[Samba] "getpeername failed" error when signed communications policy enabled
Hilton, David
davidh at hp.com
Wed Dec 7 04:01:50 MST 2011
Hi,
I'm looking for help with an issue that we are seeing with the following
configuration:
We are using Samba (3.5.12-72.fc15) to share out CUPS printers from a Fedora
15 machine. However, a requirement of the system is that these printers are
not directly visible from client systems (Windows 7 SP1 32-bit), so instead
we are sharing them out from a Windows print server (Windows 2008 R2 SP1).
So the clients connect to print queues on the Windows print server, which in
turn forwards the print jobs on to CUPS.
The issue we are seeing occurs when a policy change is made on the Windows
2008 R2 print server. If the "Microsoft network client: Digitally sign
communications (always)" policy setting is enabled, we see the following
behaviour:
- Applications running on the print server can print normally.
- Applications running on client machines fail to print.
When a print job fails we see the following in the samba log for the client
machine:
[2011/12/07 10:43:23.381798, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [XXX] -> [XXX] -> [XXX]
succeeded
[2011/12/07 10:43:39.760399, 0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/12/07 10:43:39.760476, 0]
lib/util_sock.c:1441(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
The smb.conf file that we are using is as follows:
[global]
#--authconfig--start-line--
# Generated by authconfig on 2011/12/05 17:22:13
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = LOW
password server = LOWDC
security = user
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = false
winbind offline logon = false
server signing = auto
log level = 2
log file = /var/log/samba.log.%m
max log size = 50
debug timestamp = yes
#--authconfig--end-line--
load printers = yes
printing = cups
printcap name = cups
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes
printer admin = root, @ntadmins, @smbprintadm
use client driver = yes
If the "Microsoft network client: Digitally sign communications (always)"
setting is disabled it all works OK, but disabling this policy setting is
not an allowed option at present.
- David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6208 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20111207/3b7542a6/attachment.bin>
More information about the samba
mailing list