[Samba] samba 4.2 RDP problem

Heinz Hölzl heinz.hoelzl at gvcc.net
Tue Mar 17 04:51:38 MDT 2015 

> > Hello Heinz,
> > 
> > Am 13.03.2015 um 18:26 schrieb Heinz Hölzl:
> > > i did some tests wit samba 4.2 as a ADS DC on arch linux.
> > > On a Win8.1 client i can do local logins as every user,
> > > i can login via RDP as local user, but i am not able to
> > > login as a domain user via RDP.
> > > After the loginscreen, appears  "Welcome" and the
> > > mousepointer continues to spinn....
> > > 
> > > Same issue on Ubuntu 14.04, samba 4.2 installed from source.
> > > 
> > > On Ubuntu and samba 4.1.17 (installed also from source) all works fine.
> > 
> > I don't have 4.2 in production at work. But I tried in my test
> > environment here at home (2 DCs - both 4.2.0):
> > 
> > RDP
> > Win10 -> Win81: OK
> > Win10 -> Win7: OK
> > Win81 -> Win7: OK
> > Win7 -> Win81: OK
> > 
> > For testing I created a new user (no home drive, no logonscript, no
> > server base profile, etc.) in AD and allowed the domain group "domain
> > users" to login via RDP on all three machines.
> > 
> > I can't see a problem here.
> > 
> > * What does the Windows event log says?
> > * Any interesting messages on your DC logfile?
> > * Can you temporary disable logonscript, connection of home drive, etc.)?
> > 
> > 
> > Regards,
> > Marc
>  
> hi,
> 
> i see nothing in the eventviewer, and no errors in the samba logs.
> 
> With samba 4.1.17 i can see a lot of rpc commands:
> ...
> 
> 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787)
>   api_pipe_bind_req: winreg -> winreg rpc service
>   check_bind_req for \winreg
>   check_bind_req: winreg -> winreg rpc service
>   ldb_wrap open of secrets.ldb
>   check_bind_req for \winreg
>   check_bind_req: winreg -> winreg rpc service
>   ldb_wrap open of privilege.ldb
>   api_rpcTNP: rpc command: WINREG_OPENHKLM
>   api_pipe_bind_req: winreg -> winreg rpc service
>   check_bind_req for \winreg
>   check_bind_req: winreg -> winreg rpc service
>   api_rpcTNP: rpc command: WINREG_OPENHKLM
>   api_rpcTNP: rpc command: WINREG_GETVERSION
>   api_rpcTNP: rpc command: WINREG_OPENKEY
>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
> .....
> 
> 
> on samba 4.2.0 there is olnly the first rpc command:
> ...
> 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341)
>   api_pipe_bind_req: winreg -> winreg rpc service
>   check_bind_req for winreg
>   check_bind_req: winreg -> winreg rpc service
>   ldb_wrap open of secrets.ldb
>   check_bind_req for winreg
>   check_bind_req: winreg -> winreg rpc service
>   ldb_wrap open of privilege.ldb
>   api_rpcTNP: rpc command: WINREG_OPENHKLM
> 
> and here the login hangs...




Edit: 
I used wireshark to compare the communication between client and server:

On samba 4.1.17
in the log.smbd there is a WINREG_OPENHKLM request.
on Wireshark i see the following:
- WINREG: OPENHKLM request
- SMB2: Read Request File: winreg
- SMB2: Read Response, Error: STATUS_END_OF_FILE
- SMB2: Close Request File: winfre
- SMB2: Close Response
...

On samba 4.2.0
in the log.smbd there is a WINREG_OPENHKLM request.
on Wireshark i see the following:
- WINREG: OPENHKLM request
- SMB2: Read Request File: winreg
- SMB2: Read Response, Error: STATUS_PENDING

More information about the samba mailing list