[Samba] Access denied when printing to Samba printers

Ben Finney benfinney at thegoodguys.com.au
Thu Aug 14 00:46:41 GMT 2003

Howdy all,

I'm setting up a print server machine to serve hosts in an Active 
Directory domain.  Debian GNU/Linux ("sarge", current testing branch), 
Samba 3.0.0beta2-1.

Success so far:
   - All steps in the current DIAGNOSIS document 
   - Sharing printer drivers from the [print$] share (yay!)
   - Connecting to the Samba server from a Win2000 host
   - Connecting to individual printer shares from a Win2000 host

   - Printing anything to said printer shares.

The Win2000 client, when attempting to print a test page to the 
printer, immediately responds with "Access denied" and an offer to 
lead me through the printer troubleshooting help.

Selected portions of 'testparm -vs':

Processing section "[printers]"
Processing section "[print$]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
# Global parameters
         workgroup = TGGLOCAL
         realm =
         netbios name = TGGSPS001
         interfaces =
         bind interfaces only = No
         security = DOMAIN
         auth methods =
         encrypt passwords = Yes
         update encrypted = No
         client schannel = Auto
         server schannel = Auto
         allow trusted domains = Yes
         map to guest = Never
         null passwords = No
         obey pam restrictions = Yes
         password server = tggad001, tggad002, *
         private dir = /var/lib/samba
         passdb backend = tdbsam, guest
         guest account = nobody
         restrict anonymous = 0
         lanman auth = Yes
         ntlm auth = Yes
         client NTLMv2 auth = No
         client lanman auth = Yes
         client plaintext auth = Yes
         protocol = NT1
         acl compatibility =
         paranoid server security = Yes
         load printers = Yes
         printcap name = cups
         disable spoolss = No
         idmap only = No
         idmap backend =
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind separator = +
         winbind cache time = 600
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = No
         printer admin = @lpadmin, TGGLOCAL+Domain Admins

         comment = All printers
         path = /var/local/spool/samba
         create mask = 0700
         guest ok = Yes
         printable = Yes
         print command = lp -c -d %p -o raw; rm %s
         lpq command = lpstat -o %p
         lprm command = cancel %p-%j
         browseable = No

         comment = Printer drivers
         path = /var/lib/samba/printers
         write list = root, @lpadmin, TGGLOCAL+Domain Admins
         guest ok = Yes


The frustrating part is that this was working briefly a week ago, but 
is not currently and I can't determine why.  This is small comfort of 
course; but it does show that it's at least possible to get this 
working :-)

Ben Finney  <benfinney at thegoodguys.com.au>
IT Technical Support Officer
Support Centre, The Muir Electrical Company
ph: +61 3 9338 4300  web: <http://www.thegoodguys.com.au/>

More information about the samba mailing list