Bug 76 - Schannel Broken and Breaks Win2k Pro logons
Summary: Schannel Broken and Breaks Win2k Pro logons
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.0preX
Hardware: All Windows 2000
: P2 regression
Target Milestone: none
Assignee: Tim Potter
QA Contact:
Depends on:
Reported: 2003-05-08 14:33 UTC by John H Terpstra (mail address dead(
Modified: 2005-08-24 10:17 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra (mail address dead( 2003-05-08 14:33:10 UTC
rpc_server/src_pipe.c:api_pipe_netsec_proces(1346) Invalid auth info 68 or level
5 on schannel

rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to 
do schaneed processing

Error dialog says: The system can not log you on due to the following error:
The procedure number is out of range.
Please try again or cosilt your system administrator
Comment 1 John H Terpstra (mail address dead( 2003-05-08 14:33:43 UTC
Note: Problem is with current CVS code
Comment 2 John H Terpstra (mail address dead( 2003-05-08 14:42:15 UTC
Note: Disabling of schannel on Samba restores operation.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2003-05-12 10:54:26 UTC
giving this to TIm since he's been working on it anyways.
Comment 4 Tim Potter 2003-05-12 18:28:59 UTC
I've fixed the secure channel stuff as it portains to net rpc vampire and wbinfo
-t.  There still seems to be a problem with wbinfo -a though.

Do we really need to use secure channel when doing anything with winbindd?  I
guess it prevents MITM attacks when returning info3 data.
Comment 5 Tim Potter 2003-05-12 18:55:28 UTC
wbinfo -a does work - need to run it as root because of the secure pipe business
Comment 6 John H Terpstra (mail address dead( 2003-06-14 23:29:16 UTC
Current CVS Code June 14, 2003, clear OK.

Bug closed out in my opinion.

Note: If Invalid auth info 68 or level 5 on schannel is reported then check that
the registry setting for:

"Network: Digitally sign secure channel data (when possible)" is set to Enabled

This info should go into the HOWTO also.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:54:24 UTC
originally reported against 3.0alpha23.  Bugzilla spring cleaning.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:21 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.