[Samba] "getpeername failed" error when signed communicationspolicy enabled
Allen Chen
achen at harbourfrontcentre.com
Fri Dec 16 12:00:17 MST 2011
Jeremy Allison wrote:
> On Wed, Dec 07, 2011 at 11:01:50AM +0000, Hilton, David wrote:
>
>> Hi,
>>
>> I'm looking for help with an issue that we are seeing with the following
>> configuration:
>>
>> We are using Samba (3.5.12-72.fc15) to share out CUPS printers from a Fedora
>> 15 machine. However, a requirement of the system is that these printers are
>> not directly visible from client systems (Windows 7 SP1 32-bit), so instead
>> we are sharing them out from a Windows print server (Windows 2008 R2 SP1).
>> So the clients connect to print queues on the Windows print server, which in
>> turn forwards the print jobs on to CUPS.
>>
>> The issue we are seeing occurs when a policy change is made on the Windows
>> 2008 R2 print server. If the "Microsoft network client: Digitally sign
>> communications (always)" policy setting is enabled, we see the following
>> behaviour:
>>
>> - Applications running on the print server can print normally.
>> - Applications running on client machines fail to print.
>>
>> When a print job fails we see the following in the samba log for the client
>> machine:
>>
>>
>> [2011/12/07 10:43:23.381798, 2] auth/auth.c:304(check_ntlm_password)
>> check_ntlm_password: authentication for user [XXX] -> [XXX] -> [XXX]
>> succeeded
>> [2011/12/07 10:43:39.760399, 0] lib/util_sock.c:474(read_fd_with_timeout)
>> [2011/12/07 10:43:39.760476, 0]
>> lib/util_sock.c:1441(get_peer_addr_internal)
>> getpeername failed. Error was Transport endpoint is not connected
>> read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
>> peer.
>>
>>
>>
>> The smb.conf file that we are using is as follows:
>>
>> [global]
>> #--authconfig--start-line--
>>
>> # Generated by authconfig on 2011/12/05 17:22:13
>> # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
>> # Any modification may be deleted or altered by authconfig in future
>>
>> workgroup = LOW
>> password server = LOWDC
>> security = user
>> idmap uid = 16777216-33554431
>> idmap gid = 16777216-33554431
>> template shell = /bin/false
>> winbind use default domain = false
>> winbind offline logon = false
>> server signing = auto
>> log level = 2
>> log file = /var/log/samba.log.%m
>> max log size = 50
>> debug timestamp = yes
>>
>> #--authconfig--end-line--
>> load printers = yes
>> printing = cups
>> printcap name = cups
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> browseable = no
>> guest ok = yes
>> writable = no
>> printable = yes
>> printer admin = root, @ntadmins, @smbprintadm
>> use client driver = yes
>>
>>
>>
>>
>>
>> If the "Microsoft network client: Digitally sign communications (always)"
>> setting is disabled it all works OK, but disabling this policy setting is
>> not an allowed option at present.
>>
>
> That sounds like a signing error - do you see such in the
> Samba logs ?
>
> Jeremy.
>
I have the same message in samba log file, even though I set up "log
level = 0".
My Samba 3.4.5 PDC is listening on both ports 139 and 445 under CentOS
5.6 32bits.
Here is the message:
[2011/10/26 16:02:05, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2011/10/26 16:02:05, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2011/10/26 16:02:05, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
[2011/10/26 16:02:05, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
Allen
More information about the samba
mailing list