hello Apparently something seems to be changed since 3.0.20b. I have two servers: one domain PDC and one domain member server On both servers I had set server schannel = No client schannel = No I installed 3.0.21b and I could no longer make connections to shares defined on the domain member server When I tried to add another server to the domain I got this error [root@ls-cc3-tst samba]# net rpc join -S domPDC -U root Password: [2006/02/01 12:27:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server yyyyyy for domain xxxxxx [2006/02/01 12:27:06, 0] utils/net_rpc_join.c:net_rpc_join_ok(61) Error connecting to NETLOGON pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE Unable to join domain xxxxxxx. [root@ls-cc3-tst samba]# After uncommenting the options "server schannel & client schannel" on both servers, it worked fine [root@ls-cc3-tst samba]# net rpc join -S domPDC -U root Password: Joined domain xxxxxx. ==> the secret keys appeart in /etc/samba/schannel_store.tdb So something is still not ok in libsmb/ntlmssp.c ?? kind regards werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Gerald (Jerry) Carter
2006-Feb-01 14:23 UTC
[Samba] Re: secure channel & ntlmssp in 3.0.21b
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 werner maes wrote:> > Apparently something seems to be changed since 3.0.20b.True. The rpc code has been rewritten.> I have two servers: one domain PDC and one domain member server > > On both servers I had set > server schannel = No > client schannel = No > > I installed 3.0.21b and I could no longer make connections > to shares defined on the domain member serverok. This is probably just a corner case in the test matrix. Honestly, unles there is a specific reason, you should not change the default values for these parameters. I'm assuming they were disabled in the config file at some point in the past and never removed. cheers, jerry ====================================================================I live in a Reply-to-All world ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4LmtIR7qMdg1EfYRAqqfAKDfZqImTJlsXvisEt4WuQKNKnQ86gCdEJIP jMxm01Bmt22lR/XGnJGRV70=92NG -----END PGP SIGNATURE-----
Maybe Matching Threads
- Samba 3.0.21b is not able to connect to password server
- BUG: Vfs audit module & samba 3.0.4 ==> share unacces sible
- [PATCH] pm : provide CC7/PC2 residency
- BUG: Vfs audit module & samba 3.0.4 ==> share unaccessible
- panel data analysis possible with mle2 (bbmle)?