[Samba] A working CUPS authentication now fails without change anything...
Rowland Penny
rowlandpenny at googlemail.com
Mon May 4 10:52:48 MDT 2015
On 04/05/15 17:30, Daniel Carrasco Marín wrote:
>
>
> 2015-05-04 18:16 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>>:
>
> On 04/05/15 17:03, Daniel Carrasco Marín wrote:
>
> Hi,
>
> Just a moments ago i've sent a message to other user saying
> that I've a
> working server with CUPS authentication using AD groups. Well,
> that
> authentication is not working anymore and i've not changed
> anything...
>
> The thursday I was configuring the server to allow the
> management of cups
> with AD groups and was working perfect. After that i've added
> some printer
> alias to samba configuration and I've disabled the "load
> printers" option
> to hide the real name.
> Today i've tried to enter to CUPS to change the default paper
> size on
> printers but it failed (local account works). I've not changed any
> configuration in domain or member smb.cfg files (at least in
> general), then
> I don't know where is the problem...
>
> My smb.conf looks:
> [global]
> workgroup = Domain
> security = ADS
> realm = DOMAIN.RED
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 10000-20000000
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-20000000
>
>
> It might help if you didn't use the same range for '*' and 'DOMAIN'
>
> Rowland
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind refresh tickets = Yes
> winbind expand groups = 4
> winbind normalize names = Yes
> domain master = no
> local master = no
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> # Mejora para la velocidad de impresión
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
>
>
> ########## log ##########
> log level = 5
> log file = /var/log/samba/%m.log
> max log size = 50
> debug timestamp = yes
>
>
> ########## Printing ##########
>
> # If you want to automatically load your printer list
> rather
> # than setting them up individually then you'll need this
> load printers = no
>
> # CUPS printing. See also the cupsaddsmb(8) manpage
> in the
> # cupsys-client package.
> printing = cups
> printcap name = cups
>
>
>
>
>
>
> In the syslog:
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.598266, 0]
> ../lib/util/fault.c:72(fault_report)
> May 4 17:38:41 print winbindd[1702]:
> ===============================================================
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.598737, 0]
> ../lib/util/fault.c:73(fault_report)
> May 4 17:38:41 print winbindd[1702]: INTERNAL ERROR: Signal
> 11 in pid
> 1702 (4.1.17-Debian)
> May 4 17:38:41 print winbindd[1702]: Please read the
> Trouble-Shooting
> section of the Samba HOWTO
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.599347, 0]
> ../lib/util/fault.c:75(fault_report)
> May 4 17:38:41 print winbindd[1702]:
> ===============================================================
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.599791, 0]
> ../source3/lib/util.c:785(smb_panic_s3)
> May 4 17:38:41 print winbindd[1702]: PANIC (pid 1702):
> internal error
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.601033, 0]
> ../source3/lib/util.c:896(log_stack_trace)
> May 4 17:38:41 print winbindd[1702]: BACKTRACE: 27 stack
> frames:
> May 4 17:38:41 print winbindd[1702]: #0
> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
> [0x7fe244210e1a]
> May 4 17:38:41 print winbindd[1702]: #1
> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
> [0x7fe244210ef0]
> May 4 17:38:41 print winbindd[1702]: #2
> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
> [0x7fe24854770f]
> May 4 17:38:41 print winbindd[1702]: #3
> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
> [0x7fe248547906]
> May 4 17:38:41 print winbindd[1702]: #4
> /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7fe2489740a0]
> May 4 17:38:41 print winbindd[1702]: #5
> /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
> [0x7fe242d519e1]
> May 4 17:38:41 print winbindd[1702]: #6
> /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad) [0x7fe242d372ad]
> May 4 17:38:41 print winbindd[1702]: #7
> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf)
> [0x7fe244dac7bf]
> May 4 17:38:41 print winbindd[1702]: #8
> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
> [0x7fe244dacd8b]
> May 4 17:38:41 print winbindd[1702]: #9
> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48)
> [0x7fe244daeb48]
> May 4 17:38:41 print winbindd[1702]: #10
> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
> [0x7fe24523f7e2]
> May 4 17:38:41 print winbindd[1702]: #11
> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
> [0x7fe24523fb3e]
> May 4 17:38:41 print winbindd[1702]: #12
> /usr/sbin/winbindd(kerberos_return_pac+0x491) [0x7fe248dcbd61]
> May 4 17:38:41 print winbindd[1702]: #13
> /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8) [0x7fe248df3558]
> May 4 17:38:41 print winbindd[1702]: #14
> /usr/sbin/winbindd(+0x663bc)
> [0x7fe248e093bc]
> May 4 17:38:41 print winbindd[1702]: #15
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b) [0x7fe24227386b]
> May 4 17:38:41 print winbindd[1702]: #16
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
> May 4 17:38:41 print winbindd[1702]: #17
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
> [0x7fe24226e3ed]
> May 4 17:38:41 print winbindd[1702]: #18
> /usr/sbin/winbindd(+0x688c0)
> [0x7fe248e0b8c0]
> May 4 17:38:41 print winbindd[1702]: #19
> /usr/sbin/winbindd(+0x68fd5)
> [0x7fe248e0bfd5]
> May 4 17:38:41 print winbindd[1702]: #20
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
> [0x7fe24226eca2]
> May 4 17:38:41 print winbindd[1702]: #21
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601) [0x7fe242273601]
> May 4 17:38:41 print winbindd[1702]: #22
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56) [0x7fe242271d56]
> May 4 17:38:41 print winbindd[1702]: #23
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
> [0x7fe24226e3ed]
> May 4 17:38:41 print winbindd[1702]: #24
> /usr/sbin/winbindd(main+0xaeb)
> [0x7fe248dcb04b]
> May 4 17:38:41 print winbindd[1702]: #25
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
> [0x7fe241efdead]
> May 4 17:38:41 print winbindd[1702]: #26
> /usr/sbin/winbindd(+0x286bd)
> [0x7fe248dcb6bd]
> May 4 17:38:41 print winbindd[1702]: [2015/05/04
> 17:38:41.606586, 0]
> ../source3/lib/dumpcore.c:312(dump_core)
> May 4 17:38:41 print winbindd[1702]: unable to change to
> /var/log/samba/cores/winbindd
> May 4 17:38:41 print winbindd[1702]: refusing to dump core
>
> Another:
> [2015/05/04 17:51:39.909354, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 33 -
> private_data=(nil)
> [2015/05/04 17:51:39.909699, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 13 -
> private_data=(nil)
> [2015/05/04 17:51:39.909853, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1028 -
> private_data=(nil)
> [2015/05/04 17:51:39.910003, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1027 -
> private_data=(nil)
> [2015/05/04 17:51:39.910137, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1029 -
> private_data=(nil)
> [2015/05/04 17:51:39.910278, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1280 -
> private_data=(nil)
> [2015/05/04 17:51:39.910441, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1033 -
> private_data=(nil)
> [2015/05/04 17:51:39.910581, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1 - private_data=(nil)
> [2015/05/04 17:51:39.910738, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1036 -
> private_data=(nil)
> [2015/05/04 17:51:39.910895, 5]
> ../source3/lib/messages.c:340(messaging_deregister)
> Deregistering messaging pointer for type 1035 -
> private_data=(nil)
> [2015/05/04 17:51:39.911274, 5]
> ../source3/lib/messages.c:293(messaging_register)
> Registering messaging pointer for type 1028 -
> private_data=(nil)
> [2015/05/04 17:51:39.911432, 5]
> ../source3/lib/messages.c:293(messaging_register)
> Registering messaging pointer for type 1027 -
> private_data=(nil)
> [2015/05/04 17:51:39.911585, 5]
> ../source3/lib/messages.c:293(messaging_register)
> Registering messaging pointer for type 1280 -
> private_data=(nil)
> [2015/05/04 17:51:39.911733, 5]
> ../source3/lib/messages.c:293(messaging_register)
> Registering messaging pointer for type 1 - private_data=(nil)
> [2015/05/04 17:51:39.911876, 5]
> ../source3/lib/messages.c:293(messaging_register)
> Registering messaging pointer for type 1034 -
> private_data=(nil)
> [2015/05/04 17:51:39.912019, 5]
> ../source3/lib/messages.c:308(messaging_register)
> Overriding messaging pointer for type 1034 - private_data=(nil)
> [2015/05/04 17:51:39.912288, 4]
> ../source3/winbindd/winbindd_dual.c:1338(child_handler)
> child daemon request 13
> [2015/05/04 17:51:39.912476, 3]
> ../source3/winbindd/winbindd_pam.c:1627(winbindd_dual_pam_auth)
> [ 1699]: dual pam auth DOMAIN\user
> [2015/05/04 17:51:39.937795, 3]
> ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
> ads_cleanup_expired_creds: Ticket in
> ccache[FILE:/tmp/krb5cc_10045]
> expiration Tue, 05 May 2015 03:51:39 CEST
