Re: [Samba] Non-registry problem: Slow printing - Samba

This is a discussion on Re: [Samba] Non-registry problem: Slow printing - Samba ; >From your log: check_sam_security: Couldn't find user 'guest' in passdb. auth/auth.c:check_ntlm_password(273) check_ntlm_password: sam authentication for user [guest] FAILED with error NT_STATUS_NO_SUCH_USER auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error NT_STATUS_NO_SUCH_USER >From smb.conf [global] guest account = guest ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Re: [Samba] Non-registry problem: Slow printing

  1. Re: [Samba] Non-registry problem: Slow printing

    >From your log:

    check_sam_security: Couldn't find user 'guest' in passdb.
    auth/auth.c:check_ntlm_password(273)
    check_ntlm_password: sam authentication for user [guest] FAILED with error NT_STATUS_NO_SUCH_USER
    auth/auth.c:check_ntlm_password(319)
    check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error NT_STATUS_NO_SUCH_USER

    >From smb.conf

    [global]
    guest account = guest
    guest only = yes

    [cr1000]
    guest only = Yes

    It appears the user "guest" does not exist. The clues would suggest that you either need to add the user "guest", choose an existing user for the guest account, or change the printer to something other than "guest only". Based on the logs, I'm guessing that all that extra time is going toward trying to authenticate a forced user that doesn't exist. Do the printers that work have the same setup?

    >From SWAT:


    guest account (G)

    This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account "ftp" is often a good choice for this parameter.

    On some systems the default guest account "nobody" may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the system print command such as lpr(1) or lp(1).

    This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation.

    Default: guest account = nobody # default can be changed at compile-time

    Example: guest account = ftp

    Hope this helps,
    Dale



    -----Original message-----
    From: ccaldwell@suscom-maine.net
    Date: Wed, 14 Nov 2007 19:14:40 -0600
    To: samba@lists.samba.org
    Subject: Re: [Samba] Non-registry problem: Slow printing

