Bug 6255 - cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER
cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER
Product: Samba 3.3
Classification: Unclassified
Component: Domain Control
Other Linux
: P3 critical
: ---
Assigned To: Guenther Deschner
Samba QA Contact
Depends on: 6099
  Show dependency treegraph
Reported: 2009-04-09 19:00 UTC by Sven Strickroth
Modified: 2009-09-09 08:16 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Sven Strickroth 2009-04-09 19:00:58 UTC
I updated my samba PDC from 3.0.33 to 3.3.3 and now a lot of other tools fail.

A second server (still samba 3.0.33) on which winbind is running, not cannot connect anymore:
message on second server:
"Apr 10 01:49:27 backup winbindd[1481]: [2009/04/10 01:49:27, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2229)
Apr 10 01:49:27 backup winbindd[1481]:   initialize_winbindd_cache: clearing cache and re-creating with version number 1
Apr 10 01:49:27 backup winbindd[1482]: [2009/04/10 01:49:27, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)
Apr 10 01:49:27 backup winbindd[1482]:   cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER"

PDC outputs:
"Apr 10 01:49:26 fileserver smbd[30777]: [2009/04/10 01:49:26,  0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
Apr 10 01:49:26 fileserver smbd[30777]:   _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client BACKUPSERVER machine account BACKUPSERVER$"

If it is a broken login the message should say this (but don't suppose that this is the reason) - I remember a quite similar problem with mod_smb_auth for apache when compiled with samba 3.0.0 - then there is no authentication possibl anymore against samba > 3.2
Comment 1 Sven Strickroth 2009-04-09 19:04:25 UTC
updating the second server to samba 3.3.3 solved the problem w/o rejoining the domain. - so it seems that there is something broken
Comment 2 Guenther Deschner 2009-04-28 17:23:12 UTC
Reproduced the spnego reply parse failure in 3-0-test winbindd while talking also to a 3.2.11 PDC.
Comment 3 Guenther Deschner 2009-05-19 03:26:40 UTC
Parts of the issues described here will be fixed with bug #6099.
Comment 4 Karolin Seeger 2009-05-19 04:11:04 UTC
Patches for bug #6099 will be included in 3.2.12 and 3.3.5.
Comment 5 Guenther Deschner 2009-06-18 10:32:07 UTC
Ok, that one is strange. Seems like winbind is not reseting the credential chain after having received NT_STATUS_INVALID_PARAMETER from the SamLogon call (due to broken credential chain).

Once I restart winbind, it usually works again.
Comment 6 Guenther Deschner 2009-09-09 08:16:25 UTC
Closing as fixed then.