[Samba] Printer server on AD server
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Wed Nov 11 10:41:05 UTC 2015
Hi, first of all i'm sorry for my english.
I'm trying to create a print server in the same server that has the samba
AD but i cannot make it work. For now i've:
- A working AD server with Samba 4.2.5
- A Cups server with the print drivers
- GPO policies to install the printers in the client computer
All works perfect and even i can send test pages from cups, but i cannot
print from clients computers.
My smb.conf is:
# Global parameters
[global]
workgroup = DOMAIN
realm = aplein.red
netbios name = PDC
server role = active directory domain controller
server services = +winbindd
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind expand groups = 4
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Juego de caractreres para archivos dos y unix
dos charset = CP850
unix charset = UTF-8
# Mejoras para cups
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
# Configuración para las impresoras
printing = cups
printcap name = cups
load printers = yes
# Impresión anónima (No funciona en AD)
# map to guest = bad user
# Opciones de Log
log level = 2 winbind:10 auth:10
debug uid = yes
log file = /var/log/samba/%m.log
max log size = 10000
syslog = 0
panic action = /usr/share/samba/panic-action %d
[printers]
comment = All Printers
browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
# read only = yes
public = yes
# create mask = 0700
# valid users = @"Domain Users"
[print$]
comment = Printer Drivers
path = /server/samba/printers
browseable = yes
#read only = no
#public = yes
#guest ok = yes
valid users = @"Domain Users"
write list = Administrator, @Printers_Admins
And the log shows this:
==> log.wb-DOMAIN <==
[2015/11/11 11:24:49.187927, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
Need to read 28 extra bytes
[2015/11/11 11:24:49.188048, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
child daemon request 59
[2015/11/11 11:24:49.188104, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual.c:510(child_process_request)
child_process_request: request fn NDRCMD
[2015/11/11 11:24:49.188149, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
[2015/11/11 11:24:49.188244, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
query_user: [Cached] - doing backend query for info for domain
DOMAIN[2015/11/11 11:24:49.188292, 3, pid=1120, effective(0, 0), real(0,
0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
sam_query_user
[2015/11/11 11:24:49.204429, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
refresh_sequence_number: DOMAIN time ok
[2015/11/11 11:24:49.204546, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
refresh_sequence_number: DOMAIN seq number is now 1
[2015/11/11 11:24:49.204712, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
wcache_save_user: S-1-5-21-2055965025-1941025422-1966682674-1109
(acct_name d.carrasco)
[2015/11/11 11:24:49.204849, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
Finished processing child request 59
[2015/11/11 11:24:49.204930, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
Writing 3640 bytes to parent
[2015/11/11 11:24:49.205702, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
Need to read 28 extra bytes
[2015/11/11 11:24:49.205836, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
child daemon request 59
[2015/11/11 11:24:49.205888, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual.c:510(child_process_request)
child_process_request: request fn NDRCMD
[2015/11/11 11:24:49.205932, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
[2015/11/11 11:24:49.206059, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
sid_to_name: [Cached] - doing backend query for name for domain
DOMAIN[2015/11/11 11:24:49.206114, 3, pid=1120, effective(0, 0), real(0,
0), class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
sam_sid_to_name
[2015/11/11 11:24:49.221588, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
refresh_sequence_number: DOMAIN time ok
[2015/11/11 11:24:49.221712, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
refresh_sequence_number: DOMAIN seq number is now 1
[2015/11/11 11:24:49.221859, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
wcache_save_sid_to_name: S-1-5-21-2055965025-1941025422-1966682674-513 ->
DOMAIN\Domain Users (NT_STATUS_OK)
[2015/11/11 11:24:49.221972, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
Finished processing child request 59
[2015/11/11 11:24:49.222058, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
Writing 3560 bytes to parent
[2015/11/11 11:24:49.234160, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
Need to read 28 extra bytes
[2015/11/11 11:24:49.234268, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
child daemon request 59
[2015/11/11 11:24:49.234320, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual.c:510(child_process_request)
child_process_request: request fn NDRCMD
