Chris,
The way that we handle the situation here is as follows -
security = user
map to guest = Bad User
print command = /usr/local/bin/lpr -P%p -U%U %s; rm -fr %s
The lpr we are using is LPRng, which since 3.6.5 (I believe that is the
correct version) has had the capability to allow specified non-root
users (in this case nobody) to use the -U flag, which sets the user
information in the banner.
With regards to switching to 'security = user' in respect to your other
shares, you will then have to set up accounts on the box in order to
allow access.
--
Bill Knox
Operating Systems Programmer/Analyst
The MITRE Corporation
Christopher Dingle wrote:>
> Hi,
>
> Background info: running samba 2.0.5a on Solaris 2.6
> Security = share
>
> This is the printer share definition, note no guest or public definition.
>
> [printers]
> comment = All Printers
> browseable = no
> # Set public = yes to allow user 'guest account' to print
> path = /var/spool/samba
> printable = yes
> createmode = 0700
>
> Basically the situation is this:
>
> I used to have the printers share defined to allow guest to print. However,
> everyone's jobs were coming out with a header page that listed
"nobody" as the
> owner. Since the guest parameter was set to nobody this makes sense if
guest
> tries to print. What confounded me was that everyone's jobs came out
this way.
> So I tried to set guest ok = no and see what would happen. Now when the PC
> users would attempt to print it prompted them for a passwd. If they typed
> the correct passwd that corresponded with the correct unix username that
samba
> was attempting to guess, then the print job would come out and with the
correct
> username. I know that the PC clients don't send usernames and that in
share mode
> samba attempts to guess the user. This has worked well enough, but the
security of
> this setup is wanting, for obvious reasons and anyway it's icky.
>
> What I would like to do is this:
>
> Perhaps change security = user. However, I am wondering how this would
impact
> users' ability to access their shares. In some cases, there is a valid
users
> list for a given share. What are the implications of security = user in
terms
> of this? Would this solve my problem?
>
> What I want is for users to be able to access the printers without having
to
> enter a passwd, and also have the header page display the correct username.
> This may sound trivial, but it hasn't seemed so to me. I've tried
tuning a
> number of different configuration parameters in smb.conf, defining %u for a
> given connection, etc.
>
> I was new to samba administration about 6 months ago. I hope this question
is
> not terribly obtuse.
>
> Thanks in advance for any help or suggestions.
>
> Chris
>
> --
> Christopher M. Dingle
> Unix SysAdmin
> Smithsonian Astrophysical Observatory
> High Energy Astrophysics Division
> http://hea-www.harvard.edu