[Samba] anonymous printing not working

upen upendra.gandhi at gmail.com
Mon Jun 6 12:34:54 MDT 2011 

Hi,

I have samba+ldap running on ubuntu 10.04 have multiple windows XP
machines joined to the domain. A laserjet printer is configured on
samba server using cups and samba is also print server. Domain users
when they login to the Windows XP (domain option) then they can print
however non domain users can't print. IDeally this is best
configuration. However, I'd like to have non domain (local users)
logging into XP also to be able to print from that printer.

I login as local user to Windows XP and printer is shown ready so I go
for a test print from properties of that printer , it spools but
continues doing that until I Cancel the job after long wait. Nothing
shows up in cups log.

Here is Smb.conf

[global]
        # Domain name ..
        workgroup = MYDOMAIN
        # Server name - as seen by Windows PCs ..
        netbios name = DOMAINNB
        # Be a PDC ..
        domain logons = Yes
        domain master = Yes
        # Be a WINS server ..
        wins support = true
        obey pam restrictions = Yes
        dns proxy = No
        os level = 35
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog = 0
        panic action = /usr/share/samba/panic-action %d
        pam password change = Yes
        # Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
        unix password sync = no
        ldap passwd sync = yes
        # Printing from PCs will go via CUPS ..
        load printers = yes
        printing = cups
        printcap name = cups
        # Use LDAP for Samba user accounts and groups ..
        passdb backend = ldapsam:ldap://localhost
        # This must match init.ldif ..
        ldap suffix = dc=pdc
        # The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
        # This is done by running 'sudo smbpasswd -w'.
        ldap admin dn = cn=admin,dc=pdc
        # 4 OUs that Samba uses when creating user accounts, computer
accounts, etc.
        # (Because we are using smbldap-tools, call them 'Users',
'Computers', etc.)
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
   idmap uid = 10000-20000
   idmap gid = 10000-20000	

        ldap ssl = no
        add user script = /usr/sbin/smbldap-useradd -m '%u'
        delete user script = /usr/sbin/smbldap-userdel %u
        add group script = /usr/sbin/smbldap-groupadd -p '%g'
        delete group script = /usr/sbin/smbldap-groupdel '%g'
        add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
        delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
        add machine script = /usr/sbin/smbldap-useradd -w '%u'

logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
#logon script = logon.cmd
        # This is required for Windows XP client ..
        server signing = auto
        server schannel = Auto
[homes]
        comment = Home Directory for %S
        valid users = %S
        read only = No
        browseable = No
	strict sync = yes
	sync always = yes	
	create mask = 0700
	directory mask = 0700
	hide files = /DESKTOP.INI/desktop.ini/Desktop.ini/
[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        admin users = root
        guest ok = Yes
        browseable = No
        logon script = logon.cmd
   	read only = yes
#   	share modes = no
[Profiles]
        comment = Roaming Profile Share
        # would probably change this to elsewhere in a production system ..
        path = /var/lib/samba/profiles
        read only = No
        profile acls = Yes
        browsable = No
[printers]
	comment = All Printers
        path = /var/spool/samba
        use client driver = Yes
        create mask = 0700
	guest ok = Yes
        printable = Yes
        # browseable = No
        browseable = Yes
	browsable = Yes
        public = Yes
        writable = Yes
	null passwords = Yes
[print$]
        comment = Printer Drivers Share
        path = /var/lib/samba/printers
        write list = root
        create mask = 0664
        directory mask = 0775
        admin users = root

##Additional Info ###

ls -ald /var/spool/samba
drwxrwxrwt 2 root root 4096 2011-06-06 12:23 /var/spool/samba

testparm -s -v | grep "guest account"
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[netlogon]"
Global parameter logon script found in service section!
Processing section "[Profiles]"
Processing section "[printers]"
Global parameter security found in service section!
Global parameter null passwords found in service section!
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
guest account = nobody


Question, is it possible to configure so that non domain user can
print when logged into XP?

I have printer configured using registry on XP machine so that all
users see that \\DOMAIN\printer but print jobs are just getting
spooled for non domain users. (local user is part of 'Users' group on
Windows XP XP)

Print works from local XP administrator account and domain account
using same shared printer.

Thanks in advance.

More information about the samba mailing list