3.0.25 publish printer problem

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Zielinski wrote:
> 
> 
> Gerald (Jerry) Carter schrieb:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Martin Zielinski wrote:
>>
>>> I encounter problems (un)publishing printers to ADS.
>>> The samba log shows up the following message:
>>>
>>> kerberos_kinit_password SERVER$@MY.DOMAIN failed: Cannot contact any
>>> KDC for requested realm
>>>
>>> The error occurs, when the smbd runs through the ads_kinit_password()
>>> routine the second time.
>>> I've follow the "data-flow" until krb5_cc_get_principal() in clikrb5.c.
>>>
>>> Removing the   
>>> ads_kdestroy("MEMORY:prtpub_cache");
>>>
>>> in line 3294 of nt_printing.c fixes this for me.
>>
>> Martin,
>>
>> I don't understand why this would be necessary.  In
>> nt_printer_publish() we set the memory ccache again.
>>
>> I also don't understand why the kinit() in ads_sasl_spnego_bind()
>> is failing.  It seems to me that the existing ds_kdestroy()
>> in check_printers-Published() is correct and that we should add
>> one to nt_printer_publish().
>>
>> What am I missing?
>>
> Sorry, apparently nothing.
> The problem was related to a broken DNS configuration.
> 
> I still don't know, why the first run through ads_kinit_password
> succeeds (as I'm not familiar with the kerberos internals), but the
> later calls depend on successfull responses to
> "SRV _kerberos._udp.MY.DOMAIN.COM" and related DNS-requests. This has no
> effect, if the ccache is not deleted - which caused the difference in
> the behaviour of 3.0.25rc3 and 3.0.25.

OK.  So no changes needed here then.  Cool. Thanks for the update.


PS: Still working on the printer comment and location patches.




jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVwJhIR7qMdg1EfYRArYJAJwM+nOOjl8MtRtX7iXOcESQMmdD+wCg207A
Z9zTgmfdxGcbkOeJZCBGksA=
=deoi
-----END PGP SIGNATURE-----