samba - Jul 2002 - Several questions with w2k printing to samba

Samba 2.2.5-1 installed via RPM on a RH7.2 system, authentication is 
against an NT PDC (security = domain) using winbindd.  Mostly w2k 
clients connecting to samba for print serving.

(A) Is the smbpasswd needed if my samba authentication uses winbindd 
against a PDC?

(B) Every 15 minutes or so I get this in log.nmbd:

[2002/07/30 06:32:04, 0] 
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(358)
  find_domain_master_name_query_fail:
  Unable to find the Domain Master Browser name MY_DOM<1b> for the 
workgroup MY_DOM.
  Unable to sync browse lists in this workgroup.

Is that because my interface does not support broadcast?  Any idea how 
to remedy these errors?

(C) In my log.winbindd I get:
[2002/07/30 07:47:06, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(120)
  user 'ftp' does not exist

(It used to be 'nobody' though I did have a 'nobody' account.  I
put
"guest account=ftp" to see if that worked any better, and it
didn't.)
Any ideas?  I had also tried a nobody = MY_DOM+guest in smbusers, but 
that did not help.  Testparm shows map to guest = Never, guest ok = no, 
and guest only = no.  I haven't set any public=yes.  I don't know why, 
with security = domain and my other share settings it would ever be 
needing a guest account anyway.

(D) In my [printers] share I have:
printer admin = "MY_DOM+user1, MY_DOM+user2"
queuepause command = /usr/sbin/lpc stop %p
queueresume command = /usr/sbin/lpc start %p

trying to "Pause Printing" from a w2k client doesn't appear to do
anything.
I also tried adding
queuepause command = /usr/sbin/lpc stop %p
queueresume command = /usr/sbin/lpc start %p
printer admin = "MY_DOM+user1, MY_DOM+user2"
to the global section, no luck.

lpc status (print queue name) shows printing and spooling remain enabled.


Thanks for your expertise,
~ Daniel


My smb.conf... a work in progress:

[global]
  # default of 10 wasn't enough for Printers folder to show up on first 
connect
  lpq cache time = 30
  printing = LPRNG
  queuepause command = /usr/sbin/lpc stop %p
  queueresume command = /usr/sbin/lpc start %p
  printer admin = "MY_DOM+user1, MY_DOM+user2"
  netbios name = myhost
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  winbind separator = +
  workgroup=MY_DOM
  server string = Samba Server on myhost
  log level = 1
  printcap name = /etc/printcap
  load printers = yes
  guest account=ftp
  log file = /var/log/samba/%m.log
  security = domain
  password server = pdc1host pdc2host pdc3host
  encrypt passwords = yes
  *passwd:*all*authentication*tokens*updated*successfully*
  interfaces = (my ip)/24
  domain master = no
  wins support = no
  wins server = (ip address of wins server)
  dns proxy = no

[print$]
  path = /usr/local/samba/printers
  browseable = yes
  read only = yes
  write list = "MY_DOM+user1, MY_DOM+user2"

[printers]
  comment = All Printers
  path = /var/spool/samba
  print command = /usr/bin/lpr -r -P%p %s
  printable = yes
  queuepause command = /usr/sbin/lpc stop %p
  queueresume command = /usr/sbin/lpc start %p
  printer admin = "MY_DOM+user1, MY_DOM+user2"

and...
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[print$]"
Processing section "[printers]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions


Thank you.

