sorry for the noise.. I missed the solution in my mail. just saw it online.. The working version for rdp login.. I can confirm also that after adding these to the smb.conf dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc auth methods = sam, winbind, ntdomain, ntdomain:winbind I was able to login with RDP also. sernet samba 4.2.1 - Windows 7 64bit. Louis>-----Oorspronkelijk bericht----- >Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >Namens L.P.H. van Belle >Verzonden: woensdag 22 april 2015 16:51 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem > >Hai, > >Same issue with sernet-samba 4.2.1 and windows 7 64bit. >On debian wheezy. > >Do you need any more info on this subject? > >Greetz, > >Louis > > > >On Thu, 2015-04-16 at 13:48 +0200, Heinz H?lzl wrote: >> Thanx for your answer! >> >> Do you need additional informations? logs, tests, ecc.. ? > >As much detail as you can get me would be very handy. > >-- >Andrew Bartlett http://samba.org/~abartlet/ >Authentication Developer, Samba Team http://samba.org >Samba Developer, Catalyst IT >http://catalyst.net.nz/services/samba > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
I can confirm that the alteration to smb.conf do indeed allow RDP, Management through the RSAT tools returns an error of "access denied" once at desktop. Removing the 'auth method' fixes RSAT but breaks RDP again... -Jeff -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682669p4684889.html Sent from the Samba - General mailing list archive at Nabble.com.
This solution breaks authentication to shares for me. Fixes the RDP hanging on welcome screen but then I get a login prompt when accessing shares, and providing the correct username/password fails. On Thu, Apr 23, 2015 at 12:42 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:> sorry for the noise.. > > I missed the solution in my mail. just saw it online.. > > The working version for rdp login.. > I can confirm also that after adding these to the smb.conf > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc > auth methods = sam, winbind, ntdomain, ntdomain:winbind > > I was able to login with RDP also. > sernet samba 4.2.1 - Windows 7 64bit. > > > Louis > > > > >>-----Oorspronkelijk bericht----- >>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >>Namens L.P.H. van Belle >>Verzonden: woensdag 22 april 2015 16:51 >>Aan: samba at lists.samba.org >>Onderwerp: Re: [Samba] samba 4.2 RDP problem >> >>Hai, >> >>Same issue with sernet-samba 4.2.1 and windows 7 64bit. >>On debian wheezy. >> >>Do you need any more info on this subject? >> >>Greetz, >> >>Louis >> >> >> >>On Thu, 2015-04-16 at 13:48 +0200, Heinz H?lzl wrote: >>> Thanx for your answer! >>> >>> Do you need additional informations? logs, tests, ecc.. ? >> >>As much detail as you can get me would be very handy. >> >>-- >>Andrew Bartlett http://samba.org/~abartlet/ >>Authentication Developer, Samba Team http://samba.org >>Samba Developer, Catalyst IT >>http://catalyst.net.nz/services/samba >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hai, I do all with RATS atm. and over RDP connection. on debian wheezy with sernet samba 4.2.1 Greetz, Louis>-----Oorspronkelijk bericht----- >Van: jbyland at huerfano.us >[mailto:samba-bounces at lists.samba.org] Namens jbyland >Verzonden: woensdag 22 april 2015 19:28 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) > >I can confirm that the alteration to smb.conf do indeed allow >RDP, Management >through the RSAT tools returns an error of "access denied" >once at desktop. >Removing the 'auth method' fixes RSAT but breaks RDP again... > >-Jeff > > > >-- >View this message in context: >http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682 >669p4684889.html >Sent from the Samba - General mailing list archive at Nabble.com. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Hi all, I was facing the same issue (login process hanging on welcome message or RSAT not working). I was using a compiled Samba4 but I think it happened also using sernet version. Compiled version were 4.2.0 and 4.2.1. Sernet version is 4.2.1. This issue is solved for me using the following smb.conf: ---------------------------------------------------------------------------- # Global parameters [global] workgroup = DGFIP realm = dgfip.org netbios name = SAMBA4-DC01 server role = active directory domain controller dns forwarder = 10.156.255.245 idmap_ldb:use rfc2307 = yes server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc [netlogon] path = /var/lib/samba/sysvol/dgfip.org/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No ---------------------------------------------------------------------------- Hoping this help some of you, best regards, mathias dufresne 2015-04-23 10:04 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:> Hai, > > I do all with RATS atm. > and over RDP connection. > > on debian wheezy with sernet samba 4.2.1 > > Greetz, > > Louis > > > >-----Oorspronkelijk bericht----- > >Van: jbyland at huerfano.us > >[mailto:samba-bounces at lists.samba.org] Namens jbyland > >Verzonden: woensdag 22 april 2015 19:28 > >Aan: samba at lists.samba.org > >Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) > > > >I can confirm that the alteration to smb.conf do indeed allow > >RDP, Management > >through the RSAT tools returns an error of "access denied" > >once at desktop. > >Removing the 'auth method' fixes RSAT but breaks RDP again... > > > >-Jeff > > > > > > > >-- > >View this message in context: > >http://samba.2283325.n4.nabble.com/samba-4-2-RDP-problem-tp4682 > >669p4684889.html > >Sent from the Samba - General mailing list archive at Nabble.com. > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/options/samba > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote:> sorry for the noise.. > > I missed the solution in my mail. just saw it online.. > > The working version for rdp login.. > I can confirm also that after adding these to the smb.conf > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc > auth methods = sam, winbind, ntdomain, ntdomain:winbind > > I was able to login with RDP also. > sernet samba 4.2.1 - Windows 7 64bit. >To be VERY clear, neither of these things are solutions. They are debugging aids, but running in either of these configurations in the long term (I say this because in Samba, suggestions like this turn up in google for years) will just result in pain. 'smb' means the NTVFS file server, and while quite capable, and still tested, it hasn't been worked on in years, and has no support for things like POSIX ACLS, SMB3, VFS modules and unix extensions. the changes to 'auth methods' makes the server behave in a weird combination of an NT4 DC and an AD DC. That said, I find it most intriguing that these help, and that information has been recorded on the bug, and will assist those who made the change between 4.1 and 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hai.. After a new setup i was confronted again with the unable to login with RDP. so here is some extra info for the debugging this. I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. and again unable to login. since im trying to setup a smb.conf with minimal changes, i only added : auth methods = sam, winbind restarted samba on both DC's and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. So i hope this info helps in debugging .. config file used, # Global parameters [global] workgroup = DOMAIN realm = DOMAIN.TESTING netbios name = DC1 server role = active directory domain controller server services = -dns auth methods = sam, winbind idmap_ldb:use rfc2307 = yes interfaces = 127.0.0.1 192.168.0.1 bind interfaces only = yes time server = yes wins support = yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config DOMAIN : backend = ad idmap config DOMAIN : schema_mode = rfc2307 idmap config DOMAIN : range = 10000-3999999 # Use home directory and shell information from AD winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind expand groups = 3 Greetings, Louis>-----Oorspronkelijk bericht----- >Van: Andrew Bartlett [mailto:abartlet at samba.org] >Verzonden: maandag 27 april 2015 8:37 >Aan: L.P.H. van Belle >CC: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) > >On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >> sorry for the noise.. >> >> I missed the solution in my mail. just saw it online.. >> >> The working version for rdp login.. >> I can confirm also that after adding these to the smb.conf >> >> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >> auth methods = sam, winbind, ntdomain, ntdomain:winbind >> >> I was able to login with RDP also. >> sernet samba 4.2.1 - Windows 7 64bit. >> > >To be VERY clear, neither of these things are solutions. They are >debugging aids, but running in either of these configurations in the >long term (I say this because in Samba, suggestions like this >turn up in >google for years) will just result in pain. > >'smb' means the NTVFS file server, and while quite capable, and still >tested, it hasn't been worked on in years, and has no support >for things >like POSIX ACLS, SMB3, VFS modules and unix extensions. > >the changes to 'auth methods' makes the server behave in a weird >combination of an NT4 DC and an AD DC. > >That said, I find it most intriguing that these help, and that >information has been recorded on the bug, and will assist >those who made >the change between 4.1 and 4.2. > >Andrew Bartlett > >-- >Andrew Bartlett http://samba.org/~abartlet/ >Authentication Developer, Samba Team http://samba.org >Samba Developer, Catalyst IT >http://catalyst.net.nz/services/samba > > >
