samba printing from 64-bit windows server 2008
in [Samba]
|
From: Rob Moser on 8 Jun 2010 14:50 Some additional information on this problem: I set up wireshark to do a packet trace of the connection attempt. I'm not familiar enough with what the traffic should look like to know whats unusual, but the one thing that jumped out at me towards the end of the conversation was a SPOOLSS OpenPrinterEx request on the network printer, followed by a response with the return code of 5 - Access denied. "Aha!" I say to myself, must be a permissions problem... but a packet trace of the successful connection from the XP box shows several similar Access denied messages. Maybe its irrelevant, but it seemed worth mentioning. I also upped the debug level on smbd and captured a more detailed log. The "Printer handle not found" message is still the most relevant-looking thing there; the details around it look like: [2010/06/08 11:35:36, 3] smbd/ipc.c:handle_trans(442) trans <\PIPE\> data=44 params=0 setup=2 [2010/06/08 11:35:36, 3] smbd/ipc.c:named_pipe(393) named pipe command on <> name [2010/06/08 11:35:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1231) search for pipe pnum=71df [2010/06/08 11:35:36, 3] smbd/ipc.c:api_fd_reply(351) Got API command 0x26 on pipe "spoolss" (pnum 71df) [2010/06/08 11:35:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(500) free_pipe_context: destroying talloc pool of size 0 [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2352) api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2010/06/08 11:35:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(179) Policy not found: [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 8D ........ .....Lx. [010] 28 24 00 00 ($.. [2010/06/08 11:35:36, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) find_printer_index_by_hnd: Printer handle not found: Policy not found: [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 8D ........ \ ......Lx. [010] 28 24 00 00 ($.. [2010/06/08 11:35:36, 2] rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) find_printer_index_by_hnd: Printer handle not found: close_printer_handle: Invalid handle (OURS:9256:9256) [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2387) api_rpcTNP: bad handle fault return. (I don't want to post a full log or the full packet trace - way too much for a mailing list. If no one recognises the problem from this much then I'll attach full data to a bug report.) Thanks for any suggestions, - rob. On 06/07/2010 03:51 PM, Rob Moser wrote: > I have a redhat EL5 samba server hosting a collection of printers and > joined to a domain. I can connect to this server and print happily from > a 32-bit XP box on the domain, but a 64-bit windows server 2008 box > cannot connect, and returns the error 0x000006d1. > > I get the same results with samba 3.0.33 (came with redhat), 3.5.3 (the > latest from sernet), and 3.3.12 (this message from the samba-technical > archives - > http://lists.samba.org/archive/samba-technical/2010-February/069145.html > - mentions that at least as of February there were issues with 3.4.x+ > and 64-bit OS'.) > > /var/log/samba/log.smb from the time around the failed connection contains: > > [2010/06/07 14:45:24, 2] lib/access.c:check_access(406) > Allowed connection from ::ffff:134.114.138.126 (::ffff:134.114.138.126) > [Repeated many times] > [2010/06/07 14:45:24, 2] > rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) > find_printer_index_by_hnd: Printer handle not found: > find_printer_index_by_hnd: Printer handle not found: > close_printer_handle: Invalid handle (OURS:29459:29459) > > From the 2008 machine, I can browse the samba server in wexplorer and > see the printers, but trying to set up a networked printer generates the > error above. > > Any suggestions? Thanks, > > - rob. > > # testparm > Load smb config files from /etc/samba/smb.conf > Unknown parameter encountered: "idmap domains" > Ignoring unknown parameter "idmap domains" > Processing section "[printers]" > Processing section "[print$]" > Processing section "[drivers$]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > [global] > workgroup = NAU-STUDENTS > realm = STUDENTS.FROOT.NAU.EDU > netbios aliases = dev-acadprtsrv2.ucc.nau.edu > server string = Samba Server > security = ADS > log level = 2 > max log