Bug 9378 - publish of printer is not possible "Object class violation"
Summary: publish of printer is not possible "Object class violation"
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Printing (show other bugs)
Version: 3.6.9
Hardware: All All
: P5 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-11 20:24 UTC by Franz Pförtsch
Modified: 2013-01-23 08:09 UTC (History)
1 user (show)

See Also:


Attachments
loglevel9log_from_publish_bug_samba369 (1.97 MB, text/plain)
2012-11-11 20:24 UTC, Franz Pförtsch
no flags Details
/var/log/samba with all files loglevel10 (1.91 MB, application/amc)
2012-11-12 18:30 UTC, Franz Pförtsch
no flags Details
samba-problem-publish-bug tcpdump (680.27 KB, application/octet-stream)
2012-11-12 18:35 UTC, Franz Pförtsch
no flags Details
3.6-test fix part 1 (772 bytes, patch)
2013-01-21 11:03 UTC, David Disseldorp
asn: review+
Details
3.6-test fix part 2 (3.75 KB, patch)
2013-01-21 11:08 UTC, David Disseldorp
no flags Details
3.6-test fix part 2 - correctly tagged (3.80 KB, patch)
2013-01-21 11:14 UTC, David Disseldorp
asn: review+
Details
4.0-test fix part 1 (772 bytes, patch)
2013-01-21 14:04 UTC, David Disseldorp
asn: review+
Details
4.0-test fix part 2 (3.93 KB, patch)
2013-01-21 14:08 UTC, David Disseldorp
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Franz Pförtsch 2012-11-11 20:24:00 UTC
Created attachment 8179 [details]
loglevel9log_from_publish_bug_samba369

I installed a Samba 3.6.9 on top of a SLES11sp2 with a cups 1.5.4.
My windows-clients are Windows XP/32bit or Win7/64bit.

I integrated the samba into our big AD-domain via the suse-yast tools.
everything works fine. printing fileservering and so on.

but when I try to publish the printer into the AD via the win printer wizzards.

-> Sharing -> list in directory -> Apply 

the printer is not shared.

I enabled logging with loglevel 9 and found the following error message:

 
[2012/11/09 16:29:20.987290,  3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2012/11/09 16:29:20.992381,  3] libsmb/clikrb5.c:543(ads_cleanup_expired_creds)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Sat, 10 Nov 2012 02:29:20 CET
[2012/11/09 16:29:20.992450,  3] libsmb/clikrb5.c:751(ads_krb5_mk_req)
  ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2012/11/09 16:29:20.994869,  5] printing/nt_printing_ads.c:112(nt_printer_publish_ads)
  publishing printer yyyp0708
[2012/11/09 16:29:20.998229,  3] printing/nt_printing_ads.c:189(nt_printer_publish_ads)
  error publishing yyyp0708: Object class violation
[2012/11/09 16:29:20.999288,  5] rpc_server/srv_pipe.c:1679(api_rpcTNP)
  api_rpcTNP: called \spoolss successfully
[2012/11/09 16:29:20.999331,  4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/11/09 16:29:20.999353,  5] ../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2012/11/09 16:29:20.999373,  5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups


without this feature I could not upgrade my samba 3.4.x servers to 3.6
Comment 1 Andreas Schneider 2012-11-12 09:36:18 UTC
Could you send us a network capture and provide more details?



SAMBA BUG REPORTING
++++++++++++++++++++

This is a small howto to help you to provide all information which are needed
to find out what's going on your machine. This is a general howto so maybe it
will cover more things you don't use.

Please also read http://www.chiark.greenend.org.uk/~sgtatham/bugs

Providing instructions how the reproduce the error
===================================================

The first aim of a bug report is to let the developer see the failure with
their own eyes. If you can't be with them to make it fail in front of them,
give them detailed instructions how to reproduce the problem so that they can
reproduce the error on their development environment.

If this doesn't work, describe everything in detail! The more information you
provide the easier we can see what's going on.

