[Samba] samba 4.2 RDP problem

me at tdiehl.org me at tdiehl.org
Tue Mar 17 17:27:19 MDT 2015 

Hi,

On Tue, 17 Mar 2015, Heinz Hölzl wrote:

>>> Hello Heinz,
>>>
>>> Am 13.03.2015 um 18:26 schrieb Heinz Hölzl:
>>>> i did some tests wit samba 4.2 as a ADS DC on arch linux.
>>>> On a Win8.1 client i can do local logins as every user,
>>>> i can login via RDP as local user, but i am not able to
>>>> login as a domain user via RDP.
>>>> After the loginscreen, appears  "Welcome" and the
>>>> mousepointer continues to spinn....
>>>>
>>>> Same issue on Ubuntu 14.04, samba 4.2 installed from source.
>>>>
>>>> On Ubuntu and samba 4.1.17 (installed also from source) all works fine.
>>>
>>> I don't have 4.2 in production at work. But I tried in my test
>>> environment here at home (2 DCs - both 4.2.0):
>>>
>>> RDP
>>> Win10 -> Win81: OK
>>> Win10 -> Win7: OK
>>> Win81 -> Win7: OK
>>> Win7 -> Win81: OK
>>>
>>> For testing I created a new user (no home drive, no logonscript, no
>>> server base profile, etc.) in AD and allowed the domain group "domain
>>> users" to login via RDP on all three machines.
>>>
>>> I can't see a problem here.
>>>
>>> * What does the Windows event log says?
>>> * Any interesting messages on your DC logfile?
>>> * Can you temporary disable logonscript, connection of home drive, etc.)?
>>>
>>>
>>> Regards,
>>> Marc
>>
>> hi,
>>
>> i see nothing in the eventviewer, and no errors in the samba logs.
>>
>> With samba 4.1.17 i can see a lot of rpc commands:
>> ...
>>
>> 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787)
>>   api_pipe_bind_req: winreg -> winreg rpc service
>>   check_bind_req for \winreg
>>   check_bind_req: winreg -> winreg rpc service
>>   ldb_wrap open of secrets.ldb
>>   check_bind_req for \winreg
>>   check_bind_req: winreg -> winreg rpc service
>>   ldb_wrap open of privilege.ldb
>>   api_rpcTNP: rpc command: WINREG_OPENHKLM
>>   api_pipe_bind_req: winreg -> winreg rpc service
>>   check_bind_req for \winreg
>>   check_bind_req: winreg -> winreg rpc service
>>   api_rpcTNP: rpc command: WINREG_OPENHKLM
>>   api_rpcTNP: rpc command: WINREG_GETVERSION
>>   api_rpcTNP: rpc command: WINREG_OPENKEY
>>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>>   api_rpcTNP: rpc command: WINREG_QUERYVALUE
>> .....
>>
>>
>> on samba 4.2.0 there is olnly the first rpc command:
>> ...
>> 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341)
>>   api_pipe_bind_req: winreg -> winreg rpc service
>>   check_bind_req for winreg
>>   check_bind_req: winreg -> winreg rpc service
>>   ldb_wrap open of secrets.ldb
>>   check_bind_req for winreg
>>   check_bind_req: winreg -> winreg rpc service
>>   ldb_wrap open of privilege.ldb
>>   api_rpcTNP: rpc command: WINREG_OPENHKLM
>>
>> and here the login hangs...
>
>
>
>
> Edit:
> I used wireshark to compare the communication between client and server:
>
> On samba 4.1.17
> in the log.smbd there is a WINREG_OPENHKLM request.
> on Wireshark i see the following:
> - WINREG: OPENHKLM request
> - SMB2: Read Request File: winreg
> - SMB2: Read Response, Error: STATUS_END_OF_FILE
> - SMB2: Close Request File: winfre
> - SMB2: Close Response
> ...
>
> On samba 4.2.0
> in the log.smbd there is a WINREG_OPENHKLM request.
> on Wireshark i see the following:
> - WINREG: OPENHKLM request
> - SMB2: Read Request File: winreg
> - SMB2: Read Response, Error: STATUS_PENDING

I too am seeing this problem. I just setup a new Domain on a single 4.2 DC
compiled from src (No sernet rpms available yet) :-( running on a Centos 7 VM.

I have 3 win 7 machines in my office. If I login to the console using a domain
account and then try to rdp to that machine I immediatly get a login prompt as
expected. Once I put in the username and passwd, the
welcome screen and the spinning cursor come up and that is as far as I can get.
I left this run for over an hour but was never able to login. It does not matter
which machine I rdp to. The results are the same. Also, the console
on the machine I am trying to establish the rdp session with, never locks.

I can login to any local machine account via rdp and it works as advertised.

I did look at a packet dump on the machine I am trying to rdp to and I see
the above packets in the output. I do not have a 4.1 controller to test with.

If someone wants to see a .pcap file, let me know. Most of the traffic in the
.pcap file is between the 2 machines trying to establish the rdp session. There
are only a few packets going to the DC.

Anyone have any ideas how to troubleshoot this?

Regards,

-- 
Tom			me at tdiehl.org		Spamtrap address	 		me123 at tdiehl.org

More information about the samba mailing list