Fw: [Samba] Setting Global printer defaults on standalone server
running version samba 3.0.25
Richard Chapman
rchapman at aardvark.com.au
Wed Jan 30 00:28:10 GMT 2008
Hi Vickie (and others).
I think I spoke a bit soon... at least on the global default settings...
There are still a few strange things going on...
My situation is slightly different from yours (I think). My users don't
necessarily have logins on the linux server. I probably should use
"security = share" - but with this setting - I couldn't get the driver
upload to work. When I reverted to "security = user" (default) the
upload worked - but workstations without suitable usernames - couldn't
even see the server's shared printers. My solution was to use:
"map to guest = Bad Password" (see man smb.conf).
[global]
log file = /var/log/samba/%m.log
load printers = yes
smb ports = 139
enable privileges = yes
map to guest = Bad Password
encrypt passwords = yes
allow hosts = 192.168.0. 127.
dns proxy = no
cups options = raw
netbios name = C5
server string = Centos 5 Linux
workgroup = aardvarkwg
os level = 20
max log size = 50
[printers]
comment = All Printers
printable = yes
path = /var/spool/samba
public = yes
[print$]
comment = Windows Printer Driver Share
path = /var/lib/samba/drivers
public = yes
browseable = yes
read only = yes
write list = root, @ntadmin, richard, rhc
This seems to mostly work - but there are a few things I don't understand:
While logged in as a member of "ntadmin", I can upload drivers - and I
can open the servers "Printers & Faxes", then right click the Printer,
select Properties/advanced/printing defaults - and set the settings.
If I go to a workstation which has a login not recognised by the server
- I can install the printer and it downloads the drivers fine. The
printer works fine.
However:
On the non admin workstation - the initial printer settings do not match
the global defaults, and I can change the local defaults (both the
settings - and the defaults). Worse still - I can go to "server
properties" and delete "server side" drivers from the server (from the
non admin workstation). Interestingly - it doesn't actually seem to
delete files from the print$ share - but the driver does disappear from
the driver list - even when viewed on an admin worstation.
I do get an error if I try to upload drivers from a non-admin
workstation - (as I should).
It seems like the guest login has nearly all the rights of an "ntdmin'
login - but I can't figure out why. I am confident that the username on
the non-admin workstation is not a server logon - and certainly not
included in ntadmin.
Any ideas anyone...
Thanks.
Richard.
Vickie L. Kidder wrote:
>
> Richard,
>
> It is great to hear that you got printer upload working! I'm glad my
> response was of some help to you. When you posted your question, I
> had also been struggling with printer admin issue, and had just gotten
> it working with some help from the list.
>
>
> Vickie Kidder
> Information Systems
> McIlhenny Company
> 337.373.6126
>
>
>
> *Richard Chapman <rchapman at aardvark.com.au>*
>
> 01/28/2008 08:26 PM
>
>
> To
> "Vickie L. Kidder" <Vickie.Kidder at TABASCO.com>, Samba List
> <samba at lists.samba.org>
> cc
>
> Subject
> Re: Fw: [Samba] printer admin option replacement on stand alone (not
> domain) print server running version 3.0.25
>
>
>
>
>
>
>
>
>
> Hi Vickie
>
> I hope you don't mind me contacting you directly - but I wanted to thank
> you (and otters) for your help with this problem. I have finally got
> printer driver upload working - after having taken a break from it for a
> couple of weeks leave....
>
> Everything went more or less as you said - but I also had some "bad
> stuff" in my smb.conf - which took a bit of careful weeding to get rid
> off...:-)
>
> I think I have also just figured out how to set a global default
> "printer Preference" so that my printer prints monochrome by default.
> This is really wonderful...
>
> Thanks Vickie
>
> Richard.
>
>
> Vickie L. Kidder wrote:
> >
> > I was able to get my print drivers to upload after doing the following.
> >
> > 1) Checked that the settings for the printer driver upload directory
> > were set to allow my account to write to it.
> > /# ls -l /s01/samba
> > drwxrwsr-x 3 vlkidder samba 512 Jan 06 21:45 drivers
> >
> > 2) Removed the printer admin option from smb.conf file.
> > These are my current smb.conf settings related to printing.
> > ; Global Settings for Printers
> > printing = aix
> > load printers = yes
> > printcap name = /etc/printcap
> > print command = /usr/bin/lpr -P%p -h -r %s
> > lpq command = enq -e -As -P'%p'
> > use client driver = no
> > [printers]
> > comment = samba printers
> > path = /var/spool/samba
> > printable = yes
> > browseable = no
> > guest ok = no
> > public = no
> > read only = yes
> > writeable = no
> > [print$]
> > comment = samba printer driver upload
> > path = /s01/samba/drivers
> > write list = vlkidder
> > browseable = yes
> > guest ok = no
> > read only = yes
> >
> >
> > 3) Ran "net rpc rights grant vlkidder SePrintOperatorPrivilege" to
> > grant my account "vlkidder" printer admin rights.
