[Samba] Printing with smbspool_krb5_wrapper not working in Ubuntu 16.04

Van Svensson van.svensson at mail.com
Sat Aug 5 15:38:23 UTC 2017 

Rowland Penny wrote:

> On Sat, 5 Aug 2017 15:29:54 +0200
> Van Svensson via samba <samba at lists.samba.org> wrote:
> 
> > Rowland Penny wrote:
> > 
> > > On Sat, 5 Aug 2017 14:44:34 +0200
> > > Van Svensson via samba <samba at lists.samba.org> wrote:
> > > 
> > > > Rowland Penny wrote:
> > > > 
> > > > > On Sat, 5 Aug 2017 13:06:18 +0200
> > > > > Van Svensson via samba <samba at lists.samba.org> wrote:
> > > > > 
> > > > > > Thanks for your reply! I have now filed a bug in launchpad
> > > > > > (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1708817).
> > > > > > 
> > > > > > When I compare the cups error_log with 14.04 where it does
> > > > > > work I see that 16.04 uses two backslashes when setting
> > > > > > KRB5CCNAME while 14.04 does not use backslashes, maybe that
> > > > > > is the problem?
> > > > > > 
> > > > > > Sometimes the cups error_log also have the below line
> > > > > > "HTTP_STATE_WAITING Closing for error 32 (Broken pipe)" like I
> > > > > > show below. Both this line and the line "Could not determine
> > > > > > network interfaces, you must use a interfaces config line"
> > > > > > maybe can give some idea on what goes wrong? The line
> > > > > > "Printing jobs and dirty files" can maybe be ignored since it
> > > > > > also shows up in 14.04 where it works.
> > > > > 
> > > > > It might help if you could tell us what versions of Samba you
> > > > > are using (it might shock you, but some people don't use Ubuntu
> > > > > ), it would also be a good idea to post your smb.conf files.
> > > > 
> > > > I attach the smb.conf file which is exactly the same for both
> > > > Ubuntu 14.04 and 16.04. On 14.04 I have Samba version
> > > > 2:4.3.11+dfsg-0ubuntu0.14.04.10 and on 16.04 I have
> > > > 2:4.3.11+dfsg-0ubuntu0.16.04.9.
> > >
> > > Sorry, but this mailing list strips off attachments, you will need
> > > to copy it into the post.
> > 
> > Here it comes (according to "diff" the smb.conf file is exactly the
> > same for both Ubuntu 14.04 and 16.04):
> > 
> > [...]
> 
> OK, after I removed all the commented lines and default lines, I was
> left with this:
> 
> [global]
>    server string = %h server (Samba, Ubuntu)
>    dns proxy = no
> 
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
> 
>    server role = standalone server
>    obey pam restrictions = yes
>    unix password sync = yes
> 
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> 
>    pam password change = yes
>    map to guest = bad user
>    usershare allow guests = yes
> 
> [printers]
>    comment = All Printers
>    browseable = no
>    path = /var/spool/samba
>    printable = yes
>    create mask = 0700
> 
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
> 
> About the only thing wrong with this is that you haven't set:
>  'security = user'

Sorry, I should have removed the comments etc from smb.conf and when I did that with "grep -v ^# /etc/samba/smb.conf|grep -v ^\;|grep -v ^$" I was left with the following which have a few more lines in comparison to what you was left with above. I have also added the line "security = user" at the end of the section "global":

[global]
   workgroup = WORKGROUP
        server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   security = user
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

After rebooting the computer and testing printing again it unfortunately still does not work to print on 16.04. Please note that smb.conf on 14.04 does not contain this "security = user" and printing still works.

> I also take it that your users exist on the machine in /etc/passwd and
> in Samba

I should have mentioned this earlier, but the users does not exist in /etc/passwd, instead they are in LDAP and when they log in to the computer they get some Kerberos tickets for the domain and the file system. When printing on 14.04 they get another Kerberos ticket for the printing system according to "klist" after they have done "lpr" and printed a document. On 16.04 nothing is printed and the user gets no Kerberos ticket for the printing system and the job is left in "lpq".

Thanks / Van

More information about the samba mailing list