Hi Louis, Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:> Hai.. > > After a new setup i was confronted again with the unable to login with RDP. > so here is some extra info for the debugging this. > > I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. > and again unable to login. > > since im trying to setup a smb.conf with minimal changes, i only added : > auth methods = sam, winbind > > restarted samba on both DC's > > and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. > So i hope this info helps in debugging .. > > config file used, > # Global parameters > [global] > workgroup = DOMAIN > realm = DOMAIN.TESTING > netbios name = DC1 > server role = active directory domain controller > server services = -dns > auth methods = sam, winbind > idmap_ldb:use rfc2307 = yes > > interfaces = 127.0.0.1 192.168.0.1 > bind interfaces only = yes > time server = yes > wins support = yes > > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > idmap config DOMAIN : backend = ad > idmap config DOMAIN : schema_mode = rfc2307 > idmap config DOMAIN : range = 10000-3999999 > > # Use home directory and shell information from AD > winbind nss info = rfc2307 > > winbind trusted domains only = no > winbind use default domain = yes > winbind expand groups = 3 > > > Greetings, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: Andrew Bartlett [mailto:abartlet at samba.org] >> Verzonden: maandag 27 april 2015 8:37 >> Aan: L.P.H. van Belle >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) >> >> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >>> sorry for the noise.. >>> >>> I missed the solution in my mail. just saw it online.. >>> >>> The working version for rdp login.. >>> I can confirm also that after adding these to the smb.conf >>> >>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >>> auth methods = sam, winbind, ntdomain, ntdomain:winbind >>> >>> I was able to login with RDP also. >>> sernet samba 4.2.1 - Windows 7 64bit. >>> >> To be VERY clear, neither of these things are solutions. They are >> debugging aids, but running in either of these configurations in the >> long term (I say this because in Samba, suggestions like this >> turn up in >> google for years) will just result in pain. >> >> 'smb' means the NTVFS file server, and while quite capable, and still >> tested, it hasn't been worked on in years, and has no support >> for things >> like POSIX ACLS, SMB3, VFS modules and unix extensions. >> >> the changes to 'auth methods' makes the server behave in a weird >> combination of an NT4 DC and an AD DC. >> >> That said, I find it most intriguing that these help, and that >> information has been recorded on the bug, and will assist >> those who made >> the change between 4.1 and 4.2. >> >> Andrew Bartlett >> >> -- >> Andrew Bartlett http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> Samba Developer, Catalyst IT >> http://catalyst.net.nz/services/samba >> >> >>Looking at the smb.conf manpage the winbind method is prefered in most cases. Also I read the manual as the entries are tried in the order used in smb.conf. Can you test if it also works with "auth methods = winbind sam", seems to me to be an even less intrusive modification. :-) achim~
