[Samba] A working CUPS authentication now fails without change anything...
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Mon May 4 10:30:04 MDT 2015
2015-05-04 18:16 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 04/05/15 17:03, Daniel Carrasco Marín wrote:
>
>> Hi,
>>
>> Just a moments ago i've sent a message to other user saying that I've a
>> working server with CUPS authentication using AD groups. Well, that
>> authentication is not working anymore and i've not changed anything...
>>
>> The thursday I was configuring the server to allow the management of cups
>> with AD groups and was working perfect. After that i've added some printer
>> alias to samba configuration and I've disabled the "load printers" option
>> to hide the real name.
>> Today i've tried to enter to CUPS to change the default paper size on
>> printers but it failed (local account works). I've not changed any
>> configuration in domain or member smb.cfg files (at least in general),
>> then
>> I don't know where is the problem...
>>
>> My smb.conf looks:
>> [global]
>> workgroup = Domain
>> security = ADS
>> realm = DOMAIN.RED
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> encrypt passwords = yes
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 10000-20000000
>> idmap config DOMAIN:backend = ad
>> idmap config DOMAIN:schema_mode = rfc2307
>> idmap config DOMAIN:range = 10000-20000000
>>
>
> It might help if you didn't use the same range for '*' and 'DOMAIN'
>
> Rowland
>
> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> winbind refresh tickets = Yes
>> winbind expand groups = 4
>> winbind normalize names = Yes
>> domain master = no
>> local master = no
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> # Mejora para la velocidad de impresión
>> rpc_server:spoolss = external
>> rpc_daemon:spoolssd = fork
>>
>>
>> ########## log ##########
>> log level = 5
>> log file = /var/log/samba/%m.log
>> max log size = 50
>> debug timestamp = yes
>>
>>
>> ########## Printing ##########
>>
>> # If you want to automatically load your printer list rather
>> # than setting them up individually then you'll need this
>> load printers = no
>>
>> # CUPS printing. See also the cupsaddsmb(8) manpage in the
>> # cupsys-client package.
>> printing = cups
>> printcap name = cups
>>
>>
>>
>>
>>
>>
>> In the syslog:
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.598266, 0]
>> ../lib/util/fault.c:72(fault_report)
>> May 4 17:38:41 print winbindd[1702]:
>> ===============================================================
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.598737, 0]
>> ../lib/util/fault.c:73(fault_report)
>> May 4 17:38:41 print winbindd[1702]: INTERNAL ERROR: Signal 11 in pid
>> 1702 (4.1.17-Debian)
>> May 4 17:38:41 print winbindd[1702]: Please read the Trouble-Shooting
>> section of the Samba HOWTO
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.599347, 0]
>> ../lib/util/fault.c:75(fault_report)
>> May 4 17:38:41 print winbindd[1702]:
>> ===============================================================
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.599791, 0]
>> ../source3/lib/util.c:785(smb_panic_s3)
>> May 4 17:38:41 print winbindd[1702]: PANIC (pid 1702): internal error
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.601033, 0]
>> ../source3/lib/util.c:896(log_stack_trace)
>> May 4 17:38:41 print winbindd[1702]: BACKTRACE: 27 stack frames:
>> May 4 17:38:41 print winbindd[1702]: #0
>> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
>> [0x7fe244210e1a]
>> May 4 17:38:41 print winbindd[1702]: #1
>> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
>> [0x7fe244210ef0]
>> May 4 17:38:41 print winbindd[1702]: #2
>> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
>> [0x7fe24854770f]
>> May 4 17:38:41 print winbindd[1702]: #3
>> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906) [0x7fe248547906]
>> May 4 17:38:41 print winbindd[1702]: #4
>> /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
>> May 4 17:38:41 print winbindd[1702]: #5
>> /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
>> [0x7fe242d519e1]
>> May 4 17:38:41 print winbindd[1702]: #6
>> /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
>> May 4 17:38:41 print winbindd[1702]: #7
>> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf) [0x7fe244dac7bf]
>> May 4 17:38:41 print winbindd[1702]: #8
>>
>> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
>> [0x7fe244dacd8b]
>> May 4 17:38:41 print winbindd[1702]: #9
>> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48) [0x7fe244daeb48]
>> May 4 17:38:41 print winbindd[1702]: #10
>> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
>> [0x7fe24523f7e2]
>> May 4 17:38:41 print winbindd[1702]: #11
>> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
>> [0x7fe24523fb3e]
>> May 4 17:38:41 print winbindd[1702]: #12
>> /usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
>> May 4 17:38:41 print winbindd[1702]: #13
>> /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
>> May 4 17:38:41 print winbindd[1702]: #14 /usr/sbin/winbindd(+0x663bc)
>> [0x7fe248e093bc]
>> May 4 17:38:41 print winbindd[1702]: #15
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
>> May 4 17:38:41 print winbindd[1702]: #16
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>> May 4 17:38:41 print winbindd[1702]: #17
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>> [0x7fe24226e3ed]
>> May 4 17:38:41 print winbindd[1702]: #18 /usr/sbin/winbindd(+0x688c0)
>> [0x7fe248e0b8c0]
>> May 4 17:38:41 print winbindd[1702]: #19 /usr/sbin/winbindd(+0x68fd5)
>> [0x7fe248e0bfd5]
>> May 4 17:38:41 print winbindd[1702]: #20
>>
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
>> [0x7fe24226eca2]
>> May 4 17:38:41 print winbindd[1702]: #21
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
>> May 4 17:38:41 print winbindd[1702]: #22
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>> May 4 17:38:41 print winbindd[1702]: #23
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>> [0x7fe24226e3ed]
>> May 4 17:38:41 print winbindd[1702]: #24
>> /usr/sbin/winbindd(main+0xaeb)
>> [0x7fe248dcb04b]
>> May 4 17:38:41 print winbindd[1702]: #25
>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fe241efdead]
>> May 4 17:38:41 print winbindd[1702]: #26 /usr/sbin/winbindd(+0x286bd)
>> [0x7fe248dcb6bd]
>> May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.606586, 0]
>> ../source3/lib/dumpcore.c:312(dump_core)
>> May 4 17:38:41 print winbindd[1702]: unable to change to
>> /var/log/samba/cores/winbindd
>> May 4 17:38:41 print winbindd[1702]: refusing to dump core
>>
>> Another:
>> [2015/05/04 17:51:39.909354, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 33 - private_data=(nil)
>> [2015/05/04 17:51:39.909699, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 13 - private_data=(nil)
>> [2015/05/04 17:51:39.909853, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1028 - private_data=(nil)
>> [2015/05/04 17:51:39.910003, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1027 - private_data=(nil)
>> [2015/05/04 17:51:39.910137, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1029 - private_data=(nil)
>> [2015/05/04 17:51:39.910278, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1280 - private_data=(nil)
>> [2015/05/04 17:51:39.910441, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1033 - private_data=(nil)
>> [2015/05/04 17:51:39.910581, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1 - private_data=(nil)
>> [2015/05/04 17:51:39.910738, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1036 - private_data=(nil)
>> [2015/05/04 17:51:39.910895, 5]
>> ../source3/lib/messages.c:340(messaging_deregister)
>> Deregistering messaging pointer for type 1035 - private_data=(nil)
>> [2015/05/04 17:51:39.911274, 5]
>> ../source3/lib/messages.c:293(messaging_register)
>> Registering messaging pointer for type 1028 - private_data=(nil)
>> [2015/05/04 17:51:39.911432, 5]
>> ../source3/lib/messages.c:293(messaging_register)
>> Registering messaging pointer for type 1027 - private_data=(nil)
>> [2015/05/04 17:51:39.911585, 5]
>> ../source3/lib/messages.c:293(messaging_register)
>> Registering messaging pointer for type 1280 - private_data=(nil)
>> [2015/05/04 17:51:39.911733, 5]
>> ../source3/lib/messages.c:293(messaging_register)
>> Registering messaging pointer for type 1 - private_data=(nil)
>> [2015/05/04 17:51:39.911876, 5]
>> ../source3/lib/messages.c:293(messaging_register)
>> Registering messaging pointer for type 1034 - private_data=(nil)
>> [2015/05/04 17:51:39.912019, 5]
>> ../source3/lib/messages.c:308(messaging_register)
>> Overriding messaging pointer for type 1034 - private_data=(nil)
>> [2015/05/04 17:51:39.912288, 4]
>> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>> child daemon request 13
>> [2015/05/04 17:51:39.912476, 3]
>> ../source3/winbindd/winbindd_pam.c:1627(winbindd_dual_pam_auth)
>> [ 1699]: dual pam auth DOMAIN\user
>> [2015/05/04 17:51:39.937795, 3]
>> ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
>> ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_10045]
>> expiration Tue, 05 May 2015 03:51:39 CEST
>> [2015/05/04 17:51:39.940342, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'gssapi_spnego' registered
