Hi, I'm looking for help with an issue that we are seeing with the following configuration:
We are using Samba (3.5.12-72.fc15) to share out CUPS printers from a Fedora 15 machine. However, a requirement of the system is that these printers are not directly visible from client systems (Windows 7 SP1 32-bit), so instead we are sharing them out from a Windows print server (Windows 2008 R2 SP1). So the clients connect to print queues on the Windows print server, which in turn forwards the print jobs on to CUPS. The issue we are seeing occurs when a policy change is made on the Windows 2008 R2 print server. If the "Microsoft network client: Digitally sign communications (always)" policy setting is enabled, we see the following behaviour: - Applications running on the print server can print normally. - Applications running on client machines fail to print. When a print job fails we see the following in the samba log for the client machine: [2011/12/07 10:43:23.381798, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [XXX] -> [XXX] -> [XXX] succeeded [2011/12/07 10:43:39.760399, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/12/07 10:43:39.760476, 0] lib/util_sock.c:1441(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. The smb.conf file that we are using is as follows: [global] #--authconfig--start-line-- # Generated by authconfig on 2011/12/05 17:22:13 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = LOW password server = LOWDC security = user idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = false winbind offline logon = false server signing = auto log level = 2 log file = /var/log/samba.log.%m max log size = 50 debug timestamp = yes #--authconfig--end-line-- load printers = yes printing = cups printcap name = cups [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes printer admin = root, @ntadmins, @smbprintadm use client driver = yes If the "Microsoft network client: Digitally sign communications (always)" setting is disabled it all works OK, but disabling this policy setting is not an allowed option at present. - David
smime.p7s
Description: S/MIME cryptographic signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
