smbspool without authentication no longer works?
m.novosyolov at rosalinux.ru
Thu Nov 28 20:02:59 UTC 2019
28.11.2019 21:11, Andreas Hasenack via samba-technical пишет:
> is smbspool supposed to work without authentication, in the case the
> printer is shared like that?
> I've been tracking some bug reports about printing no longer working
> with samba 4.8 or higher. The last one where I got this command below
> to work was 4.7.6:
> ubuntu at bionic-smb-printer:~$ /usr/lib/cups/backend/smb
> smb://10.10.1.6/ds216laser 34 root page 1 options .bashrc;echo
> Kerberos auth with 'root at WORKGROUP' (WORKGROUP\root) to access
> '10.10.1.6' not possible
> ERROR: Session setup failed: NT_STATUS_ACCESS_DENIED
> DEBUG: get_exit_code(cli=0x561bb8db7d70,
> nt_status=NT_STATUS_ACCESS_DENIED [c0000022])
> ATTR: auth-info-required=negotiate
> DEBUG: Connected with NTLMSSP...
> ubuntu at bionic-smb-printer:~$ echo $?
> With, say, 4.10.7, I get:
> root at nsnx:~# /usr/lib/cups/backend/smb smb://10.10.1.6/ds216laser 34
> root page 1 options .bashrc; r=$?;echo;echo $r
> kerberos_ccache_is_valid: Failed to get default principal from ccache:
> DEBUG: This backend requires credentials!
> DEBUG: get_exit_code(nt_status=NT_STATUS_ACCESS_DENIED [c0000022])
> ATTR: auth-info-required=none
> DEBUG: Unable to connect to CIFS host: NT_STATUS_ACCESS_DENIED
> If I pass "anonymous" as the username, or even a blank space (!), then it works:
> root at nsnx:~# /usr/lib/cups/backend/smb smb://\ @10.10.1.6/ds216laser
> 34 root page 1 options .bashrc; r=$?;echo;echo $r
> DEBUG: SMB connection established.
> I found several bug reports, but none seems to address this issue
> exactly. Some were about printing with kerberos.
It was fixed in Samba 4.10 but was not backported to samba 4.9:
Yes, people report that it worked in 4.7 and broke in 4.9. But now it
works in 4.10.
"Failed to get default principal from ccache: FILE:/tmp/krb5cc_0" - this
means that ccache of root user is being looked for. You should symlink
/usr/lib/cups/backend/smb to smbspool_krb5_wrapper, then ccache of the
printing task creator will be found and used.
Please read a recent thread
"Automating usage of smbspool_krb5_wrapper" from start to end, in the
first email problem is explained and in the last patches are attached. I
would appreceate if you test them in Ubuntu: they allow to symlink
/usr/lib/cups/backend/smb -> smbspool_krb5_wrapper instead of smbspool
and make printing work out of the box both with and without Kerberos.
More information about the samba-technical