Created attachment 8179 [details] loglevel9log_from_publish_bug_samba369 I installed a Samba 3.6.9 on top of a SLES11sp2 with a cups 1.5.4. My windows-clients are Windows XP/32bit or Win7/64bit. I integrated the samba into our big AD-domain via the suse-yast tools. everything works fine. printing fileservering and so on. but when I try to publish the printer into the AD via the win printer wizzards. -> Sharing -> list in directory -> Apply the printer is not shared. I enabled logging with loglevel 9 and found the following error message: [2012/11/09 16:29:20.987290, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2012/11/09 16:29:20.992381, 3] libsmb/clikrb5.c:543(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Sat, 10 Nov 2012 02:29:20 CET [2012/11/09 16:29:20.992450, 3] libsmb/clikrb5.c:751(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2012/11/09 16:29:20.994869, 5] printing/nt_printing_ads.c:112(nt_printer_publish_ads) publishing printer yyyp0708 [2012/11/09 16:29:20.998229, 3] printing/nt_printing_ads.c:189(nt_printer_publish_ads) error publishing yyyp0708: Object class violation [2012/11/09 16:29:20.999288, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:20.999331, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:20.999353, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:20.999373, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups without this feature I could not upgrade my samba 3.4.x servers to 3.6
Could you send us a network capture and provide more details? SAMBA BUG REPORTING ++++++++++++++++++++ This is a small howto to help you to provide all information which are needed to find out what's going on your machine. This is a general howto so maybe it will cover more things you don't use. Please also read http://www.chiark.greenend.org.uk/~sgtatham/bugs Providing instructions how the reproduce the error =================================================== The first aim of a bug report is to let the developer see the failure with their own eyes. If you can't be with them to make it fail in front of them, give them detailed instructions how to reproduce the problem so that they can reproduce the error on their development environment. If this doesn't work, describe everything in detail! The more information you provide the easier we can see what's going on. Providing Samba log files ========================== Post the output of 'rpm -qi samba' or 'rpm -qi samba-<subpackage>' if you're on a RPM based system. It gives detailed information about the installed packages. We need that information to reconstruct what happened and possibly to reproduce the bug on our machines. Always provide all log files from the '/var/log/samba/' directory and the configuration file '/etc/samba/smb.conf'! If you see errors in tdb files make sure you add the related tdb files from '/var/lib/samba'. If winbind for logging in is part of the problem please provide '/etc/security/pam_winbind.conf' and if you have enabled debug in 'pam_winbind.conf' '/var/log/messages' or '/var/log/secure' is required too. More detailed description about different Samba components can be found below this section. Providing backtraces ===================== If you discover a crash in one of the Samba components, please make sure that you have installed debuginfo packages. Often the backtrace can be found in the log files. If you have installed debuginfo packages, you can find a short backtrace in the log files and a few lines later the full backtrace. Make sure you provide the full backtrace. Testing daemons (winbind, smb, nmb) ==================================== 1. Stop all running Samba processes (winbind, smb, nmb) 2. Remove all log files from /var/log/samba/ With this approach we ensure to have the start date of the testing in the log files. 3. Edit /etc/samba/smb.conf and set the following variables in the in the [general] section of the config: debug level = 10 debug pid = true max log size = 0 Instead of setting a global debug level in smb.conf it's also visible to use smbcontrol <damon_name> debug 10 to increase the debug level of the Samba daemon in question to 10 at run time. If winbind is part of the scenario edit /etc/security/pam_winbind.conf and set: debug = yes 4. Start the processes again (winbind, smb, nmb) 5. Reproduce the error and note the time when you start any test. If a problem occurs while testing note the time (use date on the system you perform the tests on to get a time fitting to the log files). Attach the log files from '/var/log/samba/' and the tdb files from '/var/lib/samba/' to the bug. If possible, remove the tdb files and provide clean files. Therefore it's best to bond them to one compressed tar archive. The relevant parts of '/var/log/messages' could be interesting too. Network traces =============== If possible create network traces with tcpdump or wireshark from the problem and attach them too. Always make sure to capture only one problem per network trace file. This makes it easier to understand the problem. tcpdump -n -i eth0 -s 0 -w samba-problem-description.pcap Network topology ================= If you have a special network setup especially with Active Domain controllers please describe how you're network looks like and what the domain names are. Tell us which version of Windows you're using, the functional level of AD and which trust relationships exist.
Created attachment 8184 [details] /var/log/samba with all files loglevel10 Here the log file with loglevel 10 and the tcpdump regards Franz
Created attachment 8185 [details] samba-problem-publish-bug tcpdump
Sorry, I forgot samba version and smb.conf ... rpm -qi samba Name : samba Relocations: (not relocatable) Version : 3.6.9 Vendor: openSUSE Build Service Release : 125.1 Build Date: Mo 29 Okt 2012 18:37:22 CET Install Date: Di 30 Okt 2012 10:25:55 CET Build Host: build10 Group : Productivity/Networking/Samba Source RPM: samba-3.6.9-125.1.src.rpm Size : 28816839 License: GPL-3.0+ Signature : DSA/SHA1, Mo 29 Okt 2012 18:39:48 CET, Key ID c6b1177c27daa6b9 URL : http://www.samba.org/ Summary : A SMB/CIFS File, Print, and Authentication Server Description : Samba is a suite of programs that allows SMB/CIFS clients to use the Unix file space, printers, and authentication subsystem. The package named samba contains all programs that are needed to act as a server. The binaries expect the configuration file to be found in /etc/samba/smb.conf For a more detailed description of Samba, check the samba-doc package or the Samba.org Web page at http://www.Samba.org/ Please check http://en.openSUSE.org/Samba for general information on Samba as part of SUSE Linux Enterprise or openSUSE products, links to binary packages of the most current Samba version, and a bug reporting how to. Source Timestamp: 2847 Branch : 3.6.9 Distribution: network:samba:STABLE / SLE_11_SP1 cobu0031:~ # cat /etc/samba/smb.conf /etc/samba/smb.shares.conf # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2007-12-14 [global] workgroup = BROSE printing = cups printcap name = cups printcap cache time = 750 cups options = "" server string = %h Samba %v interfaces = eth0 map to guest = Bad User log level = 9 syslog = 0 log file = /var/log/samba/log.%M include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No realm = BROSE.NET security = ADS kerberos method = secrets and keytab restrict anonymous = 2 client signing = auto server signing = auto hostname lookups = Yes template homedir = /home/%D/%U template shell = /bin/bash idmap config * : range = 10000-120000 idmap config * : backend = tdb winbind separator = + # winbind enum users = Yes # winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = yes include = /etc/samba/smb.shares.conf [printers] comment = All Printers path = /var/tmp create mask = 0600 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @BROSE+COB_CUPS_Printer_Admin force group = ntadmin create mask = 0664 directory mask = 0775 guest ok = Yes [pdf] comment = generated PDF-Files path = /srv/smb/pdf write list = @BROSE+COB_CUPS_Printer_Admin guest ok = Yes [_pdf] comment = Acrobat Distiller 3011.104 path = /var/tmp read only = No create mask = 0600 guest ok = Yes printable = Yes cups options = raw printer name = _pdf
today I compared a wireshare and a log.smbd or a working samba 3.4 and a samba 3.6 and I found only two attributes of the published printer is filled printerName 1 cobp07080 objectClass 1 printQueue at samba 3.4 there was much more: shortServerName 1 COBU00840" serverName 1 COBU0084.brose.net0* uNCName 1 \\COBU0084.brose.net\cobp07080versionNumber140 driverName 1 cobp07080 location 1 COB0/ description 1 cob/w1/geb5/3og Canon iR C50300 portName 1 Samba Printer Port0 printStartTime 1 00 printEndTime 1 00 priority 1 10 printKeepPrintedJobs 1 FALSE0% printSpooling 1 PrintWhileSpooling0 printerName 1 cobp07080 objectClass 1 printQueue is the line