[Samba] A working CUPS authentication now fails without change anything...

Rowland Penny rowlandpenny at googlemail.com
Mon May 4 10:52:48 MDT 2015


On 04/05/15 17:30, Daniel Carrasco Marín wrote:
>
>
> 2015-05-04 18:16 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com 
> <mailto:rowlandpenny at googlemail.com>>:
>
>     On 04/05/15 17:03, Daniel Carrasco Marín wrote:
>
>         Hi,
>
>         Just a moments ago i've sent a message to other user saying
>         that I've a
>         working server with CUPS authentication using AD groups. Well,
>         that
>         authentication is not working anymore and i've not changed
>         anything...
>
>         The thursday I was configuring the server to allow the
>         management of cups
>         with AD groups and was working perfect. After that i've added
>         some printer
>         alias to samba configuration and I've disabled the "load
>         printers" option
>         to hide the real name.
>         Today i've tried to enter to CUPS to change the default paper
>         size on
>         printers but it failed (local account works). I've not changed any
>         configuration in domain or member smb.cfg files (at least in
>         general), then
>         I don't know where is the problem...
>
>         My smb.conf looks:
>         [global]
>                  workgroup = Domain
>                  security = ADS
>                  realm = DOMAIN.RED
>                  dedicated keytab file = /etc/krb5.keytab
>                  kerberos method = secrets and keytab
>                  encrypt passwords = yes
>
>                  idmap config *:backend = tdb
>                  idmap config *:range = 10000-20000000
>                  idmap config DOMAIN:backend = ad
>                  idmap config DOMAIN:schema_mode = rfc2307
>                  idmap config DOMAIN:range = 10000-20000000
>
>
>     It might help if you didn't use the same range for '*' and 'DOMAIN'
>
>     Rowland
>
>                  winbind nss info = rfc2307
>                  winbind trusted domains only = no
>                  winbind use default domain = yes
>                  winbind enum users  = Yes
>                  winbind enum groups = Yes
>                  winbind refresh tickets = Yes
>                  winbind expand groups = 4
>                  winbind normalize names = Yes
>                  domain master = no
>                  local master = no
>                  vfs objects = acl_xattr
>                  map acl inherit = Yes
>                  store dos attributes = Yes
>
>                  # Mejora para la velocidad de impresión
>                  rpc_server:spoolss = external
>                  rpc_daemon:spoolssd = fork
>
>
>                  ##########    log    ##########
>                  log level = 5
>                  log file = /var/log/samba/%m.log
>                  max log size = 50
>                  debug timestamp = yes
>
>
>                  ########## Printing ##########
>
>                  # If you want to automatically load your printer list
>         rather
>                  # than setting them up individually then you'll need this
>                  load printers = no
>
>                  # CUPS printing.  See also the cupsaddsmb(8) manpage
>         in the
>                  # cupsys-client package.
>                     printing = cups
>                     printcap name = cups
>
>
>
>
>
>
>         In the syslog:
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.598266,  0]
>         ../lib/util/fault.c:72(fault_report)
>         May  4 17:38:41 print winbindd[1702]:
>         ===============================================================
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.598737,  0]
>         ../lib/util/fault.c:73(fault_report)
>         May  4 17:38:41 print winbindd[1702]:   INTERNAL ERROR: Signal
>         11 in pid
>         1702 (4.1.17-Debian)
>         May  4 17:38:41 print winbindd[1702]:   Please read the
>         Trouble-Shooting
>         section of the Samba HOWTO
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.599347,  0]
>         ../lib/util/fault.c:75(fault_report)
>         May  4 17:38:41 print winbindd[1702]:
>         ===============================================================
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.599791,  0]
>         ../source3/lib/util.c:785(smb_panic_s3)
>         May  4 17:38:41 print winbindd[1702]:   PANIC (pid 1702):
>         internal error
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.601033,  0]
>         ../source3/lib/util.c:896(log_stack_trace)
>         May  4 17:38:41 print winbindd[1702]:   BACKTRACE: 27 stack
>         frames:
>         May  4 17:38:41 print winbindd[1702]:    #0
>         /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
>         [0x7fe244210e1a]
>         May  4 17:38:41 print winbindd[1702]:    #1
>         /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
>         [0x7fe244210ef0]
>         May  4 17:38:41 print winbindd[1702]:    #2
>         /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
>         [0x7fe24854770f]
>         May  4 17:38:41 print winbindd[1702]:    #3
>         /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
>         [0x7fe248547906]
>         May  4 17:38:41 print winbindd[1702]:    #4
>         /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
>         May  4 17:38:41 print winbindd[1702]:    #5
>         /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
>         [0x7fe242d519e1]
>         May  4 17:38:41 print winbindd[1702]:    #6
>         /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
>         May  4 17:38:41 print winbindd[1702]:    #7
>         /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf)
>         [0x7fe244dac7bf]
