Meg
2016-May-06 14:50 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
dear samba community,
we have a big problem on joining a Samba 3.5.6 PDC.
Hopefully anyone has an idea/suggestion.
When trying to join with a Samba 4.2.10 or 4.3.9 we got the following
error on client site:
Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
NT_STATUS_RPC_PROTOCOL_ERROR
libnet_join_ok: failed to open schannel session on netlogon pipe to
server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR
Failed to join domain: failed to verify domain membership after joining:
An RPC protocol error occurred.
the following is logged by winbind:
[2016/05/03 15:00:22.939792, 0]
../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done)
Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
[2016/05/03 15:00:22.939905, 0]
../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key)
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
NT_STATUS_RPC_PROTOCOL_ERROR
On serversite only the following is logged:
[2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [MACHINENAME$] ->
[MACHINENAME$] -> [MACHINENAME$] succeeded
[2016/05/03 15:42:43.216510, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: rz-vm57$
[2016/05/03 15:42:43.219008, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 200
[2016/05/03 15:42:43.219478, 2]
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
credentials check failed
[2016/05/03 15:42:43.219523, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client MACHINENAME machine account MACHINENAME$
Settings 4.2.10:
[global]
workgroup = RZ
server string = Samba Server Version %v
security = DOMAIN
client schannel = No
client NTLMv2 auth = No
log file = /var/log/samba/log.%m
max log size = 500
winbind nss info = rfc2307 template
require strong key = No
client ipc signing = if_required
idmap config * : backend = tdb
Settings 4.3.9:
[global]
workgroup = RZ
server string = Samba Server Version %v
security = DOMAIN
log file = /var/log/samba/log.%m_%u_%S
max log size = 1024
client ipc signing = if_required
idmap config * : backend = tdb
cups options = raw
Settings 3.5.6:
[global]
workgroup = RZ
netbios name = RZ
server string = SMBRZ Samba Server %v
map to guest = Bad User
passdb backend = ldapsam:ldap://***
log level = 2
log file = /opt/samba/log/smb.log
max log size = 50000
unix extensions = No
domain logons = Yes
os level = 99
domain master = Yes
ldap admin dn = ***
ldap group suffix = ou=posix
ldap machine suffix = ou=machines
ldap suffix = ***
ldap user suffix = ou=people
usershare allow guests = Yes
wide links = Yes
thx a lot,
meg
Meg
2016-May-07 09:49 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
dear samba community,
we have a big problem on joining a Samba 3.5.6 PDC.
Hopefully anyone has an idea/suggestion.
When trying to join with a Samba 4.2.10 or 4.3.9 we got the following
error on client site:
Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
NT_STATUS_RPC_PROTOCOL_ERROR
libnet_join_ok: failed to open schannel session on netlogon pipe to
server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR
Failed to join domain: failed to verify domain membership after joining:
An RPC protocol error occurred.
the following is logged by winbind:
[2016/05/03 15:00:22.939792, 0]
../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done)
Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
[2016/05/03 15:00:22.939905, 0]
../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key)
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
NT_STATUS_RPC_PROTOCOL_ERROR
On serversite only the following is logged:
[2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [MACHINENAME$] ->
[MACHINENAME$] -> [MACHINENAME$] succeeded
[2016/05/03 15:42:43.216510, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: rz-vm57$
[2016/05/03 15:42:43.219008, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 200
[2016/05/03 15:42:43.219478, 2]
../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
credentials check failed
[2016/05/03 15:42:43.219523, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client MACHINENAME machine account MACHINENAME$
Settings 4.2.10:
[global]
workgroup = RZ
server string = Samba Server Version %v
security = DOMAIN
client schannel = No
client NTLMv2 auth = No
log file = /var/log/samba/log.%m
max log size = 500
winbind nss info = rfc2307 template
require strong key = No
client ipc signing = if_required
idmap config * : backend = tdb
Settings 4.3.9:
[global]
workgroup = RZ
server string = Samba Server Version %v
security = DOMAIN
log file = /var/log/samba/log.%m_%u_%S
max log size = 1024
client ipc signing = if_required
idmap config * : backend = tdb
cups options = raw
Settings 3.5.6:
[global]
workgroup = RZ
netbios name = RZ
server string = SMBRZ Samba Server %v
map to guest = Bad User
passdb backend = ldapsam:ldap://***
log level = 2
log file = /opt/samba/log/smb.log
max log size = 50000
unix extensions = No
domain logons = Yes
os level = 99
domain master = Yes
ldap admin dn = ***
ldap group suffix = ou=posix
ldap machine suffix = ou=machines
ldap suffix = ***
ldap user suffix = ou=people
usershare allow guests = Yes
wide links = Yes
thx a lot,
meg
Gaiseric Vandal
2016-May-11 15:06 UTC
[Samba] cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
Is this a "classic" domain or AD ?
