CUPS, samba in appliance mode (against NT4) and/or W2K AD?

Jan Grant Jan.Grant at
Thu Sep 20 09:07:03 GMT 2001

Finally sick of rebooting our print server we've gone down the route of
using an old shoebox for a print server.

We've had some success with "a cheap unix-a-like" and CUPS* with samba
(the 2.2 latest).

I've one thing to report that worked well and one request for advice in
the future.

What worked well: the machine doesn't have user accounts; we hand off
authentication to a local domain controller and print through to the
CUPS subsystem (this does reliable page counting, etc). The only issue
we had was that users who didn't appear in /etc/passwd were being
accounted for by CUPS as "nobody" (or whoever the guest account was set

The quick fix we used here was to patch the CUPS lp to add a "-U" option
(diff at if anyone's
interested) and explicitly included a
	print command = lp -U %U ...etc...
in the smb.conf. A better way perhaps would be to add a "cups username"
option to smb.conf (a patch for this may be forthcoming if I get some
free time) but this seems to work (you'll need to fix the job management
commands too).

This works well and we've got a stand-alone box that needs little to no
maintenance and works as an appliance.

Now, this is fine (since everyone who can authenticate against our
domain is eligible to print, ie authentication->authorisation). However,
in the not-too-distnat future I can see our domain being subsumed and
becoming a single OU (with a corresponding global group) in an active

The question I have, therefore, is this: is there likely to be support
in a stable samba for a required group membership that looks to a domain
controller (ie, uses an NT group) rather than requiring me to stick
users into unix groups? Winbind seems like a little overkill, but I'd be
prepared to persevere if that's the only option.


* offering pretty much effortless printing for our "cheap unix-a-like"
advocates around here too :-)

jan grant, ILRT, University of Bristol.
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant at
Just because I have nothing to hide doesn't mean I have nothing to fear.

More information about the samba mailing list