>         May  4 17:38:41 print winbindd[1702]:    #8
>         /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
>         [0x7fe244dacd8b]
>         May  4 17:38:41 print winbindd[1702]:    #9
>         /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48)
>         [0x7fe244daeb48]
>         May  4 17:38:41 print winbindd[1702]:    #10
>         /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
>         [0x7fe24523f7e2]
>         May  4 17:38:41 print winbindd[1702]:    #11
>         /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
>         [0x7fe24523fb3e]
>         May  4 17:38:41 print winbindd[1702]:    #12
>         /usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
>         May  4 17:38:41 print winbindd[1702]:    #13
>         /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
>         May  4 17:38:41 print winbindd[1702]:    #14
>         /usr/sbin/winbindd(+0x663bc)
>         [0x7fe248e093bc]
>         May  4 17:38:41 print winbindd[1702]:    #15
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
>         May  4 17:38:41 print winbindd[1702]:    #16
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>         May  4 17:38:41 print winbindd[1702]:    #17
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>         [0x7fe24226e3ed]
>         May  4 17:38:41 print winbindd[1702]:    #18
>         /usr/sbin/winbindd(+0x688c0)
>         [0x7fe248e0b8c0]
>         May  4 17:38:41 print winbindd[1702]:    #19
>         /usr/sbin/winbindd(+0x68fd5)
>         [0x7fe248e0bfd5]
>         May  4 17:38:41 print winbindd[1702]:    #20
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
>         [0x7fe24226eca2]
>         May  4 17:38:41 print winbindd[1702]:    #21
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
>         May  4 17:38:41 print winbindd[1702]:    #22
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
>         May  4 17:38:41 print winbindd[1702]:    #23
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>         [0x7fe24226e3ed]
>         May  4 17:38:41 print winbindd[1702]:    #24
>         /usr/sbin/winbindd(main+0xaeb)
>         [0x7fe248dcb04b]
>         May  4 17:38:41 print winbindd[1702]:    #25
>         /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
>         [0x7fe241efdead]
>         May  4 17:38:41 print winbindd[1702]:    #26
>         /usr/sbin/winbindd(+0x286bd)
>         [0x7fe248dcb6bd]
>         May  4 17:38:41 print winbindd[1702]: [2015/05/04
>         17:38:41.606586,  0]
>         ../source3/lib/dumpcore.c:312(dump_core)
>         May  4 17:38:41 print winbindd[1702]:   unable to change to
>         /var/log/samba/cores/winbindd
>         May  4 17:38:41 print winbindd[1702]:   refusing to dump core
>
>         Another:
>         [2015/05/04 17:51:39.909354,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 33 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.909699,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 13 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.909853,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1028 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910003,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1027 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910137,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1029 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910278,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1280 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910441,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1033 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910581,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1 - private_data=(nil)
>         [2015/05/04 17:51:39.910738,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1036 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.910895,  5]
>         ../source3/lib/messages.c:340(messaging_deregister)
>            Deregistering messaging pointer for type 1035 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.911274,  5]
>         ../source3/lib/messages.c:293(messaging_register)
>            Registering messaging pointer for type 1028 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.911432,  5]
>         ../source3/lib/messages.c:293(messaging_register)
>            Registering messaging pointer for type 1027 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.911585,  5]
>         ../source3/lib/messages.c:293(messaging_register)
>            Registering messaging pointer for type 1280 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.911733,  5]
>         ../source3/lib/messages.c:293(messaging_register)
>            Registering messaging pointer for type 1 - private_data=(nil)
>         [2015/05/04 17:51:39.911876,  5]
>         ../source3/lib/messages.c:293(messaging_register)
>            Registering messaging pointer for type 1034 -
>         private_data=(nil)
>         [2015/05/04 17:51:39.912019,  5]
>         ../source3/lib/messages.c:308(messaging_register)
>            Overriding messaging pointer for type 1034 - private_data=(nil)
>         [2015/05/04 17:51:39.912288,  4]
>         ../source3/winbindd/winbindd_dual.c:1338(child_handler)
>            child daemon request 13
>         [2015/05/04 17:51:39.912476,  3]
>         ../source3/winbindd/winbindd_pam.c:1627(winbindd_dual_pam_auth)
>            [ 1699]: dual pam auth DOMAIN\user
>         [2015/05/04 17:51:39.937795,  3]
>         ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
>            ads_cleanup_expired_creds: Ticket in
>         ccache[FILE:/tmp/krb5cc_10045]
>         expiration Tue, 05 May 2015 03:51:39 CEST
>         [2015/05/04 17:51:39.940342,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'gssapi_spnego' registered