Providing Samba log files
==========================

Post the output of 'rpm -qi samba' or 'rpm -qi samba-<subpackage>' if you're on
a RPM based system. It gives detailed information about the installed packages.
We need that information to reconstruct what happened and possibly to reproduce
the bug on our machines.

Always provide all log files from the '/var/log/samba/' directory and the
configuration file '/etc/samba/smb.conf'! If you see errors in tdb files make
sure you add the related tdb files from '/var/lib/samba'.

If winbind for logging in is part of the problem please provide
'/etc/security/pam_winbind.conf' and if you have enabled debug in
'pam_winbind.conf' '/var/log/messages' or '/var/log/secure' is required too.

More detailed description about different Samba components can be found below
this section.

Providing backtraces
=====================

If you discover a crash in one of the Samba components, please make sure that
you have installed debuginfo packages. Often the backtrace can be found in the
log files. If you have installed debuginfo packages, you can find a short
backtrace in the log files and a few lines later the full backtrace. Make sure
you provide the full backtrace.

Testing daemons (winbind, smb, nmb)
====================================

1. Stop all running Samba processes (winbind, smb, nmb)

2. Remove all log files from /var/log/samba/

    With this approach we ensure to have the start date of the testing in the
    log files.

3. Edit /etc/samba/smb.conf and set the following variables in the in the
   [general] section of the config:

     debug level = 10
     debug pid = true
     max log size = 0

    Instead of setting a global debug level in smb.conf it's also visible to
    use

     smbcontrol <damon_name> debug 10

    to increase the debug level of the Samba daemon in question to 10 at run
    time.

    If winbind is part of the scenario edit /etc/security/pam_winbind.conf
    and set:

     debug = yes

4. Start the processes again (winbind, smb, nmb)

5. Reproduce the error and note the time when you start any test. If a problem
   occurs while testing note the time (use date on the system you perform the
   tests on to get a time fitting to the log files).

Attach the log files from '/var/log/samba/' and the tdb files from
'/var/lib/samba/' to the bug. If possible, remove the tdb files and provide clean
files. Therefore it's best to bond them to one compressed tar archive. The
relevant parts of '/var/log/messages' could be interesting too.

Network traces
===============

If possible create network traces with tcpdump or wireshark from the problem and
attach them too. Always make sure to capture only one problem per network trace
file. This makes it easier to understand the problem.

tcpdump -n -i eth0 -s 0 -w samba-problem-description.pcap

Network topology
=================

If you have a special network setup especially with Active Domain controllers
please describe how you're network looks like and what the domain names are.

Tell us which version of Windows you're using, the functional level of AD and
which trust relationships exist.
Comment 2 Franz Pförtsch 2012-11-12 18:30:42 UTC
Created attachment 8184 [details]
/var/log/samba with all files loglevel10

Here the log file with loglevel 10 and the tcpdump

regards
Franz
Comment 3 Franz Pförtsch 2012-11-12 18:35:34 UTC
Created attachment 8185 [details]
samba-problem-publish-bug tcpdump
Comment 4 Franz Pförtsch 2012-11-12 18:47:58 UTC
Sorry, I forgot samba version and smb.conf ...

rpm -qi samba
Name        : samba                        Relocations: (not relocatable)
Version     : 3.6.9                             Vendor: openSUSE Build Service
Release     : 125.1                         Build Date: Mo 29 Okt 2012 18:37:22 CET
Install Date: Di 30 Okt 2012 10:25:55 CET      Build Host: build10
Group       : Productivity/Networking/Samba   Source RPM: samba-3.6.9-125.1.src.rpm
Size        : 28816839                         License: GPL-3.0+
Signature   : DSA/SHA1, Mo 29 Okt 2012 18:39:48 CET, Key ID c6b1177c27daa6b9
URL         : http://www.samba.org/
Summary     : A SMB/CIFS File, Print, and Authentication Server
Description :
Samba is a suite of programs that allows SMB/CIFS clients to use the
Unix file space, printers, and authentication subsystem.

