[Samba] A working CUPS authentication now fails without change anything...
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Mon May 4 10:03:09 MDT 2015
Hi,
Just a moments ago i've sent a message to other user saying that I've a
working server with CUPS authentication using AD groups. Well, that
authentication is not working anymore and i've not changed anything...
The thursday I was configuring the server to allow the management of cups
with AD groups and was working perfect. After that i've added some printer
alias to samba configuration and I've disabled the "load printers" option
to hide the real name.
Today i've tried to enter to CUPS to change the default paper size on
printers but it failed (local account works). I've not changed any
configuration in domain or member smb.cfg files (at least in general), then
I don't know where is the problem...
My smb.conf looks:
[global]
workgroup = Domain
security = ADS
realm = DOMAIN.RED
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 10000-20000000
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-20000000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind refresh tickets = Yes
winbind expand groups = 4
winbind normalize names = Yes
domain master = no
local master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Mejora para la velocidad de impresión
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
########## log ##########
log level = 5
log file = /var/log/samba/%m.log
max log size = 50
debug timestamp = yes
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = no
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
printing = cups
printcap name = cups
In the syslog:
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.598266, 0]
../lib/util/fault.c:72(fault_report)
May 4 17:38:41 print winbindd[1702]:
===============================================================
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.598737, 0]
../lib/util/fault.c:73(fault_report)
May 4 17:38:41 print winbindd[1702]: INTERNAL ERROR: Signal 11 in pid
1702 (4.1.17-Debian)
May 4 17:38:41 print winbindd[1702]: Please read the Trouble-Shooting
section of the Samba HOWTO
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.599347, 0]
../lib/util/fault.c:75(fault_report)
May 4 17:38:41 print winbindd[1702]:
===============================================================
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.599791, 0]
../source3/lib/util.c:785(smb_panic_s3)
May 4 17:38:41 print winbindd[1702]: PANIC (pid 1702): internal error
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.601033, 0]
../source3/lib/util.c:896(log_stack_trace)
May 4 17:38:41 print winbindd[1702]: BACKTRACE: 27 stack frames:
May 4 17:38:41 print winbindd[1702]: #0
/usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
[0x7fe244210e1a]
May 4 17:38:41 print winbindd[1702]: #1
/usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7fe244210ef0]
May 4 17:38:41 print winbindd[1702]: #2
/usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
[0x7fe24854770f]
May 4 17:38:41 print winbindd[1702]: #3
/usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906) [0x7fe248547906]
May 4 17:38:41 print winbindd[1702]: #4
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
May 4 17:38:41 print winbindd[1702]: #5
/usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
[0x7fe242d519e1]
May 4 17:38:41 print winbindd[1702]: #6
/usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
May 4 17:38:41 print winbindd[1702]: #7
/usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf) [0x7fe244dac7bf]
May 4 17:38:41 print winbindd[1702]: #8
/usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
[0x7fe244dacd8b]
May 4 17:38:41 print winbindd[1702]: #9
/usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48) [0x7fe244daeb48]
May 4 17:38:41 print winbindd[1702]: #10
/usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
[0x7fe24523f7e2]
May 4 17:38:41 print winbindd[1702]: #11
/usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
[0x7fe24523fb3e]
May 4 17:38:41 print winbindd[1702]: #12
/usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
May 4 17:38:41 print winbindd[1702]: #13
/usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
May 4 17:38:41 print winbindd[1702]: #14 /usr/sbin/winbindd(+0x663bc)
[0x7fe248e093bc]
May 4 17:38:41 print winbindd[1702]: #15
/usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
May 4 17:38:41 print winbindd[1702]: #16
/usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
May 4 17:38:41 print winbindd[1702]: #17
/usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7fe24226e3ed]
May 4 17:38:41 print winbindd[1702]: #18 /usr/sbin/winbindd(+0x688c0)
[0x7fe248e0b8c0]
May 4 17:38:41 print winbindd[1702]: #19 /usr/sbin/winbindd(+0x68fd5)
[0x7fe248e0bfd5]
May 4 17:38:41 print winbindd[1702]: #20
/usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
[0x7fe24226eca2]
May 4 17:38:41 print winbindd[1702]: #21
/usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
May 4 17:38:41 print winbindd[1702]: #22
/usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
May 4 17:38:41 print winbindd[1702]: #23
/usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7fe24226e3ed]
May 4 17:38:41 print winbindd[1702]: #24 /usr/sbin/winbindd(main+0xaeb)
[0x7fe248dcb04b]
May 4 17:38:41 print winbindd[1702]: #25
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fe241efdead]
May 4 17:38:41 print winbindd[1702]: #26 /usr/sbin/winbindd(+0x286bd)
[0x7fe248dcb6bd]
May 4 17:38:41 print winbindd[1702]: [2015/05/04 17:38:41.606586, 0]
../source3/lib/dumpcore.c:312(dump_core)
May 4 17:38:41 print winbindd[1702]: unable to change to
/var/log/samba/cores/winbindd
May 4 17:38:41 print winbindd[1702]: refusing to dump core
Another:
[2015/05/04 17:51:39.909354, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 33 - private_data=(nil)
[2015/05/04 17:51:39.909699, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 13 - private_data=(nil)
