Winbindd getting NT_STATUS_RPC_SEC_PKG_ERROR from DC
Jeremy Allison
jra at samba.org
Tue Jun 20 20:20:15 UTC 2017
On Tue, Jun 20, 2017 at 01:13:15PM -0700, Richard Sharpe via samba-technical wrote:
> Hi folks,
>
> We have seen a few instances of the following error message in the
> winbindd log files:
>
> [2017/06/13 17:48:16.110444, 0]
> ../source3/rpc_client/cli_pipe.c:3326(cli_rpc_pipe_open_schannel_with_creds)
> netlogon_creds_cli_check failed with NT_STATUS_RPC_SEC_PKG_ERROR
>
> This is with 4.5.9. Is this usual?
That can come from:
status = gensec_unseal_packet(gensec,
raw_packet->data + payload_offset,
payload_and_verifier->length,
raw_packet->data,
raw_packet->length -
auth.credentials.length,
&auth.credentials);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_RPC_SEC_PKG_ERROR;
}
or:
case DCERPC_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PACKET:
status = gensec_check_packet(gensec,
payload_and_verifier->data,
payload_and_verifier->length,
raw_packet->data,
raw_packet->length -
auth.credentials.length,
&auth.credentials);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_RPC_SEC_PKG_ERROR;
}
or signature length missmatch:
if (sig.length != sig_size) {
TALLOC_FREE(frame);
return NT_STATUS_RPC_SEC_PKG_ERROR;
}
More information about the samba-technical
mailing list