3.0.25 publish printer problem

[Martin Zielinski]

Gerald (Jerry) Carter schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Martin Zielinski wrote:
> 
>> I encounter problems (un)publishing printers to ADS.
>> The samba log shows up the following message:
>>
>> kerberos_kinit_password SERVER$@MY.DOMAIN failed: Cannot 
>> contact any KDC for requested realm
>>
>> The error occurs, when the smbd runs through the 
>> ads_kinit_password() routine the second time.
>> I've follow the "data-flow" until krb5_cc_get_principal() in clikrb5.c.
>>
>> Removing the    
>>
>> ads_kdestroy("MEMORY:prtpub_cache");
>>
>> in line 3294 of nt_printing.c fixes this for me.
> 
> Martin,
> 
> I don't understand why this would be necessary.  In
> nt_printer_publish() we set the memory ccache again.
> 
> I also don't understand why the kinit() in ads_sasl_spnego_bind()
> is failing.  It seems to me that the existing ds_kdestroy()
> in check_printers-Published() is correct and that we should add
> one to nt_printer_publish().
> 
> What am I missing?
> 
Sorry, apparently nothing.
The problem was related to a broken DNS configuration.

I still don't know, why the first run through ads_kinit_password
succeeds (as I'm not familiar with the kerberos internals), but the
later calls depend on successfull responses to
"SRV _kerberos._udp.MY.DOMAIN.COM" and related DNS-requests. This has no
effect, if the ccache is not deleted - which caused the difference in
the behaviour of 3.0.25rc3 and 3.0.25.

Bye,
Martin



-- 
Martin Zielinski             mz at seh.de
Software Development
SEH Computertechnik GmbH     www.seh.de