Bug 5463 - schannel/NetrLogonGetDomainInfo between XP and Samba4-DC
schannel/NetrLogonGetDomainInfo between XP and Samba4-DC
Product: Samba 4.0
Classification: Unclassified
Component: Other
x64 Linux
: P3 normal
: ---
Assigned To: Andrew Bartlett
Andrew Bartlett
Depends on:
  Show dependency treegraph
Reported: 2008-05-13 22:30 UTC by Stephen Zarkos
Modified: 2008-08-13 20:40 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Zarkos 2008-05-13 22:30:33 UTC
Tested Samba4.0.0 from git 2008-05-13

There seems to be an issue with schannel in Samba4.  Andrew, this is the same issue I mentioned a little while ago regarding schannel and the NetrLogonGetDomainInfo RPC call.  I hope this description is a little more helpful this time ;)

This can be reproduced with the nltest utility (from the NT4 Resource Kit).  From an XP system connected to a Samba4 DC run "nltest /sc_reset:<Samba4DC-FQDN>"

C:\> nltest /sc_reset:<Samba4_Domain>
I_NetLogonControl failed: Status = 1728 0x6c0 RPC_S_PROTOCOL_ERROR

Here's another scenario, maybe easier to test:

 - On the Samba4 DC, create two user accounts, TEST1 and TEST2.
 - Join two XP systems to the Samba4-DC, called here XP1 and XP2.
 - Log onto XP1 and XP2 using TEST1.
 - From XP1, type: net use \\<IP_Address_of_XP2> /u:<Samba4_Domain>\TEST2 <password of TEST2>

The "net use" fails between XP2 and the Samba4-DC, I believe for the same reason as nltest fails.

C:\>net use \\ /u:SAMBA4.TEST\test2 password
System error 1311 has occurred.

There are currently no logon servers available to service the logon request.
Comment 1 Andrew Bartlett 2008-05-13 22:41:18 UTC
Any chance of a network trace, and/or a URL for the NT4 resource kit?

Comment 2 Stephen Zarkos 2008-05-14 00:21:57 UTC
(In reply to comment #1)
> Any chance of a network trace, and/or a URL for the NT4 resource kit?
> Thanks!

I don't have a trace at the moment, I'll see if I can get one tomorrow.

The NT4 Resource Kit is here (free download):

Comment 3 Matthias Dieter Wallnöfer 2008-08-02 08:41:59 UTC
Have we here any progress?
Comment 4 Andrew Bartlett 2008-08-03 20:09:57 UTC
This should be fixed in current GIT - we needed to support (ie, not reject at least) binds with an assoc_group_id set.
Comment 5 Andrew Bartlett 2008-08-13 20:40:42 UTC
Resolving as FIXED.