[Pkg-samba-maint] Samba CUPS connection to localhost:631 timeout causes momentary interrupt in data stream from Samba server to clients

[Jonathan Polom]

On Thu, Dec 22, 2011 at 3:35 PM, Steve Langasek <vorlon at debian.org> wrote:
> On Thu, Dec 22, 2011 at 12:05:40PM -0500, Jonathan Polom wrote:
>> Why is printing enabled on a system that has no connected printers and
>> doesn't even have CUPS installed?
>
> Because you don't need a connected printer to have a print queue, and we
> want Samba to work transparently with cups when installed (and also to work
> correctly when not).  So we're not going to change the default.
>
> If you're getting *timeouts* when samba is trying to connect to the local
> cups server, then that's not because cups isn't installed - it indicates a
> misconfigured firewall on the system which is dropping packets instead of
> returning connection refused.  When you don't let your kernel tell the
> application that the service isn't present, waiting for a network timeout is
> the only option the application has.
>
>> I guess if this is something that people have just learned and come to
>> accept, it should just be documented somewhere that Samba on Debian, by
>> default, wants to talk to CUPS at localhost:631 which may cause problems
>> if CUPS is not present or traffic is not allowed on that port.
>
> It does not cause problems if CUPS is not present.  It only causes problems
> if traffic is not allowed on the port.  It is not the place of the Samba
> package documentation to instruct users in proper configuration of a
> firewall.
>
> --
> Steve Langasek                   Give me a lever long enough and a Free OS
> Debian Developer                   to set it on, and I can move the world.
> Ubuntu Developer                                    http://www.debian.org/
> slangasek at ubuntu.com                                     vorlon at debian.org

Thanks for the reply. I understand where you're coming from in terms
of not fragmenting responsibilities all over the place.

What work-around do you propose? Currently my firewall is set to drop
all incoming packets unless I have a rule to allow a certain packet. I
have no rule allowing incoming connections on port 631 since I don't
have CUPS installed (`netstat -tl` shows that nothing is listening on
631) and therefore shouldn't need to allow connections on that port. A
modified firewall rule to allow the connection or reject rather than
drop the packets seems natural, but only if I know that Samba's going
to want to talk on localhost:631 in the first place. I still think
this comes back to a default configuration that's going to cause
strange issues with the edge case of Samba with a firewall. I wouldn't
call my configuration wrong, given that I have no practical need to
allow connections on port 631 other than to make Samba quit
complaining and waiting. Thoughts?