Thomas Köhler
2004-Jan-21 12:57 UTC
[Samba] connecting printers via samba / cups (Windows XP clients / AD)
Hi,
We have a setup like this:
- W2003 AD PDC
- Redhat Advanced Server 3.0 with Samba 3.0.0 / CUPS as a print
server
- Windows XP Professional clients
Problem: Users can't connect printers, even administrators are
out of luck, getting a "You are not allowed to connect printer"
like messages. But there is one account that is allowed to
connect printers, and after this account has connected a printer,
another user can connect the same printer on the same machine
(still being out of luck on another workstation).
My first idea "only printer admins are allowed to connect
printers first and anyone is allowed later" seems not to be true,
as I added another user to the printer admin list first, then
retry - still out of luck.
ACLs on the drivers share and all of the ppd files seem to be ok
(everybody can read anything)...
Where should I search for further ideas what's wrong?
-----------------------------------------------------------
# testparm -v smb.conf.p000
Load smb config files from smb.conf.p000
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdfout]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = DOMAIN
realm = DOMAIN.REALM
afs username map =
netbios name = SAAAP000
netbios aliases =
netbios scope =
server string = print server p000
interfaces = 192.168.58.108/255.255.255.0
bind interfaces only = Yes
security = ADS
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /mnt/samba/printspool/sambaserverconfig/private
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = nobody
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
log level = 1
syslog = 1
syslog only = No
log file = /mnt/samba/printspool/sambaserverconfig/log/%m
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
unicode = Yes
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = Yes
server signing = No
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 10
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap name = cups
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
mangled stack = 50
stat cache = Yes
machine password timeout = 604800
add user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = No
wins hook =
wins partners =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap suffix =
ldap machine suffix =
ldap user suffix =
ldap group suffix =
ldap idmap suffix =
ldap filter = (uid=%u)
ldap admin dn =
ldap ssl =
ldap passwd sync = no
ldap delete dn = No
add share command =
change share command =
delete share command =
config file =
preload =
lock directory = /mnt/samba/printspool/sambaserverconfig
pid directory = /mnt/samba/printspool/sambaserverconfig/pid
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
enable rid algorithm = Yes
idmap backend =
idmap uid =
idmap gid =
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
comment =
path =
username =
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0700
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = Yes
inherit acls = Yes
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = cups
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files = /aquota.*/lost+found/sambaserverconfig/
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
[printers]
comment = All Printers
path = /mnt/samba/printspool/samba
printer admin = DOMAIN\tkoehle, DOMAIN.REALM\tkoehle, DOMAIN\josch81,
DOMAIN.REALM\josch81
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /mnt/samba/printspool/drivers
write list = DOMAIN\Administrator, tkoehle, DOMAIN\tkoehle,
DOMAIN.REALM\tkoehle, DOMAIN\josch81, DOMAIN.REALM\josch81
create mask = 0664
[pdfout]
comment = simple PDF Printer (unsupported) output directory
path = /mnt/samba/printspool/pdfout
read only = No
-----------------------------------------------------------
Bye,
Thomas
--
Thomas K?hler Linux without limits: http://linux.s390.org/
Millenux GmbH http://www.millenux.de/ thomas.koehler@millenux.de
Lilienthalstra?e 2 phone: +49.711.88770.300
D-70825 Stuttgart-Korntal fax: +49.711.88770.349
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20040121/e95af1d2/attachment.bin
Thomas Köhler
2004-Jan-22 11:11 UTC
[Samba] connecting printers via samba / cups (Windows XP clients / AD)
Thomas K?hler wrote:> Hi, > ACLs on the drivers share and all of the ppd files seem to be ok > (everybody can read anything)...Silly me. Group "Domain Users" had no access :-( Ciao, Thomas -- Thomas K?hler Linux without limits: http://linux.s390.org/ Millenux GmbH http://www.millenux.de/ thomas.koehler@millenux.de Lilienthalstra?e 2 phone: +49.711.88770.300 D-70825 Stuttgart-Korntal fax: +49.711.88770.349 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.samba.org/archive/samba/attachments/20040122/1fff4384/attachment.bin