sorry for the noise.. I missed the solution in my mail. just saw it online.. The working version for rdp login.. I can confirm also that after adding these to the smb.conf dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc auth methods = sam, winbind, ntdomain, ntdomain:winbind I was able to login with RDP also. sernet samba 4.2.1 - Windows 7 64bit. Louis>-----Oorspronkelijk bericht----- >Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >Namens L.P.H. van Belle >Verzonden: woensdag 22 april 2015 16:51 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem > >Hai, > >Same issue with sernet-samba 4.2.1 and windows 7 64bit. >On debian wheezy. > >Do you need any more info on this subject? > >Greetz, > >Louis > > > >On Thu, 2015-04-16 at 13:48 +0200, Heinz H?lzl wrote: >> Thanx for your answer! >> >> Do you need additional informations? logs, tests, ecc.. ? > >As much detail as you can get me would be very handy. > >-- >Andrew Bartlett http://samba.org/~abartlet/ >Authentication Developer, Samba Team http://samba.org >Samba Developer, Catalyst IT >http://catalyst.net.nz/services/samba > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
I can confirm that the alteration to smb.conf do indeed allow RDP, Management through the RSAT tools returns an error of "access denied" once at desktop. Removing the 'auth method' fixes RSAT but breaks RDP again... -Jeff -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682669p4684889.html Sent from the Samba - General mailing list archive at Nabble.com.
This solution breaks authentication to shares for me. Fixes the RDP hanging on welcome screen but then I get a login prompt when accessing shares, and providing the correct username/password fails. On Thu, Apr 23, 2015 at 12:42 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:> sorry for the noise.. > > I missed the solution in my mail. just saw it online.. > > The working version for rdp login.. > I can confirm also that after adding these to the smb.conf > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc > auth methods = sam, winbind, ntdomain, ntdomain:winbind > > I was able to login with RDP also. > sernet samba 4.2.1 - Windows 7 64bit. > > > Louis > > > > >>-----Oorspronkelijk bericht----- >>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >>Namens L.P.H. van Belle >>Verzonden: woensdag 22 april 2015 16:51 >>Aan: samba at lists.samba.org >>Onderwerp: Re: [Samba] samba 4.2 RDP problem >> >>Hai, >> >>Same issue with sernet-samba 4.2.1 and windows 7 64bit. >>On debian wheezy. >> >>Do you need any more info on this subject? >> >>Greetz, >> >>Louis >> >> >> >>On Thu, 2015-04-16 at 13:48 +0200, Heinz H?lzl wrote: >>> Thanx for your answer! >>> >>> Do you need additional informations? logs, tests, ecc.. ? >> >>As much detail as you can get me would be very handy. >> >>-- >>Andrew Bartlett http://samba.org/~abartlet/ >>Authentication Developer, Samba Team http://samba.org >>Samba Developer, Catalyst IT >>http://catalyst.net.nz/services/samba >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hai, I do all with RATS atm. and over RDP connection. on debian wheezy with sernet samba 4.2.1 Greetz, Louis>-----Oorspronkelijk bericht----- >Van: jbyland at huerfano.us >[mailto:samba-bounces at lists.samba.org] Namens jbyland >Verzonden: woensdag 22 april 2015 19:28 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) > >I can confirm that the alteration to smb.conf do indeed allow >RDP, Management >through the RSAT tools returns an error of "access denied" >once at desktop. >Removing the 'auth method' fixes RSAT but breaks RDP again... > >-Jeff > > > >-- >View this message in context: >http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682 >669p4684889.html >Sent from the Samba - General mailing list archive at Nabble.com. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Hi all,
I was facing the same issue (login process hanging on welcome message or
RSAT not working).
I was using a compiled Samba4 but I think it happened also using sernet
version.
Compiled version were 4.2.0 and 4.2.1.
Sernet version is 4.2.1.
