[Samba] CUPS and Samba4

[Lars Hanke]

Am 31.12.2014 um 03:43 schrieb Nico Kadel-Garcia:
> On Tue, Dec 30, 2014 at 5:04 PM, Lars Hanke <debian at lhanke.de> wrote:
>> Hi,
>>
>> I'm going to migrate my old CUPS server to a new setup. It shall provide the
>> printing backend for Samba4 and should integrate as seamless as possible.
>> Both Windows and Linux users should not require additional passwords, but
>> should be authenticated by their Kerberos tickets.
>
> There are a gazillion ways to configure both CUPS and Samba. Be clear
> on whether you need to support authenticated printing only, whether
> you are using Kerberos and Samba for genuine "Single-Sign-On"
> authentication, or whether people without credentials or with laptops
> not configured for your environment should be allowed to prent, and if
> so on which devices.

Yes, "gazillion ways" that also was my impression and the aim of this 
inquiry is to reduce the number of configurations to try and discard. ;)

Samba4 is aimed at a SSO solution for the network. There as many Linux 
systems as Windows on the net. Most Windows systems however are not 
joined - these are Win## Home licenses. Currently most of them print 
directly.

I have Laptops, which are neither joined and neither get their user 
information from LDAP, but when connected locally will be able get 
tickets from the DC (at least the linux boxes). They also will access 
file shares similar to WinXP Home systems.

So in short: Whoever has permission to print can get a Kerberos ticket 
or mount a file share. There are no anonymous file shares.

>> Is there anything particular to consider? E.g. has the CUPS server to be
>> joined to the AD and should it run a Samba instance of its own? Or is it
>> possible to have the DC delegate jobs to the CUPS server? Are there best
>> practices?

Hope that helped to outline the context for the best pratices.

Thanks for your help,
  - lars.