>         [2015/05/04 17:51:39.940437,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'gssapi_krb5' registered
>         [2015/05/04 17:51:39.940599,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'gssapi_krb5_sasl' registered
>         [2015/05/04 17:51:39.940748,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'schannel' registered
>         [2015/05/04 17:51:39.941025,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'spnego' registered
>         [2015/05/04 17:51:39.941103,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'ntlmssp' registered
>         [2015/05/04 17:51:39.941271,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'krb5' registered
>         [2015/05/04 17:51:39.941434,  3]
>         ../auth/gensec/gensec_start.c:870(gensec_register)
>            GENSEC backend 'fake_gssapi_krb5' registered
>         [2015/05/04 17:51:39.941795,  5]
>         ../auth/gensec/gensec_start.c:649(gensec_start_mech)
>            Starting GENSEC mechanism gse_krb5
>         [2015/05/04 17:51:39.988242,  1]
>         ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab)
>           * ../source3/librpc/crypto/gse_*
>         *krb5.c:416: krb5_kt_start_seq_get failed (Permission
>         denied)[2015/05/04
>         17:51:39.988422,  0] ../lib/util/fault.c:72(fault_**report)*
>
>          ===============================================================
>         [2015/05/04 17:51:39.988779,  0]
>         ../lib/util/fault.c:73(fault_report)
>            INTERNAL ERROR: Signal 11 in pid 2392 (4.1.17-Debian)
>            Please read the Trouble-Shooting section of the Samba HOWTO
>         [2015/05/04 17:51:39.989235,  0]
>         ../lib/util/fault.c:75(fault_report)
>          ===============================================================
>         [2015/05/04 17:51:39.989523,  0]
>         ../source3/lib/util.c:785(smb_panic_s3)
>            PANIC (pid 2392): internal error
>         [2015/05/04 17:51:39.990701,  0]
>         ../source3/lib/util.c:896(log_stack_trace)
>            BACKTRACE: 27 stack frames:
>             #0
>         /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
>         [0x7fe244210e1a]
>             #1
>         /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
>         [0x7fe244210ef0]
>             #2
>         /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
>         [0x7fe24854770f]
>             #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
>         [0x7fe248547906]
>             #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0)
>         [0x7fe2489740a0]
>             #5
>         /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
>         [0x7fe242d519e1]
>             #6 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad)
>         [0x7fe242d372ad]
>             #7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf)
>         [0x7fe244dac7bf]
>             #8
>         /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
>         [0x7fe244dacd8b]
>             #9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48)
>         [0x7fe244daeb48]
>             #10
>         /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
>         [0x7fe24523f7e2]
>             #11
>         /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
>         [0x7fe24523fb3e]
>             #12 /usr/sbin/winbindd(kerberos_return_pac+0x491)
>         [0x7fe248dcbd61]
>             #13 /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8)
>         [0x7fe248df3558]
>             #14 /usr/sbin/winbindd(+0x663bc) [0x7fe248e093bc]
>             #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b)
>         [0x7fe24227386b]
>             #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56)
>         [0x7fe242271d56]
>             #17
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>         [0x7fe24226e3ed]
>             #18 /usr/sbin/winbindd(+0x688c0) [0x7fe248e0b8c0]
>             #19 /usr/sbin/winbindd(+0x68fd5) [0x7fe248e0bfd5]
>             #20
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
>         [0x7fe24226eca2]
>             #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601)
>         [0x7fe242273601]
>             #22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56)
>         [0x7fe242271d56]
>             #23
>         /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
>         [0x7fe24226e3ed]
>             #24 /usr/sbin/winbindd(main+0xaeb) [0x7fe248dcb04b]
>             #25 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
>         [0x7fe241efdead]
>             #26 /usr/sbin/winbindd(+0x286bd) [0x7fe248dcb6bd]
>         [2015/05/04 17:51:39.995048,  0]
>         ../source3/lib/dumpcore.c:312(dump_core)
>            unable to change to /var/log/samba/cores/winbindd
>            refusing to dump core
>
>
>         Kinit and Klist are working:
>         klist -c
>         Ticket cache: FILE:/tmp/krb5cc_0
>         Default principal: Administrator at DOMAIN.RED
>
>         Valid starting     Expires            Service principal
>         04/05/15 17:49:43  05/05/15 03:49:43 krbtgt/DOMAIN.RED at DOMAIN.RED
>              renew until 05/05/15 17:49:38
>
>
>         I'm starting to be confused because was working without
>         problem the
>         thursday and i've only added some printers shares on samba
>         configuration...
>
>         Thanks.
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> Changed to:
>         idmap config *:backend = tdb
>         idmap config *:range = 40000-70000
>         idmap config ND:backend = ad
>         idmap config ND:schema_mode = rfc2307
>         idmap config ND:range = 10000-30000
>
> rebooted and same problem. I've to clear any cache or something?
>
> Greetings!!
>

try 'net cache flush'

Rowland



More information about the samba mailing list