Hi,
I have samba+ldap running on ubuntu 10.04 have multiple windows XP
machines joined to the domain. A laserjet printer is configured on
samba server using cups and samba is also print server. Domain users
when they login to the Windows XP (domain option) then they can print
however non domain users can't print. IDeally this is best
configuration. However, I'd like to have non domain (local users)
logging into XP also to be able to print from that printer.
I login as local user to Windows XP and printer is shown ready so I go
for a test print from properties of that printer , it spools but
continues doing that until I Cancel the job after long wait. Nothing
shows up in cups log.
Here is Smb.conf
[global]
# Domain name ..
workgroup = MYDOMAIN
# Server name - as seen by Windows PCs ..
netbios name = DOMAINNB
# Be a PDC ..
domain logons = Yes
domain master = Yes
# Be a WINS server ..
wins support = true
obey pam restrictions = Yes
dns proxy = No
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
# Printing from PCs will go via CUPS ..
load printers = yes
printing = cups
printcap name = cups
# Use LDAP for Samba user accounts and groups ..
passdb backend = ldapsam:ldap://localhost
# This must match init.ldif ..
ldap suffix = dc=pdc
# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
# This is done by running 'sudo smbpasswd -w'.
ldap admin dn = cn=admin,dc=pdc
# 4 OUs that Samba uses when creating user accounts, computer
accounts, etc.
# (Because we are using smbldap-tools, call them 'Users',
'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
#logon script = logon.cmd
# This is required for Windows XP client ..
server signing = auto
server schannel = Auto
[homes]
comment = Home Directory for %S
valid users = %S
read only = No
browseable = No
strict sync = yes
sync always = yes
create mask = 0700
directory mask = 0700
hide files = /DESKTOP.INI/desktop.ini/Desktop.ini/
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No
logon script = logon.cmd
read only = yes
# share modes = no
[Profiles]
comment = Roaming Profile Share
# would probably change this to elsewhere in a production system ..
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
browsable = No
[printers]
comment = All Printers
path = /var/spool/samba
use client driver = Yes
create mask = 0700
guest ok = Yes
printable = Yes
# browseable = No
browseable = Yes
browsable = Yes
public = Yes
writable = Yes
null passwords = Yes
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/printers
write list = root
create mask = 0664
directory mask = 0775
admin users = root
##Additional Info ###
ls -ald /var/spool/samba
drwxrwxrwt 2 root root 4096 2011-06-06 12:23 /var/spool/samba
testparm -s -v | grep "guest account"
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[netlogon]"
Global parameter logon script found in service section!
Processing section "[Profiles]"
Processing section "[printers]"
Global parameter security found in service section!
Global parameter null passwords found in service section!
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
guest account = nobody
Question, is it possible to configure so that non domain user can
print when logged into XP?
I have printer configured using registry on XP machine so that all
users see that \\DOMAIN\printer but print jobs are just getting
spooled for non domain users. (local user is part of 'Users' group on
Windows XP XP)
Print works from local XP administrator account and domain account
using same shared printer.
Thanks in advance.