> Hello Heinz, > > Am 13.03.2015 um 18:26 schrieb Heinz H?lzl: > > i did some tests wit samba 4.2 as a ADS DC on arch linux. > > On a Win8.1 client i can do local logins as every user, > > i can login via RDP as local user, but i am not able to > > login as a domain user via RDP. > > After the loginscreen, appears "Welcome" and the > > mousepointer continues to spinn.... > > > > Same issue on Ubuntu 14.04, samba 4.2 installed from source. > > > > On Ubuntu and samba 4.1.17 (installed also from source) all works fine. > > I don't have 4.2 in production at work. But I tried in my test > environment here at home (2 DCs - both 4.2.0): > > RDP > Win10 -> Win81: OK > Win10 -> Win7: OK > Win81 -> Win7: OK > Win7 -> Win81: OK > > For testing I created a new user (no home drive, no logonscript, no > server base profile, etc.) in AD and allowed the domain group "domain > users" to login via RDP on all three machines. > > I can't see a problem here. > > * What does the Windows event log says? > * Any interesting messages on your DC logfile? > * Can you temporary disable logonscript, connection of home drive, etc.)? > > > Regards, > Marchi, i see nothing in the eventviewer, and no errors in the samba logs. With samba 4.1.17 i can see a lot of rpc commands: ... 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787) api_pipe_bind_req: winreg -> winreg rpc service check_bind_req for \winreg check_bind_req: winreg -> winreg rpc service ldb_wrap open of secrets.ldb check_bind_req for \winreg check_bind_req: winreg -> winreg rpc service ldb_wrap open of privilege.ldb api_rpcTNP: rpc command: WINREG_OPENHKLM api_pipe_bind_req: winreg -> winreg rpc service check_bind_req for \winreg check_bind_req: winreg -> winreg rpc service api_rpcTNP: rpc command: WINREG_OPENHKLM api_rpcTNP: rpc command: WINREG_GETVERSION api_rpcTNP: rpc command: WINREG_OPENKEY api_rpcTNP: rpc command: WINREG_QUERYVALUE api_rpcTNP: rpc command: WINREG_QUERYVALUE api_rpcTNP: rpc command: WINREG_QUERYVALUE api_rpcTNP: rpc command: WINREG_QUERYVALUE ..... on samba 4.2.0 there is olnly the first rpc command: ... 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341) api_pipe_bind_req: winreg -> winreg rpc service check_bind_req for winreg check_bind_req: winreg -> winreg rpc service ldb_wrap open of secrets.ldb check_bind_req for winreg check_bind_req: winreg -> winreg rpc service ldb_wrap open of privilege.ldb api_rpcTNP: rpc command: WINREG_OPENHKLM and here the login hangs... If the login via RDP hangs, after a restart of the samba services the login works fine. Then after a reboot of die client machne the problem returns and i can not login via RDP as Domain user. This is a test environment, and i am testing with a fresh-new user wihtout logonscripts, homedrive mappings ecc.. The smb.conf if the original generated from the "samba-tool domain provision" Regards, heinz
> > Hello Heinz, > > > > Am 13.03.2015 um 18:26 schrieb Heinz H?lzl: > > > i did some tests wit samba 4.2 as a ADS DC on arch linux. > > > On a Win8.1 client i can do local logins as every user, > > > i can login via RDP as local user, but i am not able to > > > login as a domain user via RDP. > > > After the loginscreen, appears "Welcome" and the > > > mousepointer continues to spinn.... > > > > > > Same issue on Ubuntu 14.04, samba 4.2 installed from source. > > > > > > On Ubuntu and samba 4.1.17 (installed also from source) all works fine. > > > > I don't have 4.2 in production at work. But I tried in my test > > environment here at home (2 DCs - both 4.2.0): > > > > RDP > > Win10 -> Win81: OK > > Win10 -> Win7: OK > > Win81 -> Win7: OK > > Win7 -> Win81: OK > > > > For testing I created a new user (no home drive, no logonscript, no > > server base profile, etc.) in AD and allowed the domain group "domain > > users" to login via RDP on all three machines. > > > > I can't see a problem here. > > > > * What does the Windows event log says? > > * Any interesting messages on your DC logfile? > > * Can you temporary disable logonscript, connection of home drive, etc.)