Hi, I'm going to migrate my old CUPS server to a new setup. It shall provide the printing backend for Samba4 and should integrate as seamless as possible. Both Windows and Linux users should not require additional passwords, but should be authenticated by their Kerberos tickets. Is there anything particular to consider? E.g. has the CUPS server to be joined to the AD and should it run a Samba instance of its own? Or is it possible to have the DC delegate jobs to the CUPS server? Are there best practices? Regards, - lars.
On Tue, Dec 30, 2014 at 5:04 PM, Lars Hanke <debian at lhanke.de> wrote:> Hi, > > I'm going to migrate my old CUPS server to a new setup. It shall provide the > printing backend for Samba4 and should integrate as seamless as possible. > Both Windows and Linux users should not require additional passwords, but > should be authenticated by their Kerberos tickets.There are a gazillion ways to configure both CUPS and Samba. Be clear on whether you need to support authenticated printing only, whether you are using Kerberos and Samba for genuine "Single-Sign-On" authentication, or whether people without credentials or with laptops not configured for your environment should be allowed to prent, and if so on which devices.> Is there anything particular to consider? E.g. has the CUPS server to be > joined to the AD and should it run a Samba instance of its own? Or is it > possible to have the DC delegate jobs to the CUPS server? Are there best > practices? > > Regards, > - lars. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hello Lars, Am 30.12.2014 um 23:04 schrieb Lars Hanke:> I'm going to migrate my old CUPS server to a new setup. It shall provide > the printing backend for Samba4 and should integrate as seamless as > possible. Both Windows and Linux users should not require additional > passwords, but should be authenticated by their Kerberos tickets. > > Is there anything particular to consider? E.g. has the CUPS server to be > joined to the AD and should it run a Samba instance of its own? Or is it > possible to have the DC delegate jobs to the CUPS server? Are there best > practices?https://wiki.samba.org/index.php/Samba_as_a_print_server For Windows: https://wiki.samba.org/index.php/Configuring_Point_n_Click_Automatic_Printer_Driver_Deployment For Linux I don't know a ways for automatic printer driver deployment. Regards, Marc
Am 31.12.2014 um 03:43 schrieb Nico Kadel-Garcia:> On Tue, Dec 30, 2014 at 5:04 PM, Lars Hanke <debian at lhanke.de> wrote: >> Hi, >> >> I'm going to migrate my old CUPS server to a new setup. It shall provide the >> printing backend for Samba4 and should integrate as seamless as possible. >> Both Windows and Linux users should not require additional passwords, but >> should be authenticated by their Kerberos tickets. > > There are a gazillion ways to configure both CUPS and Samba. Be clear > on whether you need to support authenticated printing only, whether > you are using Kerberos and Samba for genuine "Single-Sign-On" > authentication, or whether people without credentials or with laptops > not configured for your environment should be allowed to prent, and if > so on which devices.Yes, "gazillion ways" that also was my impression and the aim of this inquiry is to reduce the number of configurations to try and discard. ;) Samba4 is aimed at a SSO solution for the network. There as many Linux systems as Windows on the net. Most Windows systems however are not joined - these are Win## Home licenses. Currently most of them print directly. I have Laptops, which are neither joined and neither get their user information from LDAP, but when connected locally will be able get tickets from the DC (at least the linux boxes). They also will access file shares similar to WinXP Home systems. So in short: Whoever has permission to print can get a Kerberos ticket or mount a file share. There are no anonymous file shares.>> Is there anything particular to consider? E.g. has the CUPS server to be >> joined to the AD and should it run a Samba instance of its own? Or is it >> possible to have the DC delegate jobs to the CUPS server? Are there best >> practices?Hope that helped to outline the context for the best pratices. Thanks for your help, - lars.