[2015/05/04 17:51:39.909853, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1028 - private_data=(nil)
[2015/05/04 17:51:39.910003, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1027 - private_data=(nil)
[2015/05/04 17:51:39.910137, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1029 - private_data=(nil)
[2015/05/04 17:51:39.910278, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1280 - private_data=(nil)
[2015/05/04 17:51:39.910441, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1033 - private_data=(nil)
[2015/05/04 17:51:39.910581, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1 - private_data=(nil)
[2015/05/04 17:51:39.910738, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1036 - private_data=(nil)
[2015/05/04 17:51:39.910895, 5]
../source3/lib/messages.c:340(messaging_deregister)
Deregistering messaging pointer for type 1035 - private_data=(nil)
[2015/05/04 17:51:39.911274, 5]
../source3/lib/messages.c:293(messaging_register)
Registering messaging pointer for type 1028 - private_data=(nil)
[2015/05/04 17:51:39.911432, 5]
../source3/lib/messages.c:293(messaging_register)
Registering messaging pointer for type 1027 - private_data=(nil)
[2015/05/04 17:51:39.911585, 5]
../source3/lib/messages.c:293(messaging_register)
Registering messaging pointer for type 1280 - private_data=(nil)
[2015/05/04 17:51:39.911733, 5]
../source3/lib/messages.c:293(messaging_register)
Registering messaging pointer for type 1 - private_data=(nil)
[2015/05/04 17:51:39.911876, 5]
../source3/lib/messages.c:293(messaging_register)
Registering messaging pointer for type 1034 - private_data=(nil)
[2015/05/04 17:51:39.912019, 5]
../source3/lib/messages.c:308(messaging_register)
Overriding messaging pointer for type 1034 - private_data=(nil)
[2015/05/04 17:51:39.912288, 4]
../source3/winbindd/winbindd_dual.c:1338(child_handler)
child daemon request 13
[2015/05/04 17:51:39.912476, 3]
../source3/winbindd/winbindd_pam.c:1627(winbindd_dual_pam_auth)
[ 1699]: dual pam auth DOMAIN\user
[2015/05/04 17:51:39.937795, 3]
../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_10045]
expiration Tue, 05 May 2015 03:51:39 CEST
[2015/05/04 17:51:39.940342, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2015/05/04 17:51:39.940437, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2015/05/04 17:51:39.940599, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2015/05/04 17:51:39.940748, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'schannel' registered
[2015/05/04 17:51:39.941025, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'spnego' registered
[2015/05/04 17:51:39.941103, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'ntlmssp' registered
[2015/05/04 17:51:39.941271, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'krb5' registered
[2015/05/04 17:51:39.941434, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2015/05/04 17:51:39.941795, 5]
../auth/gensec/gensec_start.c:649(gensec_start_mech)
Starting GENSEC mechanism gse_krb5
[2015/05/04 17:51:39.988242, 1]
../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab)
* ../source3/librpc/crypto/gse_*
*krb5.c:416: krb5_kt_start_seq_get failed (Permission denied)[2015/05/04
17:51:39.988422, 0] ../lib/util/fault.c:72(fault_**report)*
===============================================================
[2015/05/04 17:51:39.988779, 0] ../lib/util/fault.c:73(fault_report)
INTERNAL ERROR: Signal 11 in pid 2392 (4.1.17-Debian)
Please read the Trouble-Shooting section of the Samba HOWTO
[2015/05/04 17:51:39.989235, 0] ../lib/util/fault.c:75(fault_report)
===============================================================
[2015/05/04 17:51:39.989523, 0] ../source3/lib/util.c:785(smb_panic_s3)
PANIC (pid 2392): internal error
[2015/05/04 17:51:39.990701, 0] ../source3/lib/util.c:896(log_stack_trace)
BACKTRACE: 27 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
[0x7fe244210e1a]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7fe244210ef0]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
[0x7fe24854770f]
#3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
[0x7fe248547906]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
#5 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
[0x7fe242d519e1]
#6 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
#7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf) [0x7fe244dac7bf]
#8
/usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
[0x7fe244dacd8b]
#9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48) [0x7fe244daeb48]
#10 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
[0x7fe24523f7e2]
#11
/usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
[0x7fe24523fb3e]
#12 /usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
#13 /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
#14 /usr/sbin/winbindd(+0x663bc) [0x7fe248e093bc]
#15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
#16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
#17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7fe24226e3ed]
#18 /usr/sbin/winbindd(+0x688c0) [0x7fe248e0b8c0]
#19 /usr/sbin/winbindd(+0x68fd5) [0x7fe248e0bfd5]
#20
/usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
[0x7fe24226eca2]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
#23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
[0x7fe24226e3ed]
#24 /usr/sbin/winbindd(main+0xaeb) [0x7fe248dcb04b]
#25 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
[0x7fe241efdead]
#26 /usr/sbin/winbindd(+0x286bd) [0x7fe248dcb6bd]
[2015/05/04 17:51:39.995048, 0] ../source3/lib/dumpcore.c:312(dump_core)
unable to change to /var/log/samba/cores/winbindd
refusing to dump core
Kinit and Klist are working:
klist -c
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at DOMAIN.RED
Valid starting Expires Service principal
04/05/15 17:49:43 05/05/15 03:49:43 krbtgt/DOMAIN.RED at DOMAIN.RED
renew until 05/05/15 17:49:38
I'm starting to be confused because was working without problem the
thursday and i've only added some printers shares on samba configuration...
Thanks.
More information about the samba
mailing list