On Wed, Dec 07, 2011 at 11:01:50AM +0000, Hilton, David wrote: > Hi, > > I'm looking for help with an issue that we are seeing with the following > configuration: > > We are using Samba (3.5.12-72.fc15) to share out CUPS printers from a Fedora > 15 machine. However, a requirement of the system is that these printers are > not directly visible from client systems (Windows 7 SP1 32-bit), so instead > we are sharing them out from a Windows print server (Windows 2008 R2 SP1). > So the clients connect to print queues on the Windows print server, which in > turn forwards the print jobs on to CUPS. > > The issue we are seeing occurs when a policy change is made on the Windows > 2008 R2 print server. If the "Microsoft network client: Digitally sign > communications (always)" policy setting is enabled, we see the following > behaviour: > > - Applications running on the print server can print normally. > - Applications running on client machines fail to print. > > When a print job fails we see the following in the samba log for the client > machine: > > > [2011/12/07 10:43:23.381798, 2] auth/auth.c:304(check_ntlm_password) > check_ntlm_password: authentication for user [XXX] -> [XXX] -> [XXX] > succeeded > [2011/12/07 10:43:39.760399, 0] lib/util_sock.c:474(read_fd_with_timeout) > [2011/12/07 10:43:39.760476, 0] > lib/util_sock.c:1441(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by > peer. > > > > The smb.conf file that we are using is as follows: > > [global] > #--authconfig--start-line-- > > # Generated by authconfig on 2011/12/05 17:22:13 > # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) > # Any modification may be deleted or altered by authconfig in future > > workgroup = LOW > password server = LOWDC > security = user > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template shell = /bin/false > winbind use default domain = false > winbind offline logon = false > server signing = auto > log level = 2 > log file = /var/log/samba.log.%m > max log size = 50 > debug timestamp = yes > > #--authconfig--end-line-- > load printers = yes > printing = cups > printcap name = cups > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = yes > writable = no > printable = yes > printer admin = root, @ntadmins, @smbprintadm > use client driver = yes > > > > > > If the "Microsoft network client: Digitally sign communications (always)" > setting is disabled it all works OK, but disabling this policy setting is > not an allowed option at present.
That sounds like a signing error - do you see such in the Samba logs ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