> > I'm not sure why, but when I run a net rpc command I get this the
> > error message
> > "Could not connect to server 127.0.0.1 The username or password was
> > not correct. Connection failed: NT_STATUS_LOGON_FAILURE". There is a
> > password for root account in the smbpasswd file. If I reset the samba
> > password for root using "smbpasswd root", I can run the net rpc
> > commands with no problem.
> >
> >
> > That's it. Now driver upload works fine.
> >
> > The error I originally posted "_spoolss_addprinterdriver: Failed to
> > send message about upgrading driver[]!" still shows up in my log file.
> > The driver uploads and I'm able to modify the printer properties,
> > connect the printer to a client computer, and print, so I'm not going
> > to worry about it.
> >
> >
> > Richard Chapman <rchapman at aardvark.com.au> wrote on 01/05/2008
> > 06:42:11 PM:
> >
> > > Hi Vickie
> > >
> > > I have been following your thread in the samba list - and I think I am
> > > wrestling with a similar problem. I want to upload windows printer
> > > drivers to a workgroup samba server. My samba is also 3.0.25. on a
> > > Centos 5.1 server.
> > >
> > > I have put the "enable privilege = yes" into smb.conf - and
> > restarted samba.
> > > However - unlike you - when I try the command:
> > >
> > > #net rpc rights grant 'rhc' SePrintOperatorPrivilege
> > > And give the root password, I get the error:
> > > Failed to grant privileges for rhc (NT_STATUS_ACCESS_DENIED)
> > >
> > > "rhc" is a user on both the linux server and a windows client
> > > machine - though I must admit I am confused about how the two user5
> > > groups relate to each other in a workgroup samba setup.
> > >
> > > Curiously - if I attempt to grant the right to a non-existent user -
> > > I do not get an error.
> > >
> > > Since you seem to be trying to achieve the same thing - you may have
> > > encountered similar problems. Can you throw any light on this problem?
> > >
> > > Thanks
> > >
> > > Richard.
> > >
> > >
> > >
> > >
> > >
> > > Vickie L. Kidder wrote:
> > > > Thanks to those who responded to my original question.
> > > >
> > > > I ran this command and it accepted it after I provided the root
> > password.
> > > > # net rpc rights grant 'vlkidder' SePrintOperatorPrivilege
> > > >
> > > > Checked to see if 'vlkidder' had printer admin privilege and it
> > seems ok.
> > > > # net rpc rights list accounts
> > > > Password:
> > > > BUILTIN\Print Operators
> > > > No privileges assigned
> > > >
> > > > SMBTEST\vlkidder
> > > > SePrintOperatorPrivilege
> > > >
> > > > BUILTIN\Account Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Backup Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Server Operators
> > > > No privileges assigned
> > > >
> > > > BUILTIN\Administrators
> > > > SeMachineAccountPrivilege
> > > > SeTakeOwnershipPrivilege
> > > > SeBackupPrivilege
> > > > SeRestorePrivilege
> > > > SeRemoteShutdownPrivilege
> > > > SePrintOperatorPrivilege
> > > > SeAddUsersPrivilege
> > > > SeDiskOperatorPrivilege
> > > >
> > > > Everyone
> > > > No privileges assigned
> > > >
> > > > After using the Printer Wizard from Windows to upload the driver,
> > it goes
> > > > through the process of copying the driver files to the [print$]
> > directory,
> > > > but there is still an error in my log file.
> > > >
> > > > _spoolss_addprinterdriver: Failed to send message about
> > upgrading driver
> > > > []!
> > > > [2007/12/27 15:59:26, 1] smbd/service.c:close_cnum(1230)
> > > > vlkidder-06212 (10.1.3.8) closed connection to service print$
> > > >
> > > >
> > > >
> > > >
> > > >> I'm trying to upload print drivers to a stand-alone samba server
> > running
> > > >>
> > > >
> > > >
> > > >> version 3.0.25.
> > > >> The server is part of a workgroup (not domain).
> > > >>
> > > >> My log files show messages that it cannot update the driver.
> > > >> Before I had the printer admin option set in my smb.conf file to
> > allow a
> > > >>
> > > >
> > > >
> > > >> non-root user to do the printer admin and everything worked fine.
> > > >>
> > > >> I have read the Samba How To Notes section on important changes
> > since
> > > >>
> > > > 3.x,
> > > >
> > > >> it says the following.
> > > >> "Group mappings are essential only if the Samba server is running
> > as a
> > > >> PDC/BDC. Stand-alone servers do not require these group
> mappings.".
> > > >>
> > > >> Can anyone help me to understand what I need to do to allow a
> > non-root
> > > >> user to perform printer admin functions on a stand-alone server?
> > > >>
> > > >> --
> > > >> To unsubscribe from this list go to the following URL and read the
> > > >> instructions: https://lists.samba.org/mailman/listinfo/samba
> > > >>
> > >
>
>
More information about the samba
mailing list