    > Greetings,
    >
    > I have commented out the "wins support" line, restarted samba and
    > added the printer with the slow driver. No difference in performance.
    > I also tried moving "wins" to the end of the name resolve order, also
    > no difference.
    >
    > I'd rather not bring the Internet to a halt by sending around the 987k
    > log file, but those wishing to see it can go to:
    >
    > http://www.brightsands.com/~chris/log.bz2
    >
    > Anyone have any thoughts? --Chris
    >
    > | Date: Wed, 14 Nov 2007 16:40:27 -0600
    > | From: Dale Schroeder
    > | To: ccaldwell@suscom-maine.net
    > | Subject: Re: [Samba] Non-registry problem: Slow printing
    > |
    > | It may have nothing to do with your printing problem, but you should
    > | never have both "wins support" and "wins server" in the same smb.conf.
    > | If this system is the WINS server, then use "wins support". If another
    > | system is the WINS server, then use "wins server". This might be
    > | significant since wins is listed first in "name resolve order" and a lot
    > | of network printers now come with WINS support.
    > |
    > | I don't know a thing about lprng printing (CUPS exclusively), so I can't
    > | help you there. The logs may be necessary.
    > |
    > | ccaldwell@suscom-maine.net wrote:
    > | > I have a client running samba-3.0.24 with mostly Windows-XP clients.
    > | > They can print to some printers (those with drivers provided by Microsoft)
    > | > without problem.
    > | >
    > | > They can also print to printers with vendor supplied printer drivers
    > | > but they end up waiting up to 30 seconds just to select the printer.
    > | > There is a similar wait when adding the printer to the list of printers
    > | > the XP client knows about.
    > | >
    > | > This does not appear to be the much discussed registry problem, as
    > | > we have repeatedly removed these registry entries and, though they come
    > | > back, there is no performance improvement. Also, when people have
    > | > described the registry problem they have not said that it was driver
    > | > dependent. Furthermore, as I understand the registry problem, it occurs
    > | > when there are non-existant printers listed ... which there are not in
    > | > our case.
    > | >
    > | > There is no firewall between the client and the server except that which
    > | > Microsoft provides, and we still have the problem with that completely
    > | > disabled.
    > | >
    > | > Here is my smb.conf:
    > | >
    > | > [global]
    > | > workgroup = FUZZBALL
    > | > netbios name = fzb3
    > | > netbios aliases = fzb3
    > | > server string = fzb3
    > | > bind interfaces only = true
    > | > interfaces = eth0
    > | > null passwords = Yes
    > | > security = SHARE
    > | > guest account = guest
    > | > lanman auth = No
    > | > client lanman auth = No
    > | > client plaintext auth = No
    > | > socket options = TCP_NODELAY IPTOS_LOWDELAY
    > | > local master = yes
    > | > prefered master = yes
    > | > log level = 3
    > | > log file = /usr/local/samba/log.%m
    > | > *name resolve order = wins bcast host*
    > | > deadtime = 1
    > | > printcap cache time = 750
    > | > printcap name = /etc/printcap
    > | > domain logons = No
    > | > #domain logons = yes
    > | > *wins support = yes*
    > | > local master = No
    > | > dns proxy = No
    > | > *wins server = 10.1.1.1*
    > | > ldap ssl = no
    > | > path = /var/tmp/samba%S
    > | > admin users = root, guest
    > | > printer admin = root, guest
    > | > guest ok = Yes
    > | > guest only = Yes
    > | > hosts allow = 10.1.0.0/10 127.0.0.1
    > | > hosts deny = 0.0.0.0/0
    > | > printable = Yes
    > | > printing = lprng
    > | > print command = /usr/bin/lpr -Fl -r -P%p %s
    > | > lpq command = /bin/true
    > | > lprm command = /bin/true
    > | > lppause command = /bin/true
    > | > lpresume command = /bin/true
    > | > queuepause command = /bin/true
    > | > queueresume command = /bin/true
    > | > use client driver = Yes
    > | > show add printer wizard = no
    > | > disable spoolss = yes
    > | > max log size = 0
    > | >
    > | > [printers]
    > | >
    > | > [cr1000]
    > | > print command = lpr -Fl -r -P%p %s
    > | > comment = HPX, Cole 0, C205
    > | > printer = cr1000
    > | > printable = yes
    > | > browseable = yes
    > | > guest ok = Yes
    > | > guest only = Yes
    > | > public = yes
    > | > writable = no
    > | > path = /var/spool/samba/cr1000
    > | >
    > | > Does anybody have any ideas here? The packet traces and samba log files
    > | > indicate that the PC is sending many transactions which are failing
    > | > but I am inexpert at decoding exactly what is wrong with them. I can
    > | > include log files, but I am wondering if anyone knows of anything off the
    > | > top of their head?
    > | >
    > | > All my web searches to date have revealed the registry issue but nothing
    > | > beyond that.
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] =?windows-1256?q?Fileserver_integrated_into_windows_domain=2 C_pl?= =?windows-1256?q?us_linux_clients_needed=FE?=


    Update:

    Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).

    >I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.


    My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?

    > I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!


    Ben
    __________________________________________________ _______________
    Feel like a local wherever you go.
    http://www.backofmyhand.com
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. =?UTF-8?B?UmU6IFtTYW1iYV0gIEZpbGVzZXJ2ZXIgaW50ZWdyYXRlZC BpbnRvIHc=?= =?UTF-8?B?aW5kb3dzIGRvbWFpbiwgcGx1cyBsaW51eCBjbGllbnRzIG 5lZWRlZOKAjw==?=

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Ben Ladd wrote:
    > Update:
    >
    > Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).
    >

    rig·ma·role (r*g'mə-rōl') pronunciation also rig·a·ma·role (-ə-mə-rōl')
    n.
    1. Confused, rambling, or incoherent discourse; nonsense.
    2. A complicated, petty set of procedures.

    Most of us here on this list don't consider this an accurate perspective
    of the documentation.
    http://us3.samba.org/samba/docs/man/...TO-Collection/
    or the following ubuntu link are pretty well thought out and elucidated.

    >> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.

    >
    > My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?
    >

    Depends on what you mean by easy. A lot of intelligent, committed
    individuals have done all the hard work of overcoming the barriers
    erected by Microsoft to true interoperability. All you have to do is
    fill in a few details nowadays. I think a word that describes this
    process might be tedious. Do you define tedious as hard?

    >> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!

