[Samba] Still unresolved: adding printers as a non admin domain user doesn't work

Francis Galiegue fg at one2team.com
Wed Feb 27 14:50:56 GMT 2008 

Hello list,

I use samba-3.0.10 from RHEL4, with an smbldap-tools backend (version 0.9.2a).

Everything works fine: domain logons work OK, I can join machines to the 
domain, "unjoin" them, add users (from the samba server only though, but 
that's not important), submit drivers for printers as a printer admin, etc.

The only thing that does NOT work is adding printers as a non admin user with 
Windows XP (Professional). It worked under Win2k!

When I use XP, the only option I have is to first add the printer as either 
the local administrator of the machine, or the domain administrator, and only 
then I can add this printer as a normal, unpriviledged domain user. Uh.

And I have NOTHING in the Samba logs. As my smb.conf is relatively long, I'll 
put only what I think is relevant below. Any hints appreciated, I've been 
stuck with this problem for six months, and not a hint of a solution yet :(

---
        printcap name = cups
        load printers = yes
        printcap cache time = 300
        printing = cups
[...]
        ldap passwd sync = yes

        passdb backend = ldapsam:ldap://127.0.0.1/
        #
        # FIXME: why commented in the HOWTO?
        #
        #ldap filter = (&(objectClass=sambaSAMAccount)(uid=%u))
        ldap admin dn = cn=samba,ou=DSA,dc=one2team,dc=lan
        ldap suffix = dc=one2team,dc=lan
	[blah, blah]
[...]
[homes]
        comment = User home directories (NOT the profiles)
        valid users = %U
        create mask = 0640
        directory mask = 0750
        browseable = no
        veto files = /*.mp3/*.m4a/*.mpg/*.mpeg/*.avi/*.wmv/*.wma
        read only = no

[profiles]
        path = /var/lib/samba/profiles
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = no
        guest ok = yes
        profile acls = yes
        veto files = /*.mp3/*.m4a/*.mpg/*.mpeg/*.avi/*.wmv/*.wma
        csc policy = disable
        force user = %U
        valid users = %U @"Domain Admins"

[netlogon]
        path = /var/lib/samba/netlogon
        browseable = no
        read only = yes

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = yes
        guest ok = no
        writable = no
        printable = yes
        create mode = 0600
        printer admin = root, @o2tadm

[print$]
        path = /var/lib/samba/printers
        browseable = yes
        write list = root
        guest ok = yes
        read only = yes

[...]
---
-- 
Francis Galiegue, One2team - fg at one2team.com
[ATTENTION : CHANGEMENT DE COORDONNÉES !]
+33178945552, +33683877875, http://www.one2team.com
40 avenue Raymond Poincaré - 75116 PARIS

More information about the samba mailing list