size = 500000 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 > SO_RCVBUF=8192 SO_KEEPALIVE > printcap name = cups > wins server = 134.114.138.35 > idmap alloc backend = tdb > idmap uid = 10000 - 4000000 > idmap gid = 10000 - 4000000 > winbind use default domain = Yes > idmap alloc config:range = 10000 - 4000000 > idmap config FROOT:range = 3000001 - 4000000 > idmap config FROOT:backend = tdb > idmap config FROOT:default = no > idmap config NAU:range = 2000001 - 3000000 > idmap config NAU:backend = tdb > idmap config NAU:default = no > idmap config NAU-STUDENTS:range = 10000 - 2000000 > idmap config NAU-STUDENTS:backend = tdb > idmap config NAU-STUDENTS:default = yes > hosts allow = 127., 134.114., 10.5. > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > default devmode = No > browseable = No > > [print$] > path = /var/lib/samba/drivers > write list = "@NAU-STUDENTS\Domain Admins", "@domain admins" > force user = root > force group = "domain admins" > force create mode = 0664 > force directory mode = 0774 > browseable = No > > [drivers$] > path = /usr/local/printbilling/drivers/ > write list = "@NAU-STUDENTS\Domain Admins", "@domain admins" > force user = root > force group = "domain admins" > force create mode = 0664 > force directory mode = 0774 > browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Rob Moser on 14 Jun 2010 11:50 Problem solved - or at least, workaround found - so I'm posting it to the list for the benefit of future archive-divers. Bug report at: https://bugzilla.samba.org/show_bug.cgi?id=7506 Basically, the problem is with changes Microsoft made between 2003 and 2008 for Terminal Server - a machine which does not have the Terminal Server role will not have this problem. A Server 2008 Terminal Server host attempting to add a samba-maintained printer (with samba 3.5.3 or below, at least) will fail to connect to the printer and return the error code 0x000006d1. Workaround is as follows: 1) On the Windows Server 2008 TS host, bring up the Server Manager. 2) Under Features, install Group Policy Management if it isn't installed already. 3) Under Group Policy Management, drill down til you find the policy which is applying to your machine. 4) Right click the Group Policy Object and select "edit". 5) In the resulting editor window, drill down to Computer Configuration:Policies:Administrative Templates:Printers 6) Find the setting "Always render print jobs on the server" and disable it. 7) reboot the machine. Yes, I know; Microsofts documentation says that leaving this policy not configured is the same as disabling it. They lie. - rob. On 06/08/2010 11:43 AM, Rob Moser wrote: > Some additional information on this problem: > > I set up wireshark to do a packet trace of the connection attempt. I'm > not familiar enough with what the traffic should look like to know whats > unusual, but the one thing that jumped out at me towards the end of the > conversation was a SPOOLSS OpenPrinterEx request on the network printer, > followed by a response with the return code of 5 - Access denied. > "Aha!" I say to myself, must be a permissions problem... but a packet > trace of the successful connection from the XP box shows several similar > Access denied messages. Maybe its irrelevant, but it seemed worth > mentioning. > > I also upped the debug level on smbd and captured a more detailed log. > The "Printer handle not found" message is still the most > relevant-looking thing there; the details around it look like: > > [2010/06/08 11:35:36, 3] smbd/ipc.c:handle_trans(442) > trans <\PIPE\> data=44 params=0 setup=2 > [2010/06/08 11:35:36, 3] smbd/ipc.c:named_pipe(393) > named pipe command on <> name > [2010/06/08 11:35:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1231) > search for pipe pnum=71df > [2010/06/08 11:35:36, 3] smbd/ipc.c:api_fd_reply(351) > Got API command 0x26 on pipe "spoolss" (pnum 71df) > [2010/06/08 11:35:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(500) > free_pipe_context: destroying talloc pool of size 0 > [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2352) > api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command: > SPOOLSS_CLOSEPRINTER > [2010/06/08 11:35:36, 4] > rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(179) > Policy not found: [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 > 8D ........ .....Lx. > [010] 28 24 00 00 ($.. > [2010/06/08 11:35:36, 2] > rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) > find_printer_index_by_hnd: Printer handle not found: Policy not found: > [000] 00 00 00 00 18 00 00 00 00 00 00 00 0E 4C 78 8D ........ \ > .....Lx. > [010] 28 24 00 00 ($.. > [2010/06/08 11:35:36, 2] > rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) > find_printer_index_by_hnd: Printer handle not found: > close_printer_handle: Invalid handle (OURS:9256:9256) > [2010/06/08 11:35:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2387) > api_rpcTNP: bad handle fault return. > > (I don't want to post a full log or the full packet trace - way too much > for a mailing list. If no one recognises the problem from this much > then I'll attach full data to a bug report.) > > Thanks for any suggestions, > > - rob. > > On 06/07/2010 03:51 PM, Rob Moser wrote: >> I have a redhat EL5 samba server hosting a collection of printers and >> joined to a domain. I can connect to this server and print happily from >> a 32-bit XP box on the domain, but a 64-bit windows server 2008 box >> cannot connect, and returns the error 0x000006d1. >> >> I get the same results with samba 3.0.33 (came with redhat), 3.5.3 (the >> latest from sernet), and 3.3.12 (this message from the samba-technical >> archives - >> http://lists.samba.org/archive/samba-technical/2010-February/069145.html >> - mentions that at least as of February there were issues with 3.4.x+ >> and 64-bit OS'.) >> >> /var/log/samba/log.smb from the time around the failed connection contains: >> >> [2010/06/07 14:45:24, 2] lib/access.c:check_access(406) >> Allowed connection from ::ffff:134.114.138.126 (::ffff:134.114.138.126) >> [Repeated many times] >> [2010/06/07 14:45:24, 2] >> rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273) >> find_printer_index_by_hnd: Printer handle not found: >> find_printer_index_by_hnd: Printer handle not found: >> close_printer_handle: Invalid handle (OURS:29459:29459) >> >> From the 2008 machine, I can browse the samba server in wexplorer and >> see the printers, but trying to set up a networked printer generates the >> error above. >> >> Any suggestions? Thanks, >> >> - rob. >> >> # testparm >> Load smb config files from /etc/samba/smb.conf >> Unknown parameter encountered: "idmap domains" >> Ignoring unknown parameter "idmap domains" >> Processing section "[printers]" >> Processing section "[print$]" >> Processing section "[drivers$]" >> Loaded services file OK. >> Server role: ROLE_DOMAIN_MEMBER >> Press enter to see a dump of your service definitions >> >> [global] >> workgroup = NAU-STUDENTS >> realm = STUDENTS.FROOT.NAU.EDU >> netbios aliases = dev-acadprtsrv2.ucc.nau.edu >> server string = Samba Server >> security = ADS >> log level = 2 >> max log size = 500000 >> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 >> SO_RCVBUF=8192 SO_KEEPALIVE >> printcap name = cups >> wins server = 134.114.138.35 >> idmap alloc backend = tdb >> idmap uid = 10000 - 4000000 >> idmap gid = 10000 - 4000000 >> winbind use default domain = Yes >> idmap alloc config:range = 10000 - 4000000 >> idmap config FROOT:range = 3000001 - 4000000 >> idmap config FROOT:backend = tdb >> idmap config FROOT:default = no >> idmap config NAU:range = 2000001 - 3000000 >> idmap config NAU:backend = tdb >> idmap config NAU:default = no >> idmap config NAU-STUDENTS:range = 10000 - 2000000 >> idmap config NAU-STUDENTS:backend = tdb >> idmap config NAU-STUDENTS:default = yes >> hosts allow = 127., 134.114., 10.5. >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> default devmode = No >> browseable = No >> >> [print$] >> path = /var/lib/samba/drivers >> write list = "@NAU-STUDENTS\Domain Admins", "@domain admins" >> force user = root >> force group = "domain admins" >> force create mode = 0664 >> force directory mode = 0774 >> browseable = No >> >> [drivers$] >> path = /usr/local/printbilling/drivers/ >> write list = "@NAU-STUDENTS\Domain Admins", "@domain admins" >> force user = root >> force group = "domain admins" >> force create mode = 0664 >> force directory mode = 0774 >> browseable = No > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: net vampire Next: [Samba] issues with pam_winbind and ability to use old windows password |