[Samba] [printer]
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Jun 9 09:33:35 MDT 2011
I think
guest account = nobody
is enabled by default. But I found when I went from 3.0.x to 3.4.x that
samba would complain if the unix nobody user didn't already exist. I
created a separate "smb_nobody" account so that I could set permissions
for the "Windows" guest account if needed without accidentally granting
rights for anonymous or general unix or nfs users.
FYI
You could still use domain accounts and have people store data locally
(i.e. don't use roaming profiles.) I found- in my experience- that
once you have more than 5 XP machines that not having centralized
accounts got to be a PITA- at least if they were sharing data. I
guess it is also in my nature to like to keep network control as
structured as possible.
On 06/09/2011 10:55 AM, upen wrote:
> Hi,
> Thanks for helping me out.
>> Why are users using non-domain accounts?
> Answer : We provided 2 options 2 end users. One they can have domain
> accounts if they want to use store data for long term and want to
> access it remotely. Second, they can use local account where the data
> gets deleted after each logoff(locked account using steady state).
> Some users wish to use that local account and don't have domain
> account. They see printer ready but it doesn't print for them.
>
> Just want to provide extra information about guest account,
>
> testparm -s -v | grep "guest account"
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[netlogon]"
> Global parameter logon script found in service section!
> Processing section "[Profiles]"
> Processing section "[printers]"
> Global parameter guest account found in service section!
> Global parameter null passwords found in service section!
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> guest account = nobody
>
> Does this mean it is already mapped to nobody, if it is then do I
> still need to create a new account and replace nobody with that?
>
> If you can help me a little more I think I will have it working :)
>
> Thanks,
> ~A
>
>
> On Thu, Jun 9, 2011 at 9:45 AM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com> wrote:
>> I am not sure about printers but I ran into a similar issue with a guest
>> share. I had security=user, and set up a guest share. But users in
>> different domain could not connect, and the samba logs showed that the user
>> was unknown. (in this case domain trusts were not being user.)
>>
>>
>> Finally last week found the solution which was to set
>>
>> map to guest= bad user
>>
>> i.e. if the user is valid but the password is bad, the user can't connect.
>> But if the user is just unknown then treat them as a guest. You may also
>> need to explicitly create unix "guest" user account that is specified in
>> smb.conf (at least with samba 3.4. and higher.)
>>
>> e.g.
>> guest account = smb_nobody
>>
>>
>> Why are users using non-domain accounts?
>>
>>
>>
>> On 06/09/2011 10:31 AM, upen wrote:
>>> Alright, let's not assume.
>>>
>>> Load smb config files from /etc/samba/smb.conf
>>> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
>>> Processing section "[homes]"
>>> Processing section "[netlogon]"
>>> Global parameter logon script found in service section!
>>> Processing section "[Profiles]"
>>> Processing section "[printers]"
>>> Global parameter guest account found in service section!
>>> Global parameter null passwords found in service section!
>>> Processing section "[print$]"
>>> Loaded services file OK.
>>> Server role: ROLE_DOMAIN_PDC
>>> Press enter to see a dump of your service definitions
>>>
>>> security = USER
>>> paranoid server security = Yes
>>> security mask = 0777
>>> force security mode = 00
>>> directory security mask = 0777
>>> force directory security mode = 00
>>>
>>> I did those printer settings already but due to security=user it won't
>>> let the localuser on XP machine to print. Is there anyway to let
>>> everyone print with security=user enabled.
>>>
>>> On Thu, Jun 9, 2011 at 9:22 AM, Gaiseric Vandal
>>> <gaiseric.vandal at gmail.com> wrote:
>>>> You know what they say about ASS-U-ME ....
>>>>
>>>>
>>>> "testparm -v" will show you the current settings (whether explicitly set
>>>> or
>>>> default)
>>>>
>>>>
>>>> man smb.conf (3.5.) shows a possible samba printer share as :
>>>>
>>>>
>>>> [aprinter]
>>>> path = /usr/spool/public
>>>> read only = yes
>>>> printable = yes
>>>> guest ok = yes
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 06/09/2011 10:05 AM, upen wrote:
>>>>> Hello,
>>>>>
>>>>> I have configured samba as a PDC for Windows XP machines. It is
>>>>> running as domain. I haven't configured security = paramter but I
>>>>> assume it defaults to value 'user' . In this case if I have to share
>>>>> ALL printers on this system for anonymous printing, can I use security
>>>>> = share inside [printer] section and guest = ok then will it allow
>>>>> printing from local accounts on windows XP machines which are in
>>>>> domain? I don't want to set security=share in Global section.
>>>>>
>>>>> I believe there must be a way to get this to work. Any advise is
>>>>> appreciated.
>>>>>
>>>>> Thanks,
>>>>> ~A
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
More information about the samba
mailing list