[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed May 11 15:06:46 UTC 2016
Is this a "classic" domain or AD ?
Can you precreate the samba account ?
e.g.
#smbpasswd -m -a YOURMACHINENAME
Looks like you are using an LDAP backend. I recently patched a
synology NAS server (running samba 4.x.) The domain is a "classic"
domain with Samba 3.6.x DC's. The NAS server lost its domain
membership. I could (after some config tweeks) rejoin domain if I
created the samba account 1st. (But "net rpc testjoin" is still
failing. ) Some of your error messages may be similar.
On 05/07/16 05:49, Meg wrote:
> dear samba community,
>
> we have a big problem on joining a Samba 3.5.6 PDC.
> Hopefully anyone has an idea/suggestion.
>
> When trying to join with a Samba 4.2.10 or 4.3.9 we got the following
> error on client site:
>
> Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
> cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
> NT_STATUS_RPC_PROTOCOL_ERROR
> libnet_join_ok: failed to open schannel session on netlogon pipe to
> server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR
> Failed to join domain: failed to verify domain membership after joining:
> An RPC protocol error occurred.
>
> the following is logged by winbind:
>
> [2016/05/03 15:00:22.939792, 0]
> ../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done)
> Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
> [2016/05/03 15:00:22.939905, 0]
> ../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key)
>
> cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
> NT_STATUS_RPC_PROTOCOL_ERROR
>
> On serversite only the following is logged:
>
> [2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password)
> check_ntlm_password: authentication for user [MACHINENAME$] ->
> [MACHINENAME$] -> [MACHINENAME$] succeeded
> [2016/05/03 15:42:43.216510, 2]
> passdb/pdb_ldap.c:572(init_sam_from_ldap)
> init_sam_from_ldap: Entry found for user: rz-vm57$
> [2016/05/03 15:42:43.219008, 2]
> passdb/pdb_ldap.c:2446(init_group_from_ldap)
> init_group_from_ldap: Entry found for group: 200
> [2016/05/03 15:42:43.219478, 2]
> ../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
> credentials check failed
> [2016/05/03 15:42:43.219523, 0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client MACHINENAME machine account
> MACHINENAME$
>
>
> Settings 4.2.10:
>
> [global]
> workgroup = RZ
> server string = Samba Server Version %v
> security = DOMAIN
> client schannel = No
> client NTLMv2 auth = No
> log file = /var/log/samba/log.%m
> max log size = 500
> winbind nss info = rfc2307 template
> require strong key = No
> client ipc signing = if_required
> idmap config * : backend = tdb
>
> Settings 4.3.9:
>
> [global]
> workgroup = RZ
> server string = Samba Server Version %v
> security = DOMAIN
> log file = /var/log/samba/log.%m_%u_%S
> max log size = 1024
> client ipc signing = if_required
> idmap config * : backend = tdb
> cups options = raw
>
> Settings 3.5.6:
>
> [global]
> workgroup = RZ
> netbios name = RZ
> server string = SMBRZ Samba Server %v
> map to guest = Bad User
> passdb backend = ldapsam:ldap://***
> log level = 2
> log file = /opt/samba/log/smb.log
> max log size = 50000
> unix extensions = No
> domain logons = Yes
> os level = 99
> domain master = Yes
> ldap admin dn = ***
> ldap group suffix = ou=posix
> ldap machine suffix = ou=machines
> ldap suffix = ***
> ldap user suffix = ou=people
> usershare allow guests = Yes
> wide links = Yes
>
> thx a lot,
> meg
>
More information about the samba
mailing list