Douglas Phillipson
2003-Nov-05 06:10 UTC
[Samba] Cups printing, domain group error, getting closer...
After realizing my CUPS printername in /etc/cups/cupsd.conf must be the
same as my samba printer sharename (I don't think it says that anywhere
in any HOWTO, correct me if I'm wrong though) I am now getting to the
printer resource but...
Using Samba 3.0.1 and attempting to connect to a samba cups printer with
Win2000 I am getting the following samba error:
Returning domain sid for domain TESTDOM ->
S-1-5-21-4236639219-957987792-2344320348
[2003/11/04 21:48:54, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2537)
Returning domain sid for domain TESTDOM ->
S-1-5-21-4236639219-957987792-2344320348
[2003/11/04 21:48:54, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
get_domain_user_groups: primary gid of user [douglas] is not a Domain
group !
get_domain_user_groups: You should fix it, NT doesn't like that
The DC is a samba machine and I am running winbind on it. Do I need to
create a domain group through samba or something?
Thanks
DSP
SMB.conf:
[global]
workgroup = TESTDOM
netbios name = blue
security = user
server string = Samba Server
winbind separator = +
idmap uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba.log
log level = 2
max log size = 50000
add machine script = /usr/sbin/useradd -n -g machines -c
Machine -d /dev/null -s /bin/false %u
add user script = /usr/sbin/useradd %u
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = Yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
admin users = root
csc policy = disable
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
printer admin = root
printing = cups
printcap name = cups
username map = /etc/maps
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
create mask = 0600
directory mask = 0700
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[profiles]
path = /home/profiles
browseable = no
guest ok = no
create mask = 0600
directory mask = 0700
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = yes
public = yes
printable = yes
printer admin = root, douglas
[hp7xxx]
comment = Printer with Restricted Access
path = /var/spool/samba_my_printer
printer admin = root, douglas
browseable = yes
printable = yes
writeable = yes
guest ok = yes
John H Terpstra
2003-Nov-05 07:04 UTC
[Samba] Cups printing, domain group error, getting closer...
On Tue, 4 Nov 2003, Douglas Phillipson wrote:> After realizing my CUPS printername in /etc/cups/cupsd.conf must be the > same as my samba printer sharename (I don't think it says that anywhere > in any HOWTO, correct me if I'm wrong though) I am now getting to the > printer resource but...Well, yes! If you create a service entry (its not a share!) in your smb.conf file. But I hope you realize that this is NOT necessary. CUPS will directly export its printers via Samba. Why make life more difficult than it needs to be?> > Using Samba 3.0.1 and attempting to connect to a samba cups printer with > Win2000 I am getting the following samba error: > > > Returning domain sid for domain TESTDOM -> > S-1-5-21-4236639219-957987792-2344320348 > [2003/11/04 21:48:54, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2537) > Returning domain sid for domain TESTDOM -> > S-1-5-21-4236639219-957987792-2344320348 > [2003/11/04 21:48:54, 0] rpc_server/srv_util.c:get_domain_user_groups(371) > get_domain_user_groups: primary gid of user [douglas] is not a Domain > group ! > get_domain_user_groups: You should fix it, NT doesn't like that > > > The DC is a samba machine and I am running winbind on it. Do I need to > create a domain group through samba or something?Yes! If you are using samba-3.0.x. The primary group of a domain user needs to be a domain group. Set it using the net command: net groupmap modify ntgroup="Domain Users" unixgroup=users assuming that the primary group of your UNIX users is called "users". - John T.> > Thanks > > DSP > > SMB.conf: > > [global] > > workgroup = TESTDOM > netbios name = blue > security = user > server string = Samba Server > winbind separator = + > idmap uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > printcap name = /etc/printcap > load printers = yes > > log file = /var/log/samba.log > log level = 2 > max log size = 50000 > add machine script = /usr/sbin/useradd -n -g machines -c > Machine -d /dev/null -s /bin/false %u > add user script = /usr/sbin/useradd %u > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > local master = Yes > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > admin users = root > csc policy = disable > logon script = logon.bat > logon path = \\%L\profiles\%U > logon drive = H: > printer admin = root > printing = cups > printcap name = cups > username map = /etc/maps > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = yes > writable = no > create mask = 0600 > directory mask = 0700 > ; share modes = no > > > # Un-comment the following to provide a specific roving profile share > # the default is to use the user's home directory > [profiles] > path = /home/profiles > browseable = no > guest ok = no > create mask = 0600 > directory mask = 0700 > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = yes > # Set public = yes to allow user 'guest account' to print > guest ok = yes > writable = yes > public = yes > printable = yes > printer admin = root, douglas > > [hp7xxx] > comment = Printer with Restricted Access > path = /var/spool/samba_my_printer > printer admin = root, douglas > browseable = yes > printable = yes > writeable = yes > guest ok = yes > >-- John H Terpstra Email: jht@samba.org