[Samba] Printers permissions
Christian HAESSIG
christian.haessig at ircad.u-strasbg.fr
Wed Apr 28 08:09:01 GMT 2004
Hi Jerry, Hi everybody,
Thanks for your answer.
Yes, I use winbindd.
I had a better look on what happens, and I found out this :
when I run net getlocalsid, the answer is : SID for domain PRINTSRV2 is:
<sid>
but the domain to which belongs this machine is not PRINTSRV2. Actuellay,
PRINTSRV2 is the netbios name of the samba server ( see conf files below ).
But the net ads join worked without any problem (the computer has been
created in AD), and the getent passwd and getent group returns all
users/groups of the AD domain to which belongs the samba server ; so winbind
seems to work.
Any idea ?
Do you need the log.smbd (in log level 10) ?
Below you will find my smb.conf global section and the krb5.conf file.
Christian
smb.conf :
workgroup = D_IRCAD
netbios name = PRINTSRV2
client use spnego = yes
unix charset = "UTF8"
display charset = "UTF8"
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
log level = 3
winbind separator = +
winbind enable local accounts = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
security = ads
password server = IRCADSRV
realm = IRCAD.FR
encrypt passwords = true
passdb backend = tdbsam guest
invalid users = root
krb5.conf :
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = IRCAD.FR
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
IRCAD.FR = {
kdc = ircadsrv.ircad.fr:88
default_domain = ircad.fr
}
[domain_realm]
.ircad.fr = IRCAD.FR
ircad.fr = IRCAD.FR
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
> -----Message d'origine-----
> De : Gerald (Jerry) Carter [mailto:jerry at samba.org]
> Envoye : lundi 19 avril 2004 19:37
> A : Christian HAESSIG
> Cc : samba at lists.samba.org
> Objet : Re: [Samba] Printers permissions
>
>
> Christian HAESSIG wrote:
>
> > So, after check, I found out that the user SIDs seen on
> > the samba server ARE NOT THE SAME as the ones on the AD domain
> > controler ! Is this a samba bug ? The wbinfo command works fine,
> > and returns me all users an groups from the AD domain ...
>
> Are you running winbindd ?
>
> > Another question : do I have to install the acl if I want
> > to set specific permissions on the printers ? Or is
> > acl only necessary for disk sharing ?
>
> smbd handles security descriptors for printers internally.
>
>
>
>
> cheers, jerry
>
> ----------------------------------------------------------------------
> Hewlett-Packard ------------------------- http://www.hp.com
> SAMBA Team ---------------------- http://www.samba.org
> GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
> "...a hundred billion castaways looking for a home." ----------- Sting
More information about the samba
mailing list