3.0.25 publish printer problem

Martin Zielinski mz at seh.de
Thu May 24 08:34:30 GMT 2007

Gerald (Jerry) Carter schrieb:
> Hash: SHA1
> Martin Zielinski wrote:
>> I encounter problems (un)publishing printers to ADS.
>> The samba log shows up the following message:
>> kerberos_kinit_password SERVER$@MY.DOMAIN failed: Cannot 
>> contact any KDC for requested realm
>> The error occurs, when the smbd runs through the 
>> ads_kinit_password() routine the second time.
>> I've follow the "data-flow" until krb5_cc_get_principal() in clikrb5.c.
>> Removing the    
>> ads_kdestroy("MEMORY:prtpub_cache");
>> in line 3294 of nt_printing.c fixes this for me.
> Martin,
> I don't understand why this would be necessary.  In
> nt_printer_publish() we set the memory ccache again.
> I also don't understand why the kinit() in ads_sasl_spnego_bind()
> is failing.  It seems to me that the existing ds_kdestroy()
> in check_printers-Published() is correct and that we should add
> one to nt_printer_publish().
> What am I missing?
Sorry, apparently nothing.
The problem was related to a broken DNS configuration.

I still don't know, why the first run through ads_kinit_password
succeeds (as I'm not familiar with the kerberos internals), but the
later calls depend on successfull responses to
"SRV _kerberos._udp.MY.DOMAIN.COM" and related DNS-requests. This has no
effect, if the ccache is not deleted - which caused the difference in
the behaviour of 3.0.25rc3 and 3.0.25.


Martin Zielinski             mz at seh.de
Software Development
SEH Computertechnik GmbH     www.seh.de

More information about the samba-technical mailing list