Jan Grant
2001-Sep-20 09:07 UTC
CUPS, samba in appliance mode (against NT4) and/or W2K AD?
Finally sick of rebooting our print server we've gone down the route of using an old shoebox for a print server. We've had some success with "a cheap unix-a-like" and CUPS* with samba (the 2.2 latest). I've one thing to report that worked well and one request for advice in the future. What worked well: the machine doesn't have user accounts; we hand off authentication to a local domain controller and print through to the CUPS subsystem (this does reliable page counting, etc). The only issue we had was that users who didn't appear in /etc/passwd were being accounted for by CUPS as "nobody" (or whoever the guest account was set to). The quick fix we used here was to patch the CUPS lp to add a "-U" option (diff at http://www.ioctl.org/unix/printing/cups-lp.diff if anyone's interested) and explicitly included a print command = lp -U %U ...etc... in the smb.conf. A better way perhaps would be to add a "cups username" option to smb.conf (a patch for this may be forthcoming if I get some free time) but this seems to work (you'll need to fix the job management commands too). This works well and we've got a stand-alone box that needs little to no maintenance and works as an appliance. Now, this is fine (since everyone who can authenticate against our domain is eligible to print, ie authentication->authorisation). However, in the not-too-distnat future I can see our domain being subsumed and becoming a single OU (with a corresponding global group) in an active directory. The question I have, therefore, is this: is there likely to be support in a stable samba for a required group membership that looks to a domain controller (ie, uses an NT group) rather than requiring me to stick users into unix groups? Winbind seems like a little overkill, but I'd be prepared to persevere if that's the only option. jan * offering pretty much effortless printing for our "cheap unix-a-like" advocates around here too :-) -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk Just because I have nothing to hide doesn't mean I have nothing to fear.