? > > > > > > Regards, > > Marc > > hi, > > i see nothing in the eventviewer, and no errors in the samba logs. > > With samba 4.1.17 i can see a lot of rpc commands: > ... > > 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787) > api_pipe_bind_req: winreg -> winreg rpc service > check_bind_req for \winreg > check_bind_req: winreg -> winreg rpc service > ldb_wrap open of secrets.ldb > check_bind_req for \winreg > check_bind_req: winreg -> winreg rpc service > ldb_wrap open of privilege.ldb > api_rpcTNP: rpc command: WINREG_OPENHKLM > api_pipe_bind_req: winreg -> winreg rpc service > check_bind_req for \winreg > check_bind_req: winreg -> winreg rpc service > api_rpcTNP: rpc command: WINREG_OPENHKLM > api_rpcTNP: rpc command: WINREG_GETVERSION > api_rpcTNP: rpc command: WINREG_OPENKEY > api_rpcTNP: rpc command: WINREG_QUERYVALUE > api_rpcTNP: rpc command: WINREG_QUERYVALUE > api_rpcTNP: rpc command: WINREG_QUERYVALUE > api_rpcTNP: rpc command: WINREG_QUERYVALUE > ..... > > > on samba 4.2.0 there is olnly the first rpc command: > ... > 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341) > api_pipe_bind_req: winreg -> winreg rpc service > check_bind_req for winreg > check_bind_req: winreg -> winreg rpc service > ldb_wrap open of secrets.ldb > check_bind_req for winreg > check_bind_req: winreg -> winreg rpc service > ldb_wrap open of privilege.ldb > api_rpcTNP: rpc command: WINREG_OPENHKLM > > and here the login hangs...Edit: I used wireshark to compare the communication between client and server: On samba 4.1.17 in the log.smbd there is a WINREG_OPENHKLM request. on Wireshark i see the following: - WINREG: OPENHKLM request - SMB2: Read Request File: winreg - SMB2: Read Response, Error: STATUS_END_OF_FILE - SMB2: Close Request File: winfre - SMB2: Close Response ... On samba 4.2.0 in the log.smbd there is a WINREG_OPENHKLM request. on Wireshark i see the following: - WINREG: OPENHKLM request - SMB2: Read Request File: winreg - SMB2: Read Response, Error: STATUS_PENDING
Hi, On Tue, 17 Mar 2015, Heinz H?lzl wrote:>>> Hello Heinz, >>> >>> Am 13.03.2015 um 18:26 schrieb Heinz H?lzl: >>>> i did some tests wit samba 4.2 as a ADS DC on arch linux. >>>> On a Win8.1 client i can do local logins as every user, >>>> i can login via RDP as local user, but i am not able to >>>> login as a domain user via RDP. >>>> After the loginscreen, appears "Welcome" and the >>>> mousepointer continues to spinn.... >>>> >>>> Same issue on Ubuntu 14.04, samba 4.2 installed from source. >>>> >>>> On Ubuntu and samba 4.1.17 (installed also from source) all works fine. >>> >>> I don't have 4.2 in production at work. But I tried in my test >>> environment here at home (2 DCs - both 4.2.0): >>> >>> RDP >>> Win10 -> Win81: OK >>> Win10 -> Win7: OK >>> Win81 -> Win7: OK >>> Win7 -> Win81: OK >>> >>> For testing I created a new user (no home drive, no logonscript, no >>> server base profile, etc.) in AD and allowed the domain group "domain >>> users" to login via RDP on all three machines. >>> >>> I can't see a problem here. >>> >>> * What does the Windows event log says? >>> * Any interesting messages on your DC logfile? >>> * Can you temporary disable logonscript, connection of home drive, etc.)