get_local_printer_publishing_data(ctx, &mods, printer->info_2->data); missing to fille the other parameters at: *** nt_printing_ads.c 2012-01-29 20:40:43.000000000 +0100 --- nt_printing_ads.c.pub 2013-01-07 14:39:11.000000000 +0100 *************** static WERROR nt_printer_publish_ads(str *** 170,179 **** --- 170,180 ---- SAFE_FREE(prt_dn); TALLOC_FREE(ctx); return WERR_NOMEM; } + get_local_printer_publishing_data(ctx, &mods, printer->info_2->data); ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME, printer); /* publish it */ ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods); if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) { or is it not necessary any more? regards Franz
(In reply to comment #5) > today I compared a wireshare and a log.smbd or a working samba 3.4 and a samba > 3.6 and I found only two attributes of the published printer is filled > > printerName 1 cobp07080 > objectClass 1 printQueue > > at samba 3.4 there was much more: > shortServerName 1 COBU00840" > serverName 1 COBU0084.brose.net0* > uNCName 1 \\COBU0084.brose.net\cobp07080versionNumber140 > driverName 1 cobp07080 > location 1 COB0/ > description 1 cob/w1/geb5/3og Canon iR C50300 > portName 1 Samba Printer Port0 > printStartTime 1 00 > printEndTime 1 00 > priority 1 10 > printKeepPrintedJobs 1 FALSE0% > printSpooling 1 PrintWhileSpooling0 > printerName 1 cobp07080 > objectClass 1 printQueue > > is the line > get_local_printer_publishing_data(ctx, &mods, printer->info_2->data); > > missing to fille the other parameters at: > *** nt_printing_ads.c 2012-01-29 20:40:43.000000000 +0100 > --- nt_printing_ads.c.pub 2013-01-07 14:39:11.000000000 +0100 > *************** static WERROR nt_printer_publish_ads(str > *** 170,179 **** > --- 170,180 ---- > SAFE_FREE(prt_dn); > TALLOC_FREE(ctx); > return WERR_NOMEM; > } > > + get_local_printer_publishing_data(ctx, &mods, printer->info_2->data); > ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME, printer); > > /* publish it */ > ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods); > if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) { > > > or is it not necessary any more? Thanks for your analysis here Franz! get_local_printer_publishing_data() is no longer an option here, as it was removed along with the map_nt_printer_info2_to_dsspooler() helpers via commits 9e0000224a53f418eb4d2c87f1b8d8c47e348665 and 7c629bda2f86271b709292dbc5a9e811e438a902. Instead, a new helper function that populates the ADS_MODLIST with values directly mapped from the printer's info2 data could be added, to provide the same published printer attributes.
is this a solutions or only a idea? What are the next steps?
Created attachment 8452 [details] 3.6-test fix part 1 No change from 12a08d8ae254d5cb0651cb6016ab7e1859f47d82 in master.
Created attachment 8453 [details] 3.6-test fix part 2 Slight change from 4f9cffbae6a60268140eba5e457ac7e86cac6246 in master, s/lp_netbios_name/global_myname/. Both 3.6 patches have been reviewed by Andreas Schneider and consequently tagged.
Karolin, please push for the next 3.6 release.
Created attachment 8454 [details] 3.6-test fix part 2 - correctly tagged
Comment on attachment 8452 [details] 3.6-test fix part 1 Looks good.
Comment on attachment 8454 [details] 3.6-test fix part 2 - correctly tagged Looks fine.
Created attachment 8456 [details] 4.0-test fix part 1 Same as master.
Created attachment 8457 [details] 4.0-test fix part 2 Same as master.
Pushed to v3-6-test and autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!