[2015/11/11 11:24:49.234365, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
[2015/11/11 11:24:49.234458, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
query_user: [Cached] - doing backend query for info for domain
DOMAIN[2015/11/11 11:24:49.234505, 3, pid=1120, effective(0, 0), real(0,
0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
sam_query_user
[2015/11/11 11:24:49.250376, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
refresh_sequence_number: DOMAIN time ok
[2015/11/11 11:24:49.250498, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
refresh_sequence_number: DOMAIN seq number is now 1
[2015/11/11 11:24:49.250664, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
wcache_save_user: S-1-5-21-2055965025-1941025422-1966682674-1109
(acct_name d.carrasco)
[2015/11/11 11:24:49.250802, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
Finished processing child request 59
[2015/11/11 11:24:49.250877, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
Writing 3640 bytes to parent
[2015/11/11 11:24:49.251661, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
Need to read 28 extra bytes
[2015/11/11 11:24:49.251758, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
child daemon request 59
[2015/11/11 11:24:49.251808, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual.c:510(child_process_request)
child_process_request: request fn NDRCMD
[2015/11/11 11:24:49.251853, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
[2015/11/11 11:24:49.251949, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
sid_to_name: [Cached] - doing backend query for name for domain DOMAIN
[2015/11/11 11:24:49.251996, 3, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
sam_sid_to_name
[2015/11/11 11:24:49.267429, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
refresh_sequence_number: DOMAIN time ok
[2015/11/11 11:24:49.267557, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
refresh_sequence_number: DOMAIN seq number is now 1
[2015/11/11 11:24:49.267705, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
wcache_save_sid_to_name: S-1-5-21-2055965025-1941025422-1966682674-513 ->
DOMAIN\Domain Users (NT_STATUS_OK)
[2015/11/11 11:24:49.267818, 4, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
Finished processing child request 59
[2015/11/11 11:24:49.267868, 10, pid=1120, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
Writing 3560 bytes to parent
==> winbindd.log <==
[2015/11/11 11:24:49.186377, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 1162:GETPWUID
[2015/11/11 11:24:49.187025, 3, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
getpwuid 10001
[2015/11/11 11:24:49.187545, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
idmap_cache_find_uid2sid found 10001
[2015/11/11 11:24:49.205249, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
[2015/11/11 11:24:49.205457, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
[2015/11/11 11:24:49.205526, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
calling find_domain_from_sid
[2015/11/11 11:24:49.222253, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
[2015/11/11 11:24:49.222483, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[1162:GETPWUID]: NT_STATUS_OK
[2015/11/11 11:24:49.222624, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:851(winbind_client_response_written)
winbind_client_response_written[1162:GETPWUID]: delivered response to
client
[2015/11/11 11:24:49.233686, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
process_request: Handling async request 1162:GETPWUID
[2015/11/11 11:24:49.233802, 3, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
getpwuid 10001
[2015/11/11 11:24:49.233904, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
idmap_cache_find_uid2sid found 10001
[2015/11/11 11:24:49.251178, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
[2015/11/11 11:24:49.251420, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
[2015/11/11 11:24:49.251489, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
calling find_domain_from_sid
[2015/11/11 11:24:49.268067, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
[2015/11/11 11:24:49.268293, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
wb_request_done[1162:GETPWUID]: NT_STATUS_OK
[2015/11/11 11:24:49.268436, 10, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:851(winbind_client_response_written)
winbind_client_response_written[1162:GETPWUID]: delivered response to
client
[2015/11/11 11:24:51.489389, 6, pid=1111, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:957(winbind_client_request_read)
closing socket 42, client exited
I did not see any strange in that log...
Is possible or i'm trying something impossible?
Thanks and greetings!!
PDTA: I know that the best practice is to have the print server on a
separated computer but i don't have enough resources to do it.
More information about the samba
mailing list