[Samba] samba server print objects view in windows

Anni Evanoff aevanoff at pdx.edu
Fri Aug 11 17:00:45 GMT 2006 

Thanks for your reply!  This has been really fun trying to configure Samba
and learning the Linux world at the same time, it is indeed fascinating. 

I need the list to be browseable by users so that they can pick which
printer they will want to install on their desktop, that which they may not
know the name of, so I need to solve this problem with load printers = yes.
Which brings up another question I had....when I set the browseable = yes
and guest = yes in the printers section of smb.conf, testparm reveals that
that section has browseable = no.  Is that a default so that there is not a
potential security hole and cannot be changed? I am thinking that this may
solve this refresh issue but more, and more I am thinking that it is
something different.

Our environment is really unique in the sense that I would like this Samba
server to be a MEMBER SERVER (non-PDC) of a Domain that is used strictly for
print services and where access is governed by, and checked against accounts
and associated permissions in active directory.  It is part of the Microsoft
AD domain currently. This is where the Samba concept gets confusing to
me.....what services do I need for this environment? NSS is currently
configured to use LDAP to authenticate accounts on this Samba server (which
is how all Unix servers in this environment are set up), but do I need that
anymore now that it is part of an AD domain?  What about winbind?  I noticed
in windows that the ACL's on these printers contained cryptic SID's at one
point, I then turned on winbind and now those SIDs are resolved and show
real AD accounts (much to my satisfaction) Winbind is used to resolve SIDs,
what should be used to authenticate?  That net rpc grant rights command does
not work, it does not recognize my domain admin account on the already
existing Active Directory domain.

Thanks again for all the help!

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
Sent: Thursday, August 10, 2006 2:03 PM
To: Anni Evanoff
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba server print objects view in windows

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anni Evanoff wrote:

> "Printers and Faxes" applet view seems to constantly 
> refresh every five seconds..and with a list of about
> 2500 printers, it is nearly impossible to scroll down
> to a specific printer and connect to it before the refresh.

This is most likely caused by MS' decision to break the
print change notify protocol in Windows XP sp2.

> This is obviously not a viable solution for users.

You can set "load printers = no" and have the user enter
the UNC path in Start -> Run.... to connect to the
printer.



> Also if someone has the time to explain how I can take 
> the printer admin line out, since it gives a
> deprecation error. I know I can get rid of the
> printer admin parameter with a permission assigned to an AD group (or
should
> it be a group defined on the Samba server?) called the
> SePrinterOperatorprivilege, right?  

Yup.  "net rpc grant 'DOMAIN\Domain Admins' SePrintOperatorPrivilege
- -U 'DOMAIN\Administrator'"






cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE257xIR7qMdg1EfYRAvI2AKCnyZsxtsVmk3BynkcfFB0gb7TQUACg3ezg
esyRGbrWmUJlWn5MxeHmuBA=
=aUiO
-----END PGP SIGNATURE-----

More information about the samba mailing list