RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1413620 - net rpc shutdown fails with "NT_STATUS_ACCESS_DENIED"
Summary: net rpc shutdown fails with "NT_STATUS_ACCESS_DENIED"
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: samba
Version: 6.8
Hardware: Unspecified
OS: Windows
unspecified
high
Target Milestone: rc
: ---
Assignee: Andreas Schneider
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-16 14:36 UTC by Rainer Traut
Modified: 2017-11-15 14:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-15 14:32:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
debug output (4.84 KB, text/plain)
2017-01-18 09:42 UTC, Rainer Traut
no flags Details


Links
System ID Private Priority Status Summary Last Updated
CentOS 0010740 0 None None None 2017-01-16 14:36:12 UTC

Description Rainer Traut 2017-01-16 14:36:12 UTC
Description of problem:
There seems to be a regression on the Linux side with net rpc.
Not a single 'net rpc' command works when connecting to a Windows 7 machine.
This used to work. I can a exclude a firewall/permission problem on the windows side.

Version-Release number of selected component (if applicable):
$ rpm -q samba-common
samba-common-3.6.23-36.el6_8.x86_64

How reproducible:
always, when trying to connect to a fully patched Windows 7

Steps to Reproduce:
1. smbclient output
$ smbclient -L pc1153 -U Administrator
Enter Administrator's password: 
Domain=[PC1153] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1]

	Sharename       Type      Comment
	---------       ----      -------
	ADMIN$          Disk      Remoteverwaltung
	C$              Disk      Standardfreigabe
	FestplattenExport Disk      
	IPC$            IPC       Remote-IPC
	NEU             Disk      
	U$              Disk      Standardfreigabe
Domain=[PC1153] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------

2. another try with net rpc and same credentials
$ net rpc shutdown -f -S pc1153 -U 'Administrator'
Enter Administrator's password:
Could not connect to server pc1153
Connection failed: NT_STATUS_ACCESS_DENIED
Could not connect to server pc1153
Connection failed: NT_STATUS_ACCESS_DENIED
3. Giving the administrator passwd on cmdline does not change

Actual results:
Connection failed: NT_STATUS_ACCESS_DENIED

Expected results:
shutdown Windows7 PC

Additional info:
$ telnet pc1153 445
Trying 192.168.200.28...
Connected to pc1153.
Escape character is '^]'.
^CConnection closed by foreign host.

Means Windows firewall is off.

This used to work for two years but broke somewhere in 2016.
And there is a Centos 6 bugreport here:
https://bugs.centos.org/view.php?id=10740

Comment 3 Andreas Schneider 2017-01-17 15:12:45 UTC
Could you paste the output of:


    net rpc shutdown -f -S pc1153 -U 'Administrator' -d10

Thanks.

Comment 4 Rainer Traut 2017-01-18 09:42:01 UTC
Created attachment 1242103 [details]
debug output

et voilà

Comment 5 Rainer Traut 2017-01-18 09:46:25 UTC
I managed to solve it by:

client ipc signing = auto

in /etc/smb.conf

Comment 8 Andreas Schneider 2017-11-15 14:32:43 UTC
Windows 7 doesn't have Security Singatures enabled by default. You should enable Security Signatures on your Windows client and not change 'client ipc signing'!

See the following link shows how to enable Security Signatures. See 'SMB signing configuration on the server side' the registry key to turn this on is 'enablesecuritysignature'.

https://support.microsoft.com/en-us/help/916846/server-message-block-communication-between-a-client-side-smb-component


Note You need to log in before you can comment on or make changes to this bug.