[Samba] Problem with job removal

Ryan Novosielski novosirj at umdnj.edu
Wed May 31 16:14:35 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use:

printing = lprng
print command = /opt/LPRng/bin/lpr -P%p -U%U -J'%J' -r %s
lpq command = /opt/LPRng/bin/lpq -P%p
lprm command = /opt/LPRng/bin/lprm -P%p -U%U %j
lppause command = /opt/LPRng/sbin/lpc -U%U hold %p %j
lpresume command = /opt/LPRng/sbin/lpc -U%U release %p %j
queuepause command = /opt/LPRng/sbin/lpc -U%U -P%p stop
queueresume command = /opt/LPRng/sbin/lpc -U%U -P%p start


Arthur Guez wrote:
> Hi,
>
> We've been stuck with this problem for a while now and we believe I
>  tried enough potential solutions to justify my posting here. We're
> using samba 3.0.14a in Sarge in order to allow printing from
> Windows workstations (The authentication works with
> AD+Kerberos+Winbind) to a set of shared printers. Printing works
> perfectly but we would like to allow users to have control over the
> jobs (most importantly remove jobs) they submit and them only.
> Unfortunately this does not seem to work with any of the
> configurations we've tried. When a job is cancelled, it is replaced
>  in the windows queue by a job called "remote downlevel document"
> Here are the relevant sections of our smb.conf file: (without any
> of the hacks we attempted)
>
> [printers] comment = All Printers path = /var/spool/lpd printable =
> yes printing = lprng load printers = yes printcap name =
> /etc/printcap guest ok = no print command =       /usr/bin/lpr -P%p
> -r %s lpq command   =      /usr/bin/lpq -P%p lprm command  =
> /usr/bin/lprm -P%p %j lppause command =     /usr/sbin/lpc hold %p
> %j lpresume command =    /usr/sbin/lpc release %p %j queuepause
> command =  /usr/sbin/lpc stop %p queueresume command =
> /usr/sbin/lpc start %p
>
> One of the things we've tried to do was to replace the lrprng
> commands called by samba with setuid programs which call the same
> commands but specify the user using the -U option. This works for
> lpr as desired but for some unknown reason it seems that the
> program that should be called instead of lprm is only called at
> times when a user tries to remove a "remote downlevel document".
> (When called on a "normal" job, it gets turned into a remote
> downlevel, but the program is NOT called) Here is the same file as
> above, configured for the above method: (we're using the default
> lpd.perms)
>
> [printers] comment = All Printers path = /var/spool/lpd printable =
> yes printing = lprng load printers = yes printcap name =
> /etc/printcap guest ok = no print command =      /usr/bin/setlpr
> "%U@%M" "%p" "%s" lpq command   =      /usr/bin/lpq -P%p lprm
> command  =      /usr/bin/setlprm "%U@%M" "%p" "%j" ...
>
> and the programs look like this:  (they are setuid) setuid(0)
> system("lprm -U%s -P%s %s", arg1, arg2, arg3);
>
> Also, we tried to modify the source, but we were surprised by the
> fact that samba is doing so much permission checking,  isn't that
> the role of lprng ?
>
> Any kind of help would be greatly appreciated, thanks in advance.
>
> Arthur
>
> NOTE: Our users are of the form "CAMPUS\username". I don't know if
> the backslash can cause a problem, but without using the -U option,
> the owner appears as "CAMPUS\username" in lpq but just "username"
> in the windows queue, and then "CAMPUS\username" in the windows
> queue when it is a remote downlevel document. When using our
> programs with the -U option it's just "username" everywhere.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - User Support Spec. III
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEfcDqmb+gadEcsb4RAjtXAKCeTMo2B9gNNU5YuVO+jxnVRiF55ACfUHwn
sYk/+9zfW03evo5OojAVkS0=
=uIzu
-----END PGP SIGNATURE-----



More information about the samba mailing list