Re: [Samba] Domain login - XP 64 -> Samba

Sat, 18 Jun 2005 08:07:55 -0700 

Jeremy Allison wrote:

On Fri, Jun 17, 2005 at 04:49:18PM -0700, Jeremy Allison wrote:


On Fri, Jun 17, 2005 at 05:38:17PM -0400, Brian Ruth wrote:
I currently have samba setup as a file/login server. A variety of clients running Windows 2000 and XP 32-bit authenticate normally without any issues. I just brought up a Windows XP 64-bit box made the standard group policy changes and joined the domain without any issues. When attempting to login against the domain Windows returns "A remote procedure call (RPC) protocol error occurred". 

I've been looking into this with the help of Björn JACKE <[EMAIL PROTECTED]>.

So far I've discovered that an XP-64 box seems to do an schannel RPC
NETLOGON bind with packet integrety selected (5), but an XP-32 box
does the same call with packet privacy (6) selected. This may just
be a difference between the registry settings on the 64-bit client test
machine (I don't have one here) and my 32-bit vmware XP test machine.

It's the reply to the NetrLogonSamLogon request that the 64-bit
client doesn't seem to like - after that it shuts down the connection
and doesn't talk more. The 32-bit client seems happy with the same
reply...

I'm still investigating, but without a 64-bit client box to test with
it's slow going...



Ok, Thanks to Luke Howard of PADL who pointed out the RPC authenticator
must be 64-bit aligned I've committed a small fix to the RPC schannel
code which I'm hoping will fix the 64-bit Windows domain logon to a
Samba PDC.

Either check out SAMBA_3_0 SVN code or apply the attached patch to
a Samba 3.0.14a tree and if people with this problem (that's you
Brian and you Björn :-) could test it I'd appreciate it. We were
already 8 byte aligning the authenticators for NTLMSSP sign & seal
RPC's but we'd missed doing the same for schannel ones - this fixes
that oversight.

Please let me know if this fixes it.

Thanks,

        Jeremy.


The patched version of 3.0.14a works perfectly.

Thanks,
Brian

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to