This issue is solved for me using the following smb.conf:
----------------------------------------------------------------------------
# Global parameters
[global]
workgroup = DGFIP
realm = dgfip.org
netbios name = SAMBA4-DC01
server role = active directory domain controller
dns forwarder = 10.156.255.245
idmap_ldb:use rfc2307 = yes
server services = +smb -s3fs
dcerpc endpoint servers = +winreg +srvsvc
[netlogon]
path = /var/lib/samba/sysvol/dgfip.org/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
----------------------------------------------------------------------------
Hoping this help some of you, best regards,
mathias dufresne
2015-04-23 10:04 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:
> Hai,
>
> I do all with RATS atm.
> and over RDP connection.
>
> on debian wheezy with sernet samba 4.2.1
>
> Greetz,
>
> Louis
>
>
> >-----Oorspronkelijk bericht-----
> >Van: jbyland at huerfano.us
> >[mailto:samba-bounces at lists.samba.org] Namens jbyland
> >Verzonden: woensdag 22 april 2015 19:28
> >Aan: samba at lists.samba.org
> >Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
> >
> >I can confirm that the alteration to smb.conf do indeed allow
> >RDP, Management
> >through the RSAT tools returns an error of "access denied"
> >once at desktop.
> >Removing the 'auth method' fixes RSAT but breaks RDP again...
> >
> >-Jeff
> >
> >
> >
> >--
> >View this message in context:
> >http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682
> >669p4684889.html
> >Sent from the Samba - General mailing list archive at Nabble.com.
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:> sorry for the noise.. > > I missed the solution in my mail. just saw it online.. > > The working version for rdp login.. > I can confirm also that after adding these to the smb.conf > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc > auth methods = sam, winbind, ntdomain, ntdomain:winbind > > I was able to login with RDP also. > sernet samba 4.2.1 - Windows 7 64bit. >To be VERY clear, neither of these things are solutions. They are debugging aids, but running in either of these configurations in the long term (I say this because in Samba, suggestions like this turn up in google for years) will just result in pain. 'smb' means the NTVFS file server, and while quite capable, and still tested, it hasn't been worked on in years, and has no support for things like POSIX ACLS, SMB3, VFS modules and unix extensions. the changes to 'auth methods' makes the server behave in a weird combination of an NT4 DC and an AD DC. That said, I find it most intriguing that these help, and that information has been recorded on the bug, and will assist those who made the change between 4.1 and 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hai..
After a new setup i was confronted again with the unable to login with RDP.
so here is some extra info for the debugging this.
I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the
pc.
and again unable to login.
since im trying to setup a smb.conf with minimal changes, i only added :
auth methods = sam, winbind
restarted samba on both DC's
and yes.. im able to login again, ADUC works, i can add users .. and DNS tool
did also work fine.
So i hope this info helps in debugging ..
config file used,
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.TESTING
netbios name = DC1
server role = active directory domain controller
server services = -dns
auth methods = sam, winbind
idmap_ldb:use rfc2307 = yes
interfaces = 127.0.0.1 192.168.0.1
bind interfaces only = yes
time server = yes
wins support = yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : range = 10000-3999999
# Use home directory and shell information from AD
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind expand groups = 3
Greetings,
Louis
>-----Oorspronkelijk bericht-----
>Van: Andrew Bartlett [mailto:abartlet at samba.org]
>Verzonden: maandag 27 april 2015 8:37
>Aan: L.P.H. van Belle
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved)
>
>On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:
>> sorry for the noise..
>>
>> I missed the solution in my mail. just saw it online..
>>
>> The working version for rdp login..
>> I can confirm also that after adding these to the smb.conf
>>
>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
>browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc
>> auth methods = sam, winbind, ntdomain, ntdomain:winbind
>>
>> I was able to login with RDP also.
>> sernet samba 4.2.1 - Windows 7 64bit.
>>
>
>To be VERY clear, neither of these things are solutions. They are
>debugging aids, but running in either of these configurations in the
>long term (I say this because in Samba, suggestions like this
>turn up in
>google for years) will just result in pain.
>
>'smb' means the NTVFS file server, and while quite capable, and
still
>tested, it hasn't been worked on in years, and has no support
>for things
>like POSIX ACLS, SMB3, VFS modules and unix extensions.
>
>the changes to 'auth methods' makes the server behave in a weird
>combination of an NT4 DC and an AD DC.
>
>That said, I find it most intriguing that these help, and that
>information has been recorded on the bug, and will assist
>those who made
>the change between 4.1 and 4.2.
>
>Andrew Bartlett
>
>--
>Andrew Bartlett http://samba.org/~abartlet/
>Authentication Developer, Samba Team http://samba.org
>Samba Developer, Catalyst IT
>http://catalyst.net.nz/services/samba
>
>
>
Hi Louis, Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:> Hai.. > > After a new setup i was confronted again with the unable to login with RDP. > so here is some extra info for the debugging this. > > I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. > and again unable to login. > > since im trying to setup a smb.conf with minimal changes, i only added : > auth methods = sam, winbind > > restarted samba on both DC's > > and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. > So i hope this info helps in debugging .. > > config file used, > # Global parameters > [global] > workgroup = DOMAIN > realm = DOMAIN.TESTING > netbios name = DC1 > server role = active directory domain controller > server services = -dns > auth methods = sam, winbind > idmap_ldb:use rfc2307 = yes > > interfaces = 127.0.0.1 192.168.0.1 > bind interfaces only = yes > time server = yes > wins support = yes > > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > idmap config DOMAIN : backend = ad > idmap config DOMAIN : schema_mode = rfc2307 > idmap config DOMAIN : range = 10000-3999999 > > # Use home directory and shell information from AD > winbind nss info = rfc2307 > > winbind trusted domains only = no > winbind use default domain = yes > winbind expand groups = 3 > > > Greetings, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: Andrew Bartlett [mailto:abartlet at samba.org] >> Verzonden: maandag 27 april 2015 8:37 >> Aan: L.P.H. van Belle >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) >> >> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >>> sorry for the noise.. >>> >>> I missed the solution in my mail. just saw it online.. >>> >>> The working version for rdp login.. >>> I can confirm also that after adding these to the smb.conf >>> >>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >>> auth methods = sam, winbind, ntdomain, ntdomain:winbind >>> >>> I was able to login with RDP also. >>> sernet samba 4.2.1 - Windows 7 64bit. >>> >> To be VERY clear, neither of these things are solutions. They are >> debugging aids, but running in either of these configurations in the >> long term (I say this because in Samba, suggestions like this >> turn up in >> google for years) will just result in pain. >> >> 'smb' means the NTVFS file server, and while quite capable, and still >> tested, it hasn't been worked on in years, and has no support >> for things >> like POSIX ACLS, SMB3, VFS modules and unix extensions. >> >> the changes to 'auth methods' makes the server behave in a weird >> combination of an NT4 DC and an AD DC. >> >> That said, I find it most intriguing that these help, and that >> information has been recorded on the bug, and will assist >> those who made >> the change between 4.1 and 4.2. >> >> Andrew Bartlett >> >> -- >> Andrew Bartlett http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> Samba Developer, Catalyst IT >> http://catalyst.net.nz/services/samba >> >> >>Looking at the smb.conf manpage the winbind method is prefered in most cases. Also I read the manual as the entries are tried in the order used in smb.conf. Can you test if it also works with "auth methods = winbind sam", seems to me to be an even less intrusive modification. :-) achim~
