3.0.25 publish printer problem
Gerald (Jerry) Carter
jerry at samba.org
Fri May 25 15:36:01 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Martin Zielinski wrote:
> Gerald (Jerry) Carter schrieb:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Martin Zielinski wrote:
>>> I encounter problems (un)publishing printers to ADS.
>>> The samba log shows up the following message:
>>> kerberos_kinit_password SERVER$@MY.DOMAIN failed: Cannot contact any
>>> KDC for requested realm
>>> The error occurs, when the smbd runs through the ads_kinit_password()
>>> routine the second time.
>>> I've follow the "data-flow" until krb5_cc_get_principal() in clikrb5.c.
>>> Removing the
>>> in line 3294 of nt_printing.c fixes this for me.
>> I don't understand why this would be necessary. In
>> nt_printer_publish() we set the memory ccache again.
>> I also don't understand why the kinit() in ads_sasl_spnego_bind()
>> is failing. It seems to me that the existing ds_kdestroy()
>> in check_printers-Published() is correct and that we should add
>> one to nt_printer_publish().
>> What am I missing?
> Sorry, apparently nothing.
> The problem was related to a broken DNS configuration.
> I still don't know, why the first run through ads_kinit_password
> succeeds (as I'm not familiar with the kerberos internals), but the
> later calls depend on successfull responses to
> "SRV _kerberos._udp.MY.DOMAIN.COM" and related DNS-requests. This has no
> effect, if the ccache is not deleted - which caused the difference in
> the behaviour of 3.0.25rc3 and 3.0.25.
OK. So no changes needed here then. Cool. Thanks for the update.
PS: Still working on the printer comment and location patches.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical