3.0.24 with vista patches, printers, 'printer admin' and 'valid users'

Thomas Bork tombork at web.de
Sun Feb 11 20:43:00 GMT 2007 

Hi,

I have problems with 'Administrator' mapped to 'root' and the 
administration of printers.

Please note:
I don't using SePrintOperatorPrivilege for different reasons!
One reason is the generation of smb.conf from directives from an other 
text file. I have to write down the root password in this text file if I 
want to set the SePrintOperatorPrivilege in my generator script.

The documentaion states:

printer admin (S)

This lists users who can do anything to printers via the remote 
administration interfaces offered by MS-RPC (usually using a NT 
workstation). This parameter can be set per-share or globally.
Note: The root user always has admin rights.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use caution with use in the global stanza as this can cause side effects.

This parameter has been marked deprecated in favor of using the 
SePrintOperatorPrivilege and individual print security descriptors. It 
will be removed in a future release.

     Default: printer admin =

     Example: printer admin = admin, @staf

With or without 'printer admin = root' in global or printer part of 
smb.conf I cannot connect to the following printer from W2K:

[remoteljet]
  comment = remoteljet on %h
  printing = lprng
  print command = chmod 666 %s; name="`echo '%J' | sed "s/^.*- //"`"; if 
[ -z "$name" ]; then name="%s"; fi; /usr/bin/lpr -P%p -J"$name" %s; rm %s
  lpq command = /usr/bin/lpq -P%p -L
  lprm command = /usr/bin/lprm -P%p %j
  lppause command = /usr/sbin/lpc hold %p %j
  lpresume command = /usr/sbin/lpc release %p %j
  queuepause command = /usr/sbin/lpc stop %p
  queueresume command = /usr/sbin/lpc start %p
  use client driver = yes
  browseable = yes
  printable = yes
  path = /var/spool/samba
  printer = repr1
  valid users = tb mg
  create mode = 0700

User is 'Administrator' mapped to 'root'. The documentation says:
Note: The root user always has admin rights.

This is not true!

I can only connect to the printer, if 'root' is in 'valid users'.


der tom

More information about the samba-technical mailing list