The package named samba contains all programs that are needed to act as
a server.  The binaries expect the configuration file to be found in
/etc/samba/smb.conf

For a more detailed description of Samba, check the samba-doc package
or the Samba.org Web page at http://www.Samba.org/

Please check http://en.openSUSE.org/Samba for general information on
Samba as part of SUSE Linux Enterprise or openSUSE products, links to
binary packages of the most current Samba version, and a bug reporting
how to.


Source Timestamp: 2847
Branch      : 3.6.9
Distribution: network:samba:STABLE / SLE_11_SP1


cobu0031:~ # cat /etc/samba/smb.conf /etc/samba/smb.shares.conf 
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-12-14
[global]
	workgroup = BROSE
	printing = cups
	printcap name = cups
	printcap cache time = 750
	cups options = ""
	server string = %h Samba %v
	interfaces = eth0 
	map to guest = Bad User
	log level = 9
	syslog = 0
	log file = /var/log/samba/log.%M
	include = /etc/samba/dhcp.conf
	logon path = \\%L\profiles\.msprofile
	logon home = \\%L\%U\.9xprofile
	logon drive = P:
	usershare allow guests = No
	realm = BROSE.NET
	security = ADS
	kerberos method = secrets and keytab
	restrict anonymous = 2
	client signing = auto
	server signing = auto
	hostname lookups = Yes
	template homedir = /home/%D/%U
	template shell = /bin/bash
	idmap config * : range = 10000-120000
	idmap config * : backend = tdb
	winbind separator = +
#	winbind enum users = Yes
#	winbind enum groups = Yes
	winbind use default domain = Yes
	winbind refresh tickets = yes
	include = /etc/samba/smb.shares.conf
[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	guest ok = Yes
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @BROSE+COB_CUPS_Printer_Admin
        force group = ntadmin
	create mask = 0664
	directory mask = 0775
	guest ok = Yes

[pdf]
	comment = generated PDF-Files
	path = /srv/smb/pdf
	write list = @BROSE+COB_CUPS_Printer_Admin
	guest ok = Yes

[_pdf]
	comment = Acrobat Distiller 3011.104
	path = /var/tmp
	read only = No
	create mask = 0600
	guest ok = Yes
	printable = Yes
	cups options = raw
	printer name = _pdf
Comment 5 Franz Pförtsch 2013-01-07 13:53:44 UTC
today I compared a wireshare and a log.smbd or a working samba 3.4 and a samba 3.6 and I found only two attributes of the published printer is filled 

printerName 1 cobp07080
objectClass 1 printQueue

at samba 3.4 there was much more:
shortServerName 1 COBU00840"
serverName 1 COBU0084.brose.net0*
uNCName 1 \\COBU0084.brose.net\cobp07080versionNumber140
driverName 1 cobp07080
location 1 COB0/
description 1 cob/w1/geb5/3og Canon iR C50300 
portName 1 Samba Printer Port0
printStartTime 1 00
printEndTime 1 00
priority 1 10
printKeepPrintedJobs 1 FALSE0%
printSpooling 1 PrintWhileSpooling0
printerName 1 cobp07080
objectClass 1 printQueue

is the line 
get_local_printer_publishing_data(ctx, &mods, printer->info_2->data);

missing to fille the other parameters at:
*** nt_printing_ads.c	2012-01-29 20:40:43.000000000 +0100
--- nt_printing_ads.c.pub	2013-01-07 14:39:11.000000000 +0100
*************** static WERROR nt_printer_publish_ads(str
*** 170,179 ****
--- 170,180 ----
  		SAFE_FREE(prt_dn);
  		TALLOC_FREE(ctx);
  		return WERR_NOMEM;
  	}
  
+ 	get_local_printer_publishing_data(ctx, &mods, printer->info_2->data);
  	ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME, printer);
  
  	/* publish it */
  	ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods);
  	if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) {


or is it not necessary any more?