    >

    Follow one of the procedures, get to a point you can say this works,
    this doesn't, here is the configuration, any suggestions. There was a
    change in the implementation for winbind backends relatively recently
    and the documentation (and swat) is behind on this. Idmap_ad,
    idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb. See:
    http://us3.samba.org/samba/docs/man/manpages-3/
    You'll need to investigate how you want to map windows users and groups
    to unix users and groups and pick one technique. Look to password sync
    options to resolve your other issue.

    Regards, Doug
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

    iD8DBQFHPKsmFqWysr/jOHMRAmXwAJ0STtXNyq7J1m+yzweKzJwCbslt3ACfToEm
    yKqkYYwVSFeOMeuBGwj07xk=
    =lg9m
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. =?windows-1256?Q?RE:_[Samba]__Fileserver_integrated_into_windows_domain, _?= =?windows-1256?Q?plus_linux_clients_needed=FE?=



    __________________________________________________ _______________
    Feel like a local wherever you go.
    http://www.backofmyhand.com
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. =?windows-1256?Q?Re=3A_=5BSamba=5D_Fileserver_integrated_?= =?windows-1256?Q?into_windows_domain=2C_plus_linux_clients_n ?= =?windows-1256?Q?eeded=FE?=

    Making an AD Domain Member Server is not difficult. However, what is
    difficult, is getting it to work reliably. It seems to work OK for a
    week or so at a time, which is not particularly robust...

    Cheers,

    H.

    Ben Ladd wrote:
    > Update:
    >
    > Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).
    >
    >
    >> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.
    >>

    >
    > My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?
    >
    >
    >> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!
    >>

    >
    > Ben
    > __________________________________________________ _______________
    > Feel like a local wherever you go.
    > http://www.backofmyhand.com
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] Fileserver integrated into windows domain, plus linux clients needed?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Mike Cleghorn wrote:
    > Doug,
    >
    > Is the sarcasm and condescension really necessary?


    I thought the original author was trolling and I bit. Rereading I see
    he was referring to password changing as rigmarol not configuring samba.
    So OK, it would seem sarcastic.
    For the public record, I owe you an apology Ben, my bad.
    But I won't cop to the condescension. I was being straightforward.

    Regards, Doug

    > I mean, point him in the direction of the docs by all means (which you did, great) with perhaps an RTFM for good measure but i'm not sure that i'd describe fully integrating Linux logins with AD (which is what i think Ben is trying to do) as "fill in a few details". As someone who comes from a Windows background, the first foray into Linux is intimidating at best. This kind of "how dare you ask such an elementary question" response doesn't help anyone.
    >
    > Ben,
    >
    > Your questions are kind of general. The doco for the most part is a pretty good guide, the samba.org web-site has links to pretty much everything you need. If you have more specific questions, you will (hopefully) get more useful answers.
    >
    > Ben Ladd wrote:
    >> Update:

    >
    >> Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).

    >
    > rig·ma·role (r-g'mY-rMl') pronunciation also rig·a·ma·role (-Y-mY-rMl')
    > n.
    > 1. Confused, rambling, or incoherent discourse; nonsense.
    > 2. A complicated, petty set of procedures.
    >
    > Most of us here on this list don't consider this an accurate perspective
    > of the documentation.
    > http://us3.samba.org/samba/docs/man/...TO-Collection/
    > or the following ubuntu link are pretty well thought out and elucidated.
    >
    >>> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.

    >
    >> My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?

    >
    > Depends on what you mean by easy. A lot of intelligent, committed
    > individuals have done all the hard work of overcoming the barriers
    > erected by Microsoft to true interoperability. All you have to do is
    > fill in a few details nowadays. I think a word that describes this
    > process might be tedious. Do you define tedious as hard?
    >
    >>> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!

    >
    > Follow one of the procedures, get to a point you can say this works,
    > this doesn't, here is the configuration, any suggestions. There was a
    > change in the implementation for winbind backends relatively recently
    > and the documentation (and swat) is behind on this. Idmap_ad,
    > idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb. See:
    > http://us3.samba.org/samba/docs/man/manpages-3/
    > You'll need to investigate how you want to map windows users and groups
    > to unix users and groups and pick one technique. Look to password sync
    > options to resolve your other issue.
    >
    > Regards, Doug

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

    iD8DBQFHPUftFqWysr/jOHMRAqlbAJ9uMfflkG2BMEcknM9HnhJuGXtaigCgqOUi
    hzduwfDP9bI/F6RXnvUAAAA=
    =CkBX
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread