[Samba] "getpeername failed" error when signed communicationspolicy enabled

Allen Chen achen at harbourfrontcentre.com
Fri Dec 16 12:00:17 MST 2011 

Jeremy Allison wrote:
> On Wed, Dec 07, 2011 at 11:01:50AM +0000, Hilton, David wrote:
>   
>> Hi,
>>
>> I'm looking for help with an issue that we are seeing with the following
>> configuration:
>>
>> We are using Samba (3.5.12-72.fc15) to share out CUPS printers from a Fedora
>> 15 machine. However, a requirement of the system is that these printers are
>> not directly visible from client systems (Windows 7 SP1 32-bit), so instead
>> we are sharing them out from a Windows print server (Windows 2008 R2 SP1).
>> So the clients connect to print queues on the Windows print server, which in
>> turn forwards the print jobs on to CUPS.
>>
>> The issue we are seeing occurs when a policy change is made on the Windows
>> 2008 R2 print server. If the "Microsoft network client: Digitally sign
>> communications (always)" policy setting is enabled, we see the following
>> behaviour:
>>
>> - Applications running on the print server can print normally.
>> - Applications running on client machines fail to print.
>>
>> When a print job fails we see the following in the samba log for the client
>> machine:
>>
>>
>> [2011/12/07 10:43:23.381798,  2] auth/auth.c:304(check_ntlm_password)
>>   check_ntlm_password:  authentication for user [XXX] -> [XXX] -> [XXX]
>> succeeded
>> [2011/12/07 10:43:39.760399,  0] lib/util_sock.c:474(read_fd_with_timeout)
>> [2011/12/07 10:43:39.760476,  0]
>> lib/util_sock.c:1441(get_peer_addr_internal)
>>   getpeername failed. Error was Transport endpoint is not connected
>>   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
>> peer.
>>
>>
>>
>> The smb.conf file that we are using is as follows:
>>
>> [global]
>> #--authconfig--start-line--
>>
>> # Generated by authconfig on 2011/12/05 17:22:13
>> # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
>> # Any modification may be deleted or altered by authconfig in future
>>
>>    workgroup = LOW
>>    password server = LOWDC
>>    security = user
>>    idmap uid = 16777216-33554431
>>    idmap gid = 16777216-33554431
>>    template shell = /bin/false
>>    winbind use default domain = false
>>    winbind offline logon = false
>>    server signing = auto
>>    log level = 2
>>    log file = /var/log/samba.log.%m
>>    max log size = 50
>>    debug timestamp = yes
>>
>> #--authconfig--end-line--
>> load printers = yes
>> printing = cups
>> printcap name = cups
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> browseable = no
>> guest ok = yes
>> writable = no
>> printable = yes
>> printer admin = root, @ntadmins, @smbprintadm
>> use client driver = yes
>>
>>
>>
>>
>>
>> If the "Microsoft network client: Digitally sign communications (always)"
>> setting is disabled it all works OK, but disabling this policy setting is
>> not an allowed option at present. 
>>     
>
> That sounds like a signing error - do you see such in the
> Samba logs ?
>
> Jeremy.
>   
I have the same message in samba log file, even though I set up "log 
level =  0".
My Samba 3.4.5 PDC is listening on both ports 139 and 445 under CentOS 
5.6 32bits.
Here is the message:
[2011/10/26 16:02:05,  0] lib/util_sock.c:539(read_fd_with_timeout)
[2011/10/26 16:02:05,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by 
peer.
[2011/10/26 16:02:05,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
[2011/10/26 16:02:05,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected


Allen

More information about the samba mailing list