Hai Achim, i have tested the following : auth methods = winbind result RDP login works, ADUC does not work. test with : auth methods = winbind, sam RDP and ADUC works, DNS tools also works. logged in as DOMAIN\administrator Greetz, Louis>-----Oorspronkelijk bericht----- >Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org] >Namens Achim Gottinger >Verzonden: donderdag 30 april 2015 15:52 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] samba 4.2 RDP problem (extra debug info) > >Hi Louis, > >Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle: >> Hai.. >> >> After a new setup i was confronted again with the unable to >login with RDP. >> so here is some extra info for the debugging this. >> >> I used RDP to connect a Windows 7 64 bit, connected in rdp >with ipadres of the pc. >> and again unable to login. >> >> since im trying to setup a smb.conf with minimal changes, i >only added : >> auth methods = sam, winbind >> >> restarted samba on both DC's >> >> and yes.. im able to login again, ADUC works, i can add >users .. and DNS tool did also work fine. >> So i hope this info helps in debugging .. >> >> config file used, >> # Global parameters >> [global] >> workgroup = DOMAIN >> realm = DOMAIN.TESTING >> netbios name = DC1 >> server role = active directory domain controller >> server services = -dns >> auth methods = sam, winbind >> idmap_ldb:use rfc2307 = yes >> >> interfaces = 127.0.0.1 192.168.0.1 >> bind interfaces only = yes >> time server = yes >> wins support = yes >> >> idmap config * : backend = tdb >> idmap config * : range = 2000-9999 >> idmap config DOMAIN : backend = ad >> idmap config DOMAIN : schema_mode = rfc2307 >> idmap config DOMAIN : range = 10000-3999999 >> >> # Use home directory and shell information from AD >> winbind nss info = rfc2307 >> >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind expand groups = 3 >> >> >> Greetings, >> >> Louis >> >> >>> -----Oorspronkelijk bericht----- >>> Van: Andrew Bartlett [mailto:abartlet at samba.org] >>> Verzonden: maandag 27 april 2015 8:37 >>> Aan: L.P.H. van Belle >>> CC: samba at lists.samba.org >>> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) >>> >>> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >>>> sorry for the noise.. >>>> >>>> I missed the solution in my mail. just saw it online.. >>>> >>>> The working version for rdp login.. >>>> I can confirm also that after adding these to the smb.conf >>>> >>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >>> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >>>> auth methods = sam, winbind, ntdomain, ntdomain:winbind >>>> >>>> I was able to login with RDP also. >>>> sernet samba 4.2.1 - Windows 7 64bit. >>>> >>> To be VERY clear, neither of these things are solutions. They are >>> debugging aids, but running in either of these configurations in the >>> long term (I say this because in Samba, suggestions like this >>> turn up in >>> google for years) will just result in pain. >>> >>> 'smb' means the NTVFS file server, and while quite capable, >and still >>> tested, it hasn't been worked on in years, and has no support >>> for things >>> like POSIX ACLS, SMB3, VFS modules and unix extensions. >>> >>> the changes to 'auth methods' makes the server behave in a weird >>> combination of an NT4 DC and an AD DC. >>> >>> That said, I find it most intriguing that these help, and that >>> information has been recorded on the bug, and will assist >>> those who made >>> the change between 4.1 and 4.2. >>> >>> Andrew Bartlett >>> >>> -- >>> Andrew Bartlett http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> Samba Developer, Catalyst IT >>> http://catalyst.net.nz/services/samba >>> >>> >>> >Looking at the smb.conf manpage the winbind method is prefered in most >cases. Also I read the manual as the entries are tried in the >order used >in smb.conf. Can you test if it also works with "auth methods >= winbind >sam", seems to me to be an even less intrusive modification. :-) > >achim~ > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On Thu, 2015-04-30 at 15:31 +0200, L.P.H. van Belle wrote:> Hai.. > > After a new setup i was confronted again with the unable to login with RDP. > so here is some extra info for the debugging this. > > I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. > and again unable to login. > > since im trying to setup a smb.conf with minimal changes, i only added : > auth methods = sam, winbind > > restarted samba on both DC's > > and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. > So i hope this info helps in debugging ..Please re-try with git master, as I understand patches to fix this have been committed. If that doesn't help, can you get a level 10 debug with this, and with the default configuration, and put it on bug https://bugzilla.samba.org/show_bug.cgi?id=11061 I need specifically the time that the hang happens. As a developer I still don't see how this area of code changes with a change to the auth methods, so I'm most curious but even more so, most puzzled . Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba