Meg
2016-May-06 14:50 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
dear samba community, we have a big problem on joining a Samba 3.5.6 PDC. Hopefully anyone has an idea/suggestion. When trying to join with a Samba 4.2.10 or 4.3.9 we got the following error on client site: Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR libnet_join_ok: failed to open schannel session on netlogon pipe to server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR Failed to join domain: failed to verify domain membership after joining: An RPC protocol error occurred. the following is logged by winbind: [2016/05/03 15:00:22.939792, 0] ../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done) Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. [2016/05/03 15:00:22.939905, 0] ../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key) cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR On serversite only the following is logged: [2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [MACHINENAME$] -> [MACHINENAME$] -> [MACHINENAME$] succeeded [2016/05/03 15:42:43.216510, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: rz-vm57$ [2016/05/03 15:42:43.219008, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 200 [2016/05/03 15:42:43.219478, 2] ../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal) credentials check failed [2016/05/03 15:42:43.219523, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MACHINENAME machine account MACHINENAME$ Settings 4.2.10: [global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN client schannel = No client NTLMv2 auth = No log file = /var/log/samba/log.%m max log size = 500 winbind nss info = rfc2307 template require strong key = No client ipc signing = if_required idmap config * : backend = tdb Settings 4.3.9: [global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN log file = /var/log/samba/log.%m_%u_%S max log size = 1024 client ipc signing = if_required idmap config * : backend = tdb cups options = raw Settings 3.5.6: [global] workgroup = RZ netbios name = RZ server string = SMBRZ Samba Server %v map to guest = Bad User passdb backend = ldapsam:ldap://*** log level = 2 log file = /opt/samba/log/smb.log max log size = 50000 unix extensions = No domain logons = Yes os level = 99 domain master = Yes ldap admin dn = *** ldap group suffix = ou=posix ldap machine suffix = ou=machines ldap suffix = *** ldap user suffix = ou=people usershare allow guests = Yes wide links = Yes thx a lot, meg
Meg
2016-May-07 09:49 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
dear samba community, we have a big problem on joining a Samba 3.5.6 PDC. Hopefully anyone has an idea/suggestion. When trying to join with a Samba 4.2.10 or 4.3.9 we got the following error on client site: Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR libnet_join_ok: failed to open schannel session on netlogon pipe to server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR Failed to join domain: failed to verify domain membership after joining: An RPC protocol error occurred. the following is logged by winbind: [2016/05/03 15:00:22.939792, 0] ../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done) Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. [2016/05/03 15:00:22.939905, 0] ../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key) cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR On serversite only the following is logged: [2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [MACHINENAME$] -> [MACHINENAME$] -> [MACHINENAME$] succeeded [2016/05/03 15:42:43.216510, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: rz-vm57$ [2016/05/03 15:42:43.219008, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 200 [2016/05/03 15:42:43.219478, 2] ../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal) credentials check failed [2016/05/03 15:42:43.219523, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client MACHINENAME machine account MACHINENAME$ Settings 4.2.10: [global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN client schannel = No client NTLMv2 auth = No log file = /var/log/samba/log.%m max log size = 500 winbind nss info = rfc2307 template require strong key = No client ipc signing = if_required idmap config * : backend = tdb Settings 4.3.9: [global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN log file = /var/log/samba/log.%m_%u_%S max log size = 1024 client ipc signing = if_required idmap config * : backend = tdb cups options = raw Settings 3.5.6: [global] workgroup = RZ netbios name = RZ server string = SMBRZ Samba Server %v map to guest = Bad User passdb backend = ldapsam:ldap://*** log level = 2 log file = /opt/samba/log/smb.log max log size = 50000 unix extensions = No domain logons = Yes os level = 99 domain master = Yes ldap admin dn = *** ldap group suffix = ou=posix ldap machine suffix = ou=machines ldap suffix = *** ldap user suffix = ou=people usershare allow guests = Yes wide links = Yes thx a lot, meg
Gaiseric Vandal
2016-May-11 15:06 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
Is this a "classic" domain or AD ? Can you precreate the samba account ? e.g. #smbpasswd -m -a YOURMACHINENAME Looks like you are using an LDAP backend. I recently patched a synology NAS server (running samba 4.x.) The domain is a "classic" domain with Samba 3.6.x DC's. The NAS server lost its domain membership. I could (after some config tweeks) rejoin domain if I created the samba account 1st. (But "net rpc testjoin" is still failing. ) Some of your error messages may be similar. On 05/07/16 05:49, Meg wrote:> dear samba community, > > we have a big problem on joining a Samba 3.5.6 PDC. > Hopefully anyone has an idea/suggestion. > > When trying to join with a Samba 4.2.10 or 4.3.9 we got the following > error on client site: > > Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. > cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error > NT_STATUS_RPC_PROTOCOL_ERROR > libnet_join_ok: failed to open schannel session on netlogon pipe to > server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR > Failed to join domain: failed to verify domain membership after joining: > An RPC protocol error occurred. > > the following is logged by winbind: > > [2016/05/03 15:00:22.939792, 0] > ../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done) > Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. > [2016/05/03 15:00:22.939905, 0] > ../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key) > > cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error > NT_STATUS_RPC_PROTOCOL_ERROR > > On serversite only the following is logged: > > [2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password) > check_ntlm_password: authentication for user [MACHINENAME$] -> > [MACHINENAME$] -> [MACHINENAME$] succeeded > [2016/05/03 15:42:43.216510, 2] > passdb/pdb_ldap.c:572(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: rz-vm57$ > [2016/05/03 15:42:43.219008, 2] > passdb/pdb_ldap.c:2446(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 200 > [2016/05/03 15:42:43.219478, 2] > ../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal) > credentials check failed > [2016/05/03 15:42:43.219523, 0] > rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. > Rejecting auth request from client MACHINENAME machine account > MACHINENAME$ > > > Settings 4.2.10: > > [global] > workgroup = RZ > server string = Samba Server Version %v > security = DOMAIN > client schannel = No > client NTLMv2 auth = No > log file = /var/log/samba/log.%m > max log size = 500 > winbind nss info = rfc2307 template > require strong key = No > client ipc signing = if_required > idmap config * : backend = tdb > > Settings 4.3.9: > > [global] > workgroup = RZ > server string = Samba Server Version %v > security = DOMAIN > log file = /var/log/samba/log.%m_%u_%S > max log size = 1024 > client ipc signing = if_required > idmap config * : backend = tdb > cups options = raw > > Settings 3.5.6: > > [global] > workgroup = RZ > netbios name = RZ > server string = SMBRZ Samba Server %v > map to guest = Bad User > passdb backend = ldapsam:ldap://*** > log level = 2 > log file = /opt/samba/log/smb.log > max log size = 50000 > unix extensions = No > domain logons = Yes > os level = 99 > domain master = Yes > ldap admin dn = *** > ldap group suffix = ou=posix > ldap machine suffix = ou=machines > ldap suffix = *** > ldap user suffix = ou=people > usershare allow guests = Yes > wide links = Yes > > thx a lot, > meg >
Apparently Analagous Threads
- cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
- winbind trusted domain regression after upgrade to samba 4.2.10
- Samba4 machine fails to join in samba3 domain
- Samba4 machine fails to join in samba3 domain
- Cannot join server to Samba4 NT4 domain