Server's Role (logon server) NOT ADVISED with domain-level security Try this.
make sure that security is set to user level not domain level On 6/18/05, Brian Ruth <[EMAIL PROTECTED]> wrote: > Jeremy Allison wrote: > > On Fri, Jun 17, 2005 at 04:49:18PM -0700, Jeremy Allison wrote: > > > >>On Fri, Jun 17, 2005 at 05:38:17PM -0400, Brian Ruth wrote: > >> > >>>I currently have samba setup as a file/login server. A variety of > >>>clients running Windows 2000 and XP 32-bit authenticate normally without > >>>any issues. I just brought up a Windows XP 64-bit box made the standard > >>>group policy changes and joined the domain without any issues. When > >>>attempting to login against the domain Windows returns "A remote > >>>procedure call (RPC) protocol error occurred". > >> > >>I've been looking into this with the help of Björn JACKE <[EMAIL > >>PROTECTED]>. > >> > >>So far I've discovered that an XP-64 box seems to do an schannel RPC > >>NETLOGON bind with packet integrety selected (5), but an XP-32 box > >>does the same call with packet privacy (6) selected. This may just > >>be a difference between the registry settings on the 64-bit client test > >>machine (I don't have one here) and my 32-bit vmware XP test machine. > >> > >>It's the reply to the NetrLogonSamLogon request that the 64-bit > >>client doesn't seem to like - after that it shuts down the connection > >>and doesn't talk more. The 32-bit client seems happy with the same > >>reply... > >> > >>I'm still investigating, but without a 64-bit client box to test with > >>it's slow going... > > > > > > Ok, Thanks to Luke Howard of PADL who pointed out the RPC authenticator > > must be 64-bit aligned I've committed a small fix to the RPC schannel > > code which I'm hoping will fix the 64-bit Windows domain logon to a > > Samba PDC. > > > > Either check out SAMBA_3_0 SVN code or apply the attached patch to > > a Samba 3.0.14a tree and if people with this problem (that's you > > Brian and you Björn :-) could test it I'd appreciate it. We were > > already 8 byte aligning the authenticators for NTLMSSP sign & seal > > RPC's but we'd missed doing the same for schannel ones - this fixes > > that oversight. > > > > Please let me know if this fixes it. > > > > Thanks, > > > > Jeremy. > > The patched version of 3.0.14a works perfectly. > > Thanks, > Brian > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