? >>> >>> >>> Regards, >>> Marc >> >> hi, >> >> i see nothing in the eventviewer, and no errors in the samba logs. >> >> With samba 4.1.17 i can see a lot of rpc commands: >> ... >> >> 100.1.254.101 (ipv4:100.1.254.101:56215) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 3787) >> api_pipe_bind_req: winreg -> winreg rpc service >> check_bind_req for \winreg >> check_bind_req: winreg -> winreg rpc service >> ldb_wrap open of secrets.ldb >> check_bind_req for \winreg >> check_bind_req: winreg -> winreg rpc service >> ldb_wrap open of privilege.ldb >> api_rpcTNP: rpc command: WINREG_OPENHKLM >> api_pipe_bind_req: winreg -> winreg rpc service >> check_bind_req for \winreg >> check_bind_req: winreg -> winreg rpc service >> api_rpcTNP: rpc command: WINREG_OPENHKLM >> api_rpcTNP: rpc command: WINREG_GETVERSION >> api_rpcTNP: rpc command: WINREG_OPENKEY >> api_rpcTNP: rpc command: WINREG_QUERYVALUE >> api_rpcTNP: rpc command: WINREG_QUERYVALUE >> api_rpcTNP: rpc command: WINREG_QUERYVALUE >> api_rpcTNP: rpc command: WINREG_QUERYVALUE >> ..... >> >> >> on samba 4.2.0 there is olnly the first rpc command: >> ... >> 100.1.254.101 (ipv4:100.1.254.101:56203) connect to service IPC$ initially as user KLINGONS\PRAXIS$ (uid=3000017, gid=3000018) (pid 6341) >> api_pipe_bind_req: winreg -> winreg rpc service >> check_bind_req for winreg >> check_bind_req: winreg -> winreg rpc service >> ldb_wrap open of secrets.ldb >> check_bind_req for winreg >> check_bind_req: winreg -> winreg rpc service >> ldb_wrap open of privilege.ldb >> api_rpcTNP: rpc command: WINREG_OPENHKLM >> >> and here the login hangs... > > > > > Edit: > I used wireshark to compare the communication between client and server: > > On samba 4.1.17 > in the log.smbd there is a WINREG_OPENHKLM request. > on Wireshark i see the following: > - WINREG: OPENHKLM request > - SMB2: Read Request File: winreg > - SMB2: Read Response, Error: STATUS_END_OF_FILE > - SMB2: Close Request File: winfre > - SMB2: Close Response > ... > > On samba 4.2.0 > in the log.smbd there is a WINREG_OPENHKLM request. > on Wireshark i see the following: > - WINREG: OPENHKLM request > - SMB2: Read Request File: winreg > - SMB2: Read Response, Error: STATUS_PENDINGI too am seeing this problem. I just setup a new Domain on a single 4.2 DC compiled from src (No sernet rpms available yet) :-( running on a Centos 7 VM. I have 3 win 7 machines in my office. If I login to the console using a domain account and then try to rdp to that machine I immediatly get a login prompt as expected. Once I put in the username and passwd, the welcome screen and the spinning cursor come up and that is as far as I can get. I left this run for over an hour but was never able to login. It does not matter which machine I rdp to. The results are the same. Also, the console on the machine I am trying to establish the rdp session with, never locks. I can login to any local machine account via rdp and it works as advertised. I did look at a packet dump on the machine I am trying to rdp to and I see the above packets in the output. I do not have a 4.1 controller to test with. If someone wants to see a .pcap file, let me know. Most of the traffic in the .pcap file is between the 2 machines trying to establish the rdp session. There are only a few packets going to the DC. Anyone have any ideas how to troubleshoot this? Regards, -- Tom me at tdiehl.org Spamtrap address me123 at tdiehl.org
Hi Heinz, did you ever resolved this RDP issue? Or found any hints about the possible DNS problems? We run into the same problem here with Win 8.1 Pro clients. Thanks for you answer. schnaggy -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682669p4684100.html Sent from the Samba - General mailing list archive at Nabble.com.
Hi Heinz, did you ever resolved this RDP issue? Or found any hints about the possible DNS problems? We run into the same problem here with Win 8.1 Pro clients. Thanks for you answer. schnaggy -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682669p4684105.html Sent from the Samba - General mailing list archive at Nabble.com.