Can you precreate the samba account ?
e.g.
#smbpasswd -m -a YOURMACHINENAME
Looks like you are using an LDAP backend. I recently patched a
synology NAS server (running samba 4.x.) The domain is a "classic"
domain with Samba 3.6.x DC's. The NAS server lost its domain
membership. I could (after some config tweeks) rejoin domain if I
created the samba account 1st. (But "net rpc testjoin" is still
failing. ) Some of your error messages may be similar.
On 05/07/16 05:49, Meg wrote:> dear samba community,
>
> we have a big problem on joining a Samba 3.5.6 PDC.
> Hopefully anyone has an idea/suggestion.
>
> When trying to join with a Samba 4.2.10 or 4.3.9 we got the following
> error on client site:
>
> Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
> cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
> NT_STATUS_RPC_PROTOCOL_ERROR
> libnet_join_ok: failed to open schannel session on netlogon pipe to
> server rz-vm12 for domain RZ. Error was NT_STATUS_RPC_PROTOCOL_ERROR
> Failed to join domain: failed to verify domain membership after joining:
> An RPC protocol error occurred.
>
> the following is logged by winbind:
>
> [2016/05/03 15:00:22.939792, 0]
> ../source3/rpc_client/cli_pipe.c:1965(rpc_pipe_bind_step_one_done)
> Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
> [2016/05/03 15:00:22.939905, 0]
> ../source3/rpc_client/cli_pipe.c:3209(cli_rpc_pipe_open_schannel_with_key)
>
> cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
> NT_STATUS_RPC_PROTOCOL_ERROR
>
> On serversite only the following is logged:
>
> [2016/05/03 15:42:43.198619, 2] auth/auth.c:304(check_ntlm_password)
> check_ntlm_password: authentication for user [MACHINENAME$] ->
> [MACHINENAME$] -> [MACHINENAME$] succeeded
> [2016/05/03 15:42:43.216510, 2]
> passdb/pdb_ldap.c:572(init_sam_from_ldap)
> init_sam_from_ldap: Entry found for user: rz-vm57$
> [2016/05/03 15:42:43.219008, 2]
> passdb/pdb_ldap.c:2446(init_group_from_ldap)
> init_group_from_ldap: Entry found for group: 200
> [2016/05/03 15:42:43.219478, 2]
> ../libcli/auth/credentials.c:307(netlogon_creds_server_check_internal)
> credentials check failed
> [2016/05/03 15:42:43.219523, 0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client MACHINENAME machine account
> MACHINENAME$
>
>
> Settings 4.2.10:
>
> [global]
> workgroup = RZ
> server string = Samba Server Version %v
> security = DOMAIN
> client schannel = No
> client NTLMv2 auth = No
> log file = /var/log/samba/log.%m
> max log size = 500
> winbind nss info = rfc2307 template
> require strong key = No
> client ipc signing = if_required
> idmap config * : backend = tdb
>
> Settings 4.3.9:
>
> [global]
> workgroup = RZ
> server string = Samba Server Version %v
> security = DOMAIN
> log file = /var/log/samba/log.%m_%u_%S
> max log size = 1024
> client ipc signing = if_required
> idmap config * : backend = tdb
> cups options = raw
>
> Settings 3.5.6:
>
> [global]
> workgroup = RZ
> netbios name = RZ
> server string = SMBRZ Samba Server %v
> map to guest = Bad User
> passdb backend = ldapsam:ldap://***
> log level = 2
> log file = /opt/samba/log/smb.log
> max log size = 50000
> unix extensions = No
> domain logons = Yes
> os level = 99
> domain master = Yes
> ldap admin dn = ***
> ldap group suffix = ou=posix
> ldap machine suffix = ou=machines
> ldap suffix = ***
> ldap user suffix = ou=people
> usershare allow guests = Yes
> wide links = Yes
>
> thx a lot,
> meg
>
Possibly Parallel Threads
- cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR
- Samba4 machine fails to join in samba3 domain
- Cannot join server to Samba4 NT4 domain
- winbind trusted domain regression after upgrade to samba 4.2.10
- Samba4 machine fails to join in samba3 domain