nobody uid printing, take 2
Christopher Dingle
cmd at head-cfa.harvard.edu
Tue Dec 14 21:41:26 GMT 1999
Hi,
Samba 2.0.6 on Solaris 7 or Samba 2.0.5 on Solaris 2.6
security = share
Ok, in my previous email on this subject I indicated that switching to
security = user might be the right idea to fix the problem I am having.
However, this isn't possible for a variety of reasons.
So basically, the question is now this: with security = share and the following
printer share definition:
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
# public = yes
writable = no
printable = yes
How to make it so that users don't have to enter a password to access the
print services and that the jobs come out with the correct owner?
Here is a recap from my last message, more detailed information about how
things are running here follows.
I used to have the printers share defined to allow guest to print. However,
everyone's jobs were coming out with a header page that listed "nobody" as the
owner. Since the guest parameter was set to nobody this makes sense if guest
tries to print. What confounded me was that everyone's jobs came out this way.
So I tried to set guest ok = no and see what would happen. Now when the PC
users would attempt to print it prompted them for a passwd. If they typed
the correct passwd that corresponded with the correct unix username that samba
was attempting to guess, then the print job would come out and with the correct
username. I know that the PC clients don't send usernames and that in share mode
samba attempts to guess the user. This has worked well enough, but I
understand that the security of this setup is wanting, for obvious reasons and
anyway it's icky.
Bill Knox came up with the great suggestion of using LPRng with samba. It allows
for the specification of the owner of the print job by specified non-root users. However,
in our current implementation, we use System V style printing and maintain a
printers.conf NIS map. I don't know that LPRng will work with NIS. Does anyone have any
experience with this?
Here is a copy of the smb.conf (definitions only) that I am using for testing
purposes:
#==================== Global Settings =====================================
[global]
workgroup = HEAD-CFA
server string = HEAD Samba Server %v
hosts allow = 131.142.42. 127.
load printers = yes
printcap name = /export/samba/lib/printers
printing = sysv
# was printing = lprng
# default guest account = nobody
log file = /export/samba/var/log.%m
max log size = 50
security = share
encrypt passwords = no
socket options = TCP_NODELAY
dns proxy = no
#========================= Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
path = /home/%u
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
public = yes
writable = no
printable = yes
[pool1]
comment = Pool for a day
path = /pool1
guest ok = yes
writeable = yes
create mask = 0765
[pool7]
comment = Pool for a week
path = /pool7
guest ok = yes
writeable = yes
create mask = 0765
[pool14]
comment = Pool for two weeks
path = /pool14
guest ok = yes
writeable = yes
create mask = 0765
As you can see, it's very plain right now--nothing fancy.
Any suggestions appreciated.
Chris
--
Christopher M. Dingle
Unix SysAdmin
Smithsonian Astrophysical Observatory
High Energy Astrophysics Division
http://hea-www.harvard.edu
More information about the samba
mailing list