Since no nibbles yet, I thought I'd try to clarify parts of my post that 
may have been overly vague or confusing.
> Samba 2.2.5-1 installed via RPM on a RH7.2 system, authentication is 
> against an NT PDC (security = domain) using winbindd.  Mostly w2k 
> clients connecting to samba for print serving.
>
> (A) Is the smbpasswd needed if my samba authentication uses winbindd 
> against a PDC?
That is to say, does /etc/samba/smbpasswd provide anything for this 
configuration (security = domain authenticating against a NT server and 
using winbind)?
>
> (B) Every 15 minutes or so I get this in log.nmbd:
>
> [2002/07/30 06:32:04, 0] 
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(358)
>  find_domain_master_name_query_fail:
>  Unable to find the Domain Master Browser name MY_DOM<1b> for the 
> workgroup MY_DOM.
>  Unable to sync browse lists in this workgroup.
>
> Is that because my interface does not support broadcast?  Any idea how 
> to remedy these errors?
Is it likely I've misconfigured something somewhere?  Or is lack of 
broadcast the likely culprit?  Does this mean when I make changes to 
shares, the Domain Master Browser won't know it?  I thought since I'm 
pointing at an NT WINS server, my lack of broadcast was a non-issue?
>
> (C) In my log.winbindd I get:
> [2002/07/30 07:47:06, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(120)
>  user 'ftp' does not exist
>
> (It used to be 'nobody' though I did have a 'nobody'
account.  I put
> "guest account=ftp" to see if that worked any better, and it
didn't.)
> Any ideas?  I had also tried a nobody = MY_DOM+guest in smbusers, but 
> that did not help.  Testparm shows map to guest = Never, guest ok = 
> no, and guest only = no.  I haven't set any public=yes.  I don't
know
> why, with security = domain and my other share settings it would ever 
> be needing a guest account anyway.
>
> (D) In my [printers] share I have:
> printer admin = "MY_DOM+user1, MY_DOM+user2"
> queuepause command = /usr/sbin/lpc stop %p
> queueresume command = /usr/sbin/lpc start %p
>
> trying to "Pause Printing" from a w2k client doesn't appear
to do
> anything.
> I also tried adding
> queuepause command = /usr/sbin/lpc stop %p
> queueresume command = /usr/sbin/lpc start %p
> printer admin = "MY_DOM+user1, MY_DOM+user2"
> to the global section, no luck.
>
> lpc status (print queue name) shows printing and spooling remain enabled.
Maybe I was thrown off by the comment in smb.conf:
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
 and
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer

Do I need to identify shares for each print queue for attributes like 
queuepause, etc to work?  I noticed they are listed as [S]ervice 
attributes, but also that testparm listed it as a global attribute as well.
>
>
> Thanks for your expertise,
> ~ Daniel
>
>
> My smb.conf... a work in progress:
>
> [global]
>  # default of 10 wasn't enough for Printers folder to show up on first 
> connect
>  lpq cache time = 30
>  printing = LPRNG
>  queuepause command = /usr/sbin/lpc stop %p
>  queueresume command = /usr/sbin/lpc start %p
>  printer admin = "MY_DOM+user1, MY_DOM+user2"
>  netbios name = myhost
>  winbind uid = 10000-20000
>  winbind gid = 10000-20000
>  winbind separator = +
>  workgroup=MY_DOM
>  server string = Samba Server on myhost
>  log level = 1
>  printcap name = /etc/printcap
>  load printers = yes
>  guest account=ftp
>  log file = /var/log/samba/%m.log
>  security = domain
>  password server = pdc1host pdc2host pdc3host
>  encrypt passwords = yes
>  *passwd:*all*authentication*tokens*updated*successfully*

Sorry, ignore the above line... 2nd half of a comment that I didn't 
remove properly before posting
>  interfaces = (my ip)/24
>  domain master = no
>  wins support = no
>  wins server = (ip address of wins server)
>  dns proxy = no
>
> [print$]
>  path = /usr/local/samba/printers
>  browseable = yes
>  read only = yes
>  write list = "MY_DOM+user1, MY_DOM+user2"
>
> [printers]
>  comment = All Printers
>  path = /var/spool/samba
>  print command = /usr/bin/lpr -r -P%p %s
>  printable = yes
>  queuepause command = /usr/sbin/lpc stop %p
>  queueresume command = /usr/sbin/lpc start %p
>  printer admin = "MY_DOM+user1, MY_DOM+user2"
>
> and...
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[print$]"
> Processing section "[printers]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
> Press enter to see a dump of your service definitions
>
>
> Thank you.
>
>
Thank you.