regards
Franz
Comment 6 David Disseldorp 2013-01-07 14:59:37 UTC
(In reply to comment #5)
> today I compared a wireshare and a log.smbd or a working samba 3.4 and a samba
> 3.6 and I found only two attributes of the published printer is filled 
> 
> printerName 1 cobp07080
> objectClass 1 printQueue
> 
> at samba 3.4 there was much more:
> shortServerName 1 COBU00840"
> serverName 1 COBU0084.brose.net0*
> uNCName 1 \\COBU0084.brose.net\cobp07080versionNumber140
> driverName 1 cobp07080
> location 1 COB0/
> description 1 cob/w1/geb5/3og Canon iR C50300 
> portName 1 Samba Printer Port0
> printStartTime 1 00
> printEndTime 1 00
> priority 1 10
> printKeepPrintedJobs 1 FALSE0%
> printSpooling 1 PrintWhileSpooling0
> printerName 1 cobp07080
> objectClass 1 printQueue
> 
> is the line 
> get_local_printer_publishing_data(ctx, &mods, printer->info_2->data);
> 
> missing to fille the other parameters at:
> *** nt_printing_ads.c    2012-01-29 20:40:43.000000000 +0100
> --- nt_printing_ads.c.pub    2013-01-07 14:39:11.000000000 +0100
> *************** static WERROR nt_printer_publish_ads(str
> *** 170,179 ****
> --- 170,180 ----
>           SAFE_FREE(prt_dn);
>           TALLOC_FREE(ctx);
>           return WERR_NOMEM;
>       }
> 
> +     get_local_printer_publishing_data(ctx, &mods, printer->info_2->data);
>       ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME, printer);
> 
>       /* publish it */
>       ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods);
>       if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) {
> 
> 
> or is it not necessary any more?

Thanks for your analysis here Franz!

get_local_printer_publishing_data() is no longer an option here, as it was removed along with the map_nt_printer_info2_to_dsspooler() helpers via commits 9e0000224a53f418eb4d2c87f1b8d8c47e348665 and 
7c629bda2f86271b709292dbc5a9e811e438a902.

Instead, a new helper function that populates the ADS_MODLIST with values directly mapped from the printer's info2 data could be added, to provide the same published printer attributes.
Comment 7 Franz Pförtsch 2013-01-07 16:08:23 UTC
is this a solutions or only a idea?

What are the next steps?
Comment 8 David Disseldorp 2013-01-21 11:03:39 UTC
Created attachment 8452 [details]
3.6-test fix part 1

No change from 12a08d8ae254d5cb0651cb6016ab7e1859f47d82 in master.
Comment 9 David Disseldorp 2013-01-21 11:08:52 UTC
Created attachment 8453 [details]
3.6-test fix part 2

Slight change from 4f9cffbae6a60268140eba5e457ac7e86cac6246 in master, s/lp_netbios_name/global_myname/.

Both 3.6 patches have been reviewed by Andreas Schneider and consequently tagged.
Comment 10 David Disseldorp 2013-01-21 11:10:48 UTC
Karolin, please push for the next 3.6 release.
Comment 11 David Disseldorp 2013-01-21 11:14:12 UTC
Created attachment 8454 [details]
3.6-test fix part 2 - correctly tagged
Comment 12 Andreas Schneider 2013-01-21 13:45:48 UTC
Comment on attachment 8452 [details]
3.6-test fix part 1

Looks good.
Comment 13 Andreas Schneider 2013-01-21 13:46:09 UTC
Comment on attachment 8454 [details]
3.6-test fix part 2 - correctly tagged

Looks fine.
Comment 14 David Disseldorp 2013-01-21 14:04:49 UTC
Created attachment 8456 [details]
4.0-test fix part 1

Same as master.
Comment 15 David Disseldorp 2013-01-21 14:08:53 UTC
Created attachment 8457 [details]
4.0-test fix part 2

Same as master.
Comment 16 Karolin Seeger 2013-01-22 11:08:52 UTC
Pushed to v3-6-test and autobuild-v4-0-test.
Comment 17 Karolin Seeger 2013-01-23 08:09:58 UTC
Pushed to v4-0-test.
Closing out bug report.

Thanks!