[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR

Fri May 6 14:50:42 UTC 2016

dear samba community,

we have a big problem on joining a Samba 3.5.6 PDC.
Hopefully anyone has an idea/suggestion.

When trying to join with a Samba 4.2.10 or 4.3.9 we got the following 
error on client site:

Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error 
NT_STATUS_RPC_PROTOCOL_ERROR
libnet_join_ok: failed to open schannel session on netlogon pipe to 
server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR
Failed to join domain: failed to verify domain membership after joining: 
An RPC protocol error occurred.

the following is logged by winbind:

[2016/05/03 15:00:22.939792,  0] 
../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done)
    Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
[2016/05/03 15:00:22.939905,  0] 
../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key)
    cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error 
NT_STATUS_RPC_PROTOCOL_ERROR

On serversite only the following is logged:

[2016/05/03 15:42:43.198619,  2] auth/auth.c:304(check_ntlm_password)
    check_ntlm_password:  authentication for user [MACHINENAME$] -> 
[MACHINENAME$] -> [MACHINENAME$] succeeded
[2016/05/03 15:42:43.216510,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
    init_sam_from_ldap: Entry found for user: rz-vm57$
[2016/05/03 15:42:43.219008,  2] 
passdb/pdb_ldap.c:2446(init_group_from_ldap)
    init_group_from_ldap: Entry found for group: 200
[2016/05/03 15:42:43.219478,  2] 
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
    credentials check failed
[2016/05/03 15:42:43.219523,  0] 
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
    _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
Rejecting auth request from client MACHINENAME machine account MACHINENAME$

Settings 4.2.10:

[global]
      workgroup = RZ
      server string = Samba Server Version %v
      security = DOMAIN
      client schannel = No
      client NTLMv2 auth = No
      log file = /var/log/samba/log.%m
      max log size = 500
      winbind nss info = rfc2307 template
      require strong key = No
      client ipc signing = if_required
      idmap config * : backend = tdb

Settings 4.3.9:

[global]
          workgroup = RZ
          server string = Samba Server Version %v
          security = DOMAIN
          log file = /var/log/samba/log.%m_%u_%S
          max log size = 1024
          client ipc signing = if_required
          idmap config * : backend = tdb
          cups options = raw

Settings 3.5.6:

[global]
          workgroup = RZ
          netbios name = RZ
          server string = SMBRZ Samba Server %v
          map to guest = Bad User
          passdb backend = ldapsam:ldap://***
          log level = 2
          log file = /opt/samba/log/smb.log
          max log size = 50000
          unix extensions = No
          domain logons = Yes
          os level = 99
          domain master = Yes
          ldap admin dn = ***
          ldap group suffix = ou=posix
          ldap machine suffix = ou=machines
          ldap suffix = ***
          ldap user suffix = ou=people
          usershare allow guests = Yes
          wide links = Yes

thx a lot,
meg