Hai Achim, i have tested the following : auth methods = winbind result RDP login works, ADUC does not work. test with : auth methods = winbind, sam RDP and ADUC works, DNS tools also works. logged in as DOMAIN\administrator Greetz, Louis>-----Oorspronkelijk bericht----- >Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org] >Namens Achim Gottinger >Verzonden: donderdag 30 april 2015 15:52 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem (extra debug info) > >Hi Louis, > >Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle: >> Hai.. >> >> After a new setup i was confronted again with the unable to >login with RDP. >> so here is some extra info for the debugging this. >> >> I used RDP to connect a Windows 7 64 bit, connected in rdp >with ipadres of the pc. >> and again unable to login. >> >> since im trying to setup a smb.conf with minimal changes, i >only added : >> auth methods = sam, winbind >> >> restarted samba on both DC's >> >> and yes.. im able to login again, ADUC works, i can add >users .. and DNS tool did also work fine. >> So i hope this info helps in debugging .. >> >> config file used, >> # Global parameters >> [global] >> workgroup = DOMAIN >> realm = DOMAIN.TESTING >> netbios name = DC1 >> server role = active directory domain controller >> server services = -dns >> auth methods = sam, winbind >> idmap_ldb:use rfc2307 = yes >> >> interfaces = 127.0.0.1 192.168.0.1 >> bind interfaces only = yes >> time server = yes >> wins support = yes >> >> idmap config * : backend = tdb >> idmap config * : range = 2000-9999 >> idmap config DOMAIN : backend = ad >> idmap config DOMAIN : schema_mode = rfc2307 >> idmap config DOMAIN : range = 10000-3999999 >> >> # Use home directory and shell information from AD >> winbind nss info = rfc2307 >> >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind expand groups = 3 >> >> >> Greetings, >> >> Louis >> >> >>> -----Oorspronkelijk bericht----- >>> Van: Andrew Bartlett [mailto:abartlet at samba.org] >>> Verzonden: maandag 27 april 2015 8:37 >>> Aan: L.P.H. van Belle >>> CC: samba at lists.samba.org >>> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) >>> >>> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >>>> sorry for the noise.. >>>> >>>> I missed the solution in my mail. just saw it online.. >>>> >>>> The working version for rdp login.. >>>> I can confirm also that after adding these to the smb.conf >>>> >>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >>> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >>>> auth methods = sam, winbind, ntdomain, ntdomain:winbind >>>> >>>> I was able to login with RDP also. >>>> sernet samba 4.2.1 - Windows 7 64bit. >>>> >>> To be VERY clear, neither of these things are solutions. They are >>> debugging aids, but running in either of these configurations in the >>> long term (I say this because in Samba, suggestions like this >>> turn up in >>> google for years) will just result in pain. >>> >>> 'smb' means the NTVFS file server, and while quite capable, >and still >>> tested, it hasn't been worked on in years, and has no support >>> for things >>> like POSIX ACLS, SMB3, VFS modules and unix extensions. >>> >>> the changes to 'auth methods' makes the server behave in a weird >>> combination of an NT4 DC and an AD DC. >>> >>> That said, I find it most intriguing that these help, and that >>> information has been recorded on the bug, and will assist >>> those who made >>> the change between 4.1 and 4.2. >>> >>> Andrew Bartlett >>> >>> -- >>> Andrew Bartlett http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> Samba Developer, Catalyst IT >>> http://catalyst.net.nz/services/samba >>> >>> >>> >Looking at the smb.conf manpage the winbind method is prefered in most >cases. Also I read the manual as the entries are tried in the >order used >in smb.conf. Can you test if it also works with "auth methods >= winbind >sam", seems to me to be an even less intrusive modification. :-) > >achim~ > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On Thu, 2015-04-30 at 15:31 +0200, L.P.H. van Belle wrote:> Hai.. > > After a new setup i was confronted again with the unable to login with RDP. > so here is some extra info for the debugging this. > > I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. > and again unable to login. > > since im trying to setup a smb.conf with minimal changes, i only added : > auth methods = sam, winbind > > restarted samba on both DC's > > and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. > So i hope this info helps in debugging ..Please re-try with git master, as I understand patches to fix this have been committed. If that doesn't help, can you get a level 10 debug with this, and with the default configuration, and put it on bug https://bugzilla.samba.org/show_bug.cgi?id=11061 I need specifically the time that the hang happens. As a developer I still don't see how this area of code changes with a change to the auth methods, so I'm most curious but even more so, most puzzled . Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba