Fw: [Samba] Setting Global printer defaults on standalone server running version samba 3.0.25

Richard Chapman rchapman at aardvark.com.au
Wed Jan 30 00:28:10 GMT 2008


Hi Vickie (and others).

I think I spoke a bit soon... at least on the global default settings... 
There are still a few strange things going on...

My situation is slightly different from yours (I think). My users don't 
necessarily have logins on the linux server. I probably should use 
"security = share" - but with this setting - I couldn't get the driver 
upload to work. When I reverted to "security = user" (default) the 
upload worked - but workstations without suitable usernames - couldn't 
even see the server's shared printers. My solution was to use:
"map to guest = Bad Password" (see man smb.conf).

[global]
    log file = /var/log/samba/%m.log
    load printers = yes
    smb ports = 139
    enable privileges = yes
        map to guest = Bad Password
    encrypt passwords = yes
    allow hosts = 192.168.0. 127.
    dns proxy = no
    cups options = raw
    netbios name = C5
    server string = Centos 5 Linux
    workgroup = aardvarkwg
    os level = 20
    max log size = 50
[printers]
    comment = All Printers
    printable = yes
    path = /var/spool/samba
    public = yes
[print$]
    comment = Windows Printer Driver Share
    path = /var/lib/samba/drivers
    public = yes
    browseable = yes
    read only = yes
    write list = root, @ntadmin, richard, rhc

This seems to mostly work - but there are a few things I don't understand:

While logged in as a member of "ntadmin", I can upload drivers - and I 
can open the servers "Printers & Faxes", then right click the Printer, 
select Properties/advanced/printing defaults - and set the settings.

If I go to a workstation which has a login not recognised by the server 
- I can install the printer and it downloads the drivers fine. The 
printer works fine.

However:
On the non admin workstation - the initial printer settings do not match 
the global defaults, and I can change the local defaults (both the 
settings - and the defaults). Worse still - I can go to "server 
properties" and delete "server side" drivers from the server (from the 
non admin workstation). Interestingly - it doesn't actually seem to 
delete files from the print$ share - but the driver does disappear from 
the driver list - even when viewed on an admin worstation.

I do get an error if I try to upload drivers from a non-admin 
workstation - (as I should).

It seems like the guest login has nearly all the rights of an "ntdmin' 
login - but I can't figure out why. I am confident that the username on 
the non-admin workstation is not a server logon - and certainly not 
included in ntadmin.

Any ideas anyone...

Thanks.

Richard.









Vickie L. Kidder wrote:
>
> Richard,
>
> It is great to hear that you got printer upload working!  I'm glad my 
> response was of some help to you.  When you posted your question, I 
> had also been struggling with printer admin issue, and had just gotten 
> it working with some help from the list.  
>
>
> Vickie Kidder
> Information Systems
> McIlhenny Company
> 337.373.6126
>
>
>
> *Richard Chapman <rchapman at aardvark.com.au>*
>
> 01/28/2008 08:26 PM
>
> 	
> To
> 	"Vickie L. Kidder" <Vickie.Kidder at TABASCO.com>, Samba List 
> <samba at lists.samba.org>
> cc
> 	
> Subject
> 	Re: Fw: [Samba] printer admin option replacement on stand alone (not 
> domain) print server running version 3.0.25
>
>
>
> 	
>
>
>
>
>
> Hi Vickie
>
> I hope you don't mind me contacting you directly - but I wanted to thank
> you (and otters) for your help with this problem. I have finally got
> printer driver upload working - after having taken a break from it for a
> couple of weeks leave....
>
> Everything went more or less as you said - but I also had some "bad
> stuff" in my smb.conf - which took a bit of careful weeding to get rid
> off...:-)
>
> I think I have also just figured out how to set a global default
> "printer Preference" so that my printer prints monochrome by default.
> This is really wonderful...
>
> Thanks Vickie
>
> Richard.
>
>
> Vickie L. Kidder wrote:
> >
> > I was able to get my print drivers to upload after doing the following.
> >
> > 1) Checked that the settings for the printer driver upload directory
> > were set to allow my account to write to it.
> > /# ls -l /s01/samba
> > drwxrwsr-x   3 vlkidder samba           512 Jan 06 21:45 drivers
> >
> > 2) Removed the printer admin option from smb.conf file.  
> > These are my current smb.conf settings related to printing.
> > ; Global Settings for Printers
> >   printing = aix
> >   load printers = yes
> >   printcap name = /etc/printcap
> >   print command = /usr/bin/lpr -P%p -h -r %s
> >   lpq command = enq -e -As -P'%p'
> >   use client driver = no
> > [printers]
> >    comment = samba printers
> >    path = /var/spool/samba
> >    printable = yes
> >    browseable = no
> >    guest ok = no
> >    public = no
> >    read only = yes
> >    writeable = no
> > [print$]
> >    comment = samba printer driver upload
> >    path = /s01/samba/drivers
> >    write list = vlkidder
> >    browseable = yes
> >    guest ok = no
> >    read only = yes
> >
> >
> > 3) Ran "net rpc rights grant vlkidder SePrintOperatorPrivilege" to
> > grant my account "vlkidder" printer admin rights.
> > I'm not sure why, but when I run a net rpc command I get this the
> > error message
> > "Could not connect to server 127.0.0.1 The username or password was
> > not correct. Connection failed: NT_STATUS_LOGON_FAILURE".  There is a
> > password for root account in the smbpasswd file. If I reset the samba
> > password for root using "smbpasswd root", I can run the net rpc
> > commands with no problem.
> >
> >
> > That's it.  Now driver upload works fine.
> >
> > The error I originally posted "_spoolss_addprinterdriver: Failed to
> > send message about upgrading driver[]!" still shows up in my log file.
> > The driver uploads and I'm able to modify the printer properties,
> > connect the printer to a client computer, and print, so I'm not going
> > to worry about it.
> >
> >
> > Richard Chapman <rchapman at aardvark.com.au> wrote on 01/05/2008
> > 06:42:11 PM:
> >
> > > Hi Vickie
> > >
> > > I have been following your thread in the samba list - and I think I am
> > > wrestling with a similar problem. I want to upload windows printer
> > > drivers to a workgroup samba server. My samba is also 3.0.25. on a
> > > Centos 5.1 server.
> > >
> > > I have put the "enable privilege = yes" into smb.conf - and
> > restarted samba.
> > > However - unlike you - when I try the command:
> > >
> > > #net rpc rights grant 'rhc' SePrintOperatorPrivilege
> > > And give the root password, I get the error:
> > > Failed to grant privileges for rhc (NT_STATUS_ACCESS_DENIED)
> > >
> > > "rhc" is a user on both the linux server and a windows client
> > > machine - though I must admit I am confused about how the two user5
> > > groups relate to each other in a workgroup samba setup.
> > >
> > > Curiously - if I attempt to grant the right to a non-existent user -
> > > I do not get an error.
> > >
> > > Since you seem to be trying to achieve the same thing - you may have
> > > encountered similar problems. Can you throw any light on this problem?
> > >
> > > Thanks
> > >
> > > Richard.
> > >
> > >
> > >
> > >
> > >
> > > Vickie L. Kidder wrote:
> > > > Thanks to those who responded to my original question.
> > > >
> > > > I ran this command and it accepted it after I provided the root
> > password.
> > > > # net rpc rights grant 'vlkidder' SePrintOperatorPrivilege
> > > >
> > > > Checked to see if 'vlkidder' had printer admin privilege and it
> > seems ok.
> > > > # net rpc rights list accounts
> > > > Password:
> > > > BUILTIN\Print Operators
> > > > No privileges assigned
> > > >
> > > > SMBTEST\vlkidder
> > > > SePrintOperatorPrivilege
> > > >
> > > > BUILTIN\Account Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Backup Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Server Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Administrators
> > > > SeMachineAccountPrivilege
> > > > SeTakeOwnershipPrivilege
> > > > SeBackupPrivilege
> > > > SeRestorePrivilege
> > > > SeRemoteShutdownPrivilege
> > > > SePrintOperatorPrivilege
> > > > SeAddUsersPrivilege
> > > > SeDiskOperatorPrivilege
> > > >
> > > > Everyone
> > > > No privileges assigned
> > > >
> > > > After using the Printer Wizard from Windows to upload the driver,
> > it goes
> > > > through the process of copying the driver files to the [print$]
> > directory,
> > > > but there is still an error in my log file.
> > > >
> > > >   _spoolss_addprinterdriver: Failed to send message about
> > upgrading driver
> > > > []!
> > > > [2007/12/27 15:59:26, 1] smbd/service.c:close_cnum(1230)
> > > >   vlkidder-06212 (10.1.3.8) closed connection to service print$
> > > >
> > > >
> > > >
> > > >  
> > > >> I'm trying to upload print drivers to a stand-alone samba server
> > running
> > > >>    
> > > >
> > > >  
> > > >> version 3.0.25.
> > > >> The server is part of a workgroup (not domain).
> > > >>
> > > >> My log files show messages that it cannot update the driver.
> > > >> Before I had the printer admin option set in my smb.conf file to
> > allow a
> > > >>    
> > > >
> > > >  
> > > >> non-root user to do the printer admin and everything worked fine.
> > > >>
> > > >> I have read the Samba How To Notes section on important changes
> > since
> > > >>    
> > > > 3.x,
> > > >  
> > > >> it says the following.
> > > >> "Group mappings are essential only if the Samba server is running
> > as a
> > > >> PDC/BDC.  Stand-alone servers do not require these group 
> mappings.".
> > > >>
> > > >> Can anyone help me to understand what I need to do to allow a
> > non-root
> > > >> user to perform printer admin functions on a stand-alone server?
> > > >>
> > > >> --
> > > >> To unsubscribe from this list go to the following URL and read the
> > > >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > >>    
> > >
>
>



More information about the samba mailing list