>> [2015/05/04 17:51:39.940437, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'gssapi_krb5' registered
>> [2015/05/04 17:51:39.940599, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> [2015/05/04 17:51:39.940748, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'schannel' registered
>> [2015/05/04 17:51:39.941025, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'spnego' registered
>> [2015/05/04 17:51:39.941103, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'ntlmssp' registered
>> [2015/05/04 17:51:39.941271, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'krb5' registered
>> [2015/05/04 17:51:39.941434, 3]
>> ../auth/gensec/gensec_start.c:870(gensec_register)
>> GENSEC backend 'fake_gssapi_krb5' registered
>> [2015/05/04 17:51:39.941795, 5]
>> ../auth/gensec/gensec_start.c:649(gensec_start_mech)
>> Starting GENSEC mechanism gse_krb5
>> [2015/05/04 17:51:39.988242, 1]
>>
>> ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab)
>> * ../source3/librpc/crypto/gse_*
>> *krb5.c:416: krb5_kt_start_seq_get failed (Permission denied)[2015/05/04
>> 17:51:39.988422, 0] ../lib/util/fault.c:72(fault_**report)*
>>
>> ===============================================================
>> [2015/05/04 17:51:39.988779, 0] ../lib/util/fault.c:73(fault_report)
>> INTERNAL ERROR: Signal 11 in pid 2392 (4.1.17-Debian)
>> Please read the Trouble-Shooting section of the Samba HOWTO
>> [2015/05/04 17:51:39.989235, 0] ../lib/util/fault.c:75(fault_report)
>> ===============================================================
>> [2015/05/04 17:51:39.989523, 0] ../source3/lib/util.c:785(smb_panic_s3)
>> PANIC (pid 2392): internal error
>> [2015/05/04 17:51:39.990701, 0]
>> ../source3/lib/util.c:896(log_stack_trace)
>> BACKTRACE: 27 stack frames:
>> #0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
>> [0x7fe244210e1a]
>> #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
>> [0x7fe244210ef0]
>> #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
>> [0x7fe24854770f]
>> #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
>> [0x7fe248547906]
>> #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
>> #5 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
>> [0x7fe242d519e1]
>> #6 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
>> #7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf)
>> [0x7fe244dac7bf]
>> #8
>>
>> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
>> [0x7fe244dacd8b]
>> #9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48)
>> [0x7fe244daeb48]
>> #10 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
>> [0x7fe24523f7e2]
>> #11
>> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
>> [0x7fe24523fb3e]
>> #12 /usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
>> #13 /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
>> #14 /usr/sbin/winbindd(+0x663bc) [0x7fe248e093bc]
>> #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
>> #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>> #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>> [0x7fe24226e3ed]
>> #18 /usr/sbin/winbindd(+0x688c0) [0x7fe248e0b8c0]
>> #19 /usr/sbin/winbindd(+0x68fd5) [0x7fe248e0bfd5]
>> #20
>>
>> /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
>> [0x7fe24226eca2]
>> #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
>> #22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>> #23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>> [0x7fe24226e3ed]
>> #24 /usr/sbin/winbindd(main+0xaeb) [0x7fe248dcb04b]
>> #25 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
>> [0x7fe241efdead]
>> #26 /usr/sbin/winbindd(+0x286bd) [0x7fe248dcb6bd]
>> [2015/05/04 17:51:39.995048, 0] ../source3/lib/dumpcore.c:312(dump_core)
>> unable to change to /var/log/samba/cores/winbindd
>> refusing to dump core
>>
>>
>> Kinit and Klist are working:
>> klist -c
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: Administrator at DOMAIN.RED
>>
>> Valid starting Expires Service principal
>> 04/05/15 17:49:43 05/05/15 03:49:43 krbtgt/DOMAIN.RED at DOMAIN.RED
>> renew until 05/05/15 17:49:38
>>
>>
>> I'm starting to be confused because was working without problem the
>> thursday and i've only added some printers shares on samba
>> configuration...
>>
>> Thanks.
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Changed to:
idmap config *:backend = tdb
idmap config *:range = 40000-70000
idmap config ND:backend = ad
idmap config ND:schema_mode = rfc2307
idmap config ND:range = 10000-30000
rebooted and same problem. I've to clear any cache or something?
Greetings!!
More information about the samba
mailing list