rdp login..
>>>> I can confirm also that after adding these to the smb.conf
>>>>
>>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
>>> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc
>>>> auth methods = sam, winbind, ntdomain, ntdomain:winbind
>>>>
>>>> I was able to login with RDP also.
>>>> sernet samba 4.2.1 - Windows 7 64bit.
>>>>
>>> To be VERY clear, neither of these things are solutions.  They are
>>> debugging aids, but running in either of these configurations in the
>>> long term (I say this because in Samba, suggestions like this
>>> turn up in
>>> google for years) will just result in pain.
>>>
>>> 'smb' means the NTVFS file server, and while quite capable, 
>and still
>>> tested, it hasn't been worked on in years, and has no support
>>> for things
>>> like POSIX ACLS, SMB3, VFS modules and unix extensions.
>>>
>>> the changes to 'auth methods' makes the server behave in a weird
>>> combination of an NT4 DC and an AD DC.
>>>
>>> That said, I find it most intriguing that these help, and that
>>> information has been recorded on the bug, and will assist
>>> those who made
>>> the change between 4.1 and 4.2.
>>>
>>> Andrew Bartlett
>>>
>>> -- 
>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team  http://samba.org
>>> Samba Developer, Catalyst IT
>>> http://catalyst.net.nz/services/samba
>>>
>>>
>>>
>Looking at the smb.conf manpage the winbind method is prefered in most 
>cases. Also I read the manual as the entries are tried in the 
>order used 
>in smb.conf. Can you test if it also works with "auth methods 
>= winbind 
>sam", seems to me to be an even less intrusive modification. :-)
>
>achim~
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list