The Samba-Bugzilla – Bug 5463
schannel/NetrLogonGetDomainInfo between XP and Samba4-DC
Last modified: 2008-08-13 20:40:42 UTC
Tested Samba4.0.0 from git 2008-05-13
There seems to be an issue with schannel in Samba4. Andrew, this is the same issue I mentioned a little while ago regarding schannel and the NetrLogonGetDomainInfo RPC call. I hope this description is a little more helpful this time ;)
This can be reproduced with the nltest utility (from the NT4 Resource Kit). From an XP system connected to a Samba4 DC run "nltest /sc_reset:<Samba4DC-FQDN>"
C:\> nltest /sc_reset:<Samba4_Domain>
I_NetLogonControl failed: Status = 1728 0x6c0 RPC_S_PROTOCOL_ERROR
Here's another scenario, maybe easier to test:
- On the Samba4 DC, create two user accounts, TEST1 and TEST2.
- Join two XP systems to the Samba4-DC, called here XP1 and XP2.
- Log onto XP1 and XP2 using TEST1.
- From XP1, type: net use \\<IP_Address_of_XP2> /u:<Samba4_Domain>\TEST2 <password of TEST2>
The "net use" fails between XP2 and the Samba4-DC, I believe for the same reason as nltest fails.
C:\>net use \\188.8.131.52 /u:SAMBA4.TEST\test2 password
System error 1311 has occurred.
There are currently no logon servers available to service the logon request.
Any chance of a network trace, and/or a URL for the NT4 resource kit?
(In reply to comment #1)
> Any chance of a network trace, and/or a URL for the NT4 resource kit?
I don't have a trace at the moment, I'll see if I can get one tomorrow.
The NT4 Resource Kit is here (free download):
Have we here any progress?
This should be fixed in current GIT - we needed to support (ie, not reject at least) binds with an assoc_group_id set.
Resolving as FIXED.