On Tue, 2022-03-29 at 11:05 +0200, Peter Varkoly via samba
wrote:> Hi List,
>
> on samba-4.15.2 and 4.15.5 I've 2 problems with printig with CUPS:
>
> 1. load printers = yes does not work. The printers are not loaded.
> 2. Creating for all printer a section and the GPO described in
>
https://wiki.samba.org/index.php/Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients
> the domain user Administrator can acces the printers but all other
> domain users get an error message that the printer can not be found.
>
> OS is openSUSE Leap 15.3
> samba-ad is self built with internal krb.
> Here is my smb.conf:
> --------------------------
> [global]
> netbios name = admin
> realm = DNS.DOMAN
> workgroup = DOMAIN
> dns forwarder = 172.16.0.5
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = Yes
> check password script =
> /usr/share/cranix/tools/check_password_complexity.sh
> winbind enum users = Yes
> winbind enum groups = Yes
> wide links = Yes
> unix extensions = No
> bind interfaces only = yes
> interfaces = 127.0.0.1, 172.16.0.2
> ntlm auth = yes
> template shell = /bin/bash
> ldap server require strong auth = no
> printing = CUPS
> load printers = no
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
> hosts deny = 172.16.1.0/24
> username map = /etc/samba/usermap
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [users]
> comment = All users
> path = /home
> inherit permissions = Yes
> browseable = Yes
> guest ok = No
> printable = No
> read only = No
>
> [all]
> comment = Folder for all
> path = /home/all
> inherit permissions = Yes
> browseable = Yes
> guest ok = No
> writable = Yes
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> read only = no
>
> [generic-postscript]
> path = /var/tmp/
> printable = yes
> printer name = generic-postscript
> hosts allow = 172.16.2.0/27
>
> [gps]
> path = /var/tmp/
> printable = yes
> printer name = gps
> hosts allow = 172.16.2.0/27
> --------------
>
> Content of usermap:
> !root = DOMAIN\Administrator
>
> For any help I would be very grateful!!
This is a Samba AD DC and you have set it up as a fileserver, this
isn't really recommended, but if you do, you have to follow the rules.
This means that you MUST set the permissions from Windows and the
parameters you can set are very minimal. You also do not use a user.map
on a DC, it breaks the existing Administrator to root mapping in
idmap.ldb.
Rowland