[Samba] "Access Denied" if printing after logoff

Daniel Gomes dgomes at ipfn.ist.utl.pt
Thu Sep 30 07:49:27 MDT 2010 

  Dear users,

I have Samba (3.0.28a) currently configured to share CUPS (1.3.7) 
printers on a Ubuntu (8.04 hardy) server, using LDAP for authentication.

After installing a printer (accessing the Samba share and inputting the 
user's password), everything is fine and printing works fine. But after 
restarting the computer (or simply logging off), the user gets an 
"Access Denied" error when trying to print. I noticed that if the user 
accesses the share manually (at which point he is asked for his 
credentials) the error disappears. Basically, a "net use" connection is 
necessary to allow the user to print.

I realized I can fix the error with a "net use /USER:<user> //printers 
<pass>" command, but as you can imagine, I wouldn't like to store the 
user's password in a cleartext script. I also wouldn't like to force the 
user to input his password every day.

After googling this subject, I also tried "use client drivers" to no 
success.

Here's my current config (I replaced some "sensitive" information):

#======================= Global Settings =======================

[global]

server string = %h server (Samba, Ubuntu)
dns proxy = no

#### Networking ####

hosts allow = 127.0.0.1, 192.168.136.0/24, 10.136.0.0/16
hosts deny = 0.0.0.0/0

#### Debugging/Accounting ####

log level = 3
log file = /var/log/samba/log.%m
# in KiB
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d

####### Authentication #######

encrypt passwords = true
security = user
passdb backend = ldapsam:ldap://<ldap-server>
ldap admin dn = cn=samba,ou=services,dc=...
ldap suffix = dc=...
ldap user suffix = ou=people
ldap group suffix = ou=samba,ou=groups
ldap machine suffix =
ldap passwd sync = no
ldap delete dn = no

####### Domain #######

workgroup = <SAMBA workgroup>
domain logons = yes
prefered master = yes
domain master = yes
local master = yes
obey pam restrictions = yes

unix password sync = yes

passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

pam password change = yes

map to guest = Never

############ Misc ############

socket options = TCP_NODELAY

#======================= Share Definitions =======================

load printers = yes
printing = cups
printcap name = cups

[printers]
     comment = All Printers
     browseable = no
     path = /var/spool/samba
     printable = yes
     read only = yes
     create mask = 0700
     guest ok = no
     use client driver = yes

[print$]
     comment = Printer Drivers
     path = /var/lib/samba/printers
     browseable = yes
     read only = yes
     writeable = yes
     guest ok = no
     write list = @domadmins root administrator


-----------------------------------

So, does any one have an idea how can I make this work?

Thanks in advance,

-- 
Daniel Gomes (SysAdmin)
dgomes at ipfn.ist.utl.pt
Ext. 3487 - 218419487

Instituto de Plasmas e Fusão Nuclear
Instituto Superior Técnico - UTL
Av. Rovisco Pais - 1049-001 Lisboa - Portugal

More information about the samba mailing list