> [2015/05/04 17:51:39.940342, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2015/05/04 17:51:39.940437, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2015/05/04 17:51:39.940599, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2015/05/04 17:51:39.940748, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'schannel' registered
> [2015/05/04 17:51:39.941025, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'spnego' registered
> [2015/05/04 17:51:39.941103, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2015/05/04 17:51:39.941271, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'krb5' registered
> [2015/05/04 17:51:39.941434, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'fake_gssapi_krb5' registered
> [2015/05/04 17:51:39.941795, 5]
> ../auth/gensec/gensec_start.c:649(gensec_start_mech)
> Starting GENSEC mechanism gse_krb5
> [2015/05/04 17:51:39.988242, 1]
> ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab)
> * ../source3/librpc/crypto/gse_*
> *krb5.c:416: krb5_kt_start_seq_get failed (Permission
> denied)[2015/05/04
> 17:51:39.988422, 0] ../lib/util/fault.c:72(fault_**report)*
>
> ===============================================================
> [2015/05/04 17:51:39.988779, 0]
> ../lib/util/fault.c:73(fault_report)
> INTERNAL ERROR: Signal 11 in pid 2392 (4.1.17-Debian)
> Please read the Trouble-Shooting section of the Samba HOWTO
> [2015/05/04 17:51:39.989235, 0]
> ../lib/util/fault.c:75(fault_report)
> ===============================================================
> [2015/05/04 17:51:39.989523, 0]
> ../source3/lib/util.c:785(smb_panic_s3)
> PANIC (pid 2392): internal error
> [2015/05/04 17:51:39.990701, 0]
> ../source3/lib/util.c:896(log_stack_trace)
> BACKTRACE: 27 stack frames:
> #0
> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
> [0x7fe244210e1a]
> #1
> /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
> [0x7fe244210ef0]
> #2
> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
> [0x7fe24854770f]
> #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1e906)
> [0x7fe248547906]
> #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0)
> [0x7fe2489740a0]
> #5
> /usr/lib/x86_64-linux-gnu/libkrb5.so.26(krb5_storage_free+0x1)
> [0x7fe242d519e1]
> #6 /usr/lib/x86_64-linux-gnu/libkrb5.so.26(+0x482ad)
> [0x7fe242d372ad]
> #7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x97bf)
> [0x7fe244dac7bf]
> #8
> /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x18b)
> [0x7fe244dacd8b]
> #9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xbb48)
> [0x7fe244daeb48]
> #10
> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0x42)
> [0x7fe24523f7e2]
> #11
> /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_oid+0x2e)
> [0x7fe24523fb3e]
> #12 /usr/sbin/winbindd(kerberos_return_pac+0x491)
> [0x7fe248dcbd61]
> #13 /usr/sbin/winbindd(winbindd_dual_pam_auth+0xab8)
> [0x7fe248df3558]
> #14 /usr/sbin/winbindd(+0x663bc) [0x7fe248e093bc]
> #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x986b)
> [0x7fe24227386b]
> #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56)
> [0x7fe242271d56]
> #17
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
> [0x7fe24226e3ed]
> #18 /usr/sbin/winbindd(+0x688c0) [0x7fe248e0b8c0]
> #19 /usr/sbin/winbindd(+0x68fd5) [0x7fe248e0bfd5]
> #20
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xe2)
> [0x7fe24226eca2]
> #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9601)
> [0x7fe242273601]
> #22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x7d56)
> [0x7fe242271d56]
> #23
> /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d)
> [0x7fe24226e3ed]
> #24 /usr/sbin/winbindd(main+0xaeb) [0x7fe248dcb04b]
> #25 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
> [0x7fe241efdead]
> #26 /usr/sbin/winbindd(+0x286bd) [0x7fe248dcb6bd]
> [2015/05/04 17:51:39.995048, 0]
> ../source3/lib/dumpcore.c:312(dump_core)
> unable to change to /var/log/samba/cores/winbindd
> refusing to dump core
>
>
> Kinit and Klist are working:
> klist -c
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at DOMAIN.RED
>
> Valid starting Expires Service principal
> 04/05/15 17:49:43 05/05/15 03:49:43 krbtgt/DOMAIN.RED at DOMAIN.RED
> renew until 05/05/15 17:49:38
>
>
> I'm starting to be confused because was working without
> problem the
> thursday and i've only added some printers shares on samba
> configuration...
>
> Thanks.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> Changed to:
> idmap config *:backend = tdb
> idmap config *:range = 40000-70000
> idmap config ND:backend = ad
> idmap config ND:schema_mode = rfc2307
> idmap config ND:range = 10000-30000
>
> rebooted and same problem. I've to clear any cache or something?
>
> Greetings!!
>
try 'net cache flush'
Rowland
More information about the samba
mailing list