3.0.25 publish printer problem
mz at seh.de
Thu May 24 08:34:30 GMT 2007
Gerald (Jerry) Carter schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Martin Zielinski wrote:
>> I encounter problems (un)publishing printers to ADS.
>> The samba log shows up the following message:
>> kerberos_kinit_password SERVER$@MY.DOMAIN failed: Cannot
>> contact any KDC for requested realm
>> The error occurs, when the smbd runs through the
>> ads_kinit_password() routine the second time.
>> I've follow the "data-flow" until krb5_cc_get_principal() in clikrb5.c.
>> Removing the
>> in line 3294 of nt_printing.c fixes this for me.
> I don't understand why this would be necessary. In
> nt_printer_publish() we set the memory ccache again.
> I also don't understand why the kinit() in ads_sasl_spnego_bind()
> is failing. It seems to me that the existing ds_kdestroy()
> in check_printers-Published() is correct and that we should add
> one to nt_printer_publish().
> What am I missing?
Sorry, apparently nothing.
The problem was related to a broken DNS configuration.
I still don't know, why the first run through ads_kinit_password
succeeds (as I'm not familiar with the kerberos internals), but the
later calls depend on successfull responses to
"SRV _kerberos._udp.MY.DOMAIN.COM" and related DNS-requests. This has no
effect, if the ccache is not deleted - which caused the difference in
the behaviour of 3.0.25rc3 and 3.0.25.
Martin Zielinski mz at seh.de
SEH Computertechnik GmbH www.seh.de
More information about the samba-technical