[Samba] Printer server on AD server
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Nov 11 11:08:36 UTC 2015
On 11/11/15 10:41, Daniel Carrasco Marín wrote:
> Hi, first of all i'm sorry for my english.
>
> I'm trying to create a print server in the same server that has the samba
> AD but i cannot make it work. For now i've:
>
> - A working AD server with Samba 4.2.5
> - A Cups server with the print drivers
> - GPO policies to install the printers in the client computer
>
> All works perfect and even i can send test pages from cups, but i cannot
> print from clients computers.
>
> My smb.conf is:
>
> # Global parameters
> [global]
> workgroup = DOMAIN
> realm = aplein.red
> netbios name = PDC
> server role = active directory domain controller
> server services = +winbindd
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
> winbind expand groups = 4
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> # Juego de caractreres para archivos dos y unix
> dos charset = CP850
> unix charset = UTF-8
>
> # Mejoras para cups
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
>
> # Configuración para las impresoras
> printing = cups
> printcap name = cups
> load printers = yes
>
> # Impresión anónima (No funciona en AD)
> # map to guest = bad user
>
>
> # Opciones de Log
> log level = 2 winbind:10 auth:10
> debug uid = yes
> log file = /var/log/samba/%m.log
> max log size = 10000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
>
>
> [printers]
> comment = All Printers
> browseable = yes
> path = /var/spool/samba
> printable = yes
> guest ok = yes
> # read only = yes
> public = yes
> # create mask = 0700
> # valid users = @"Domain Users"
>
>
> [print$]
> comment = Printer Drivers
> path = /server/samba/printers
> browseable = yes
> #read only = no
> #public = yes
> #guest ok = yes
> valid users = @"Domain Users"
> write list = Administrator, @Printers_Admins
>
>
>
> And the log shows this:
>
> ==> log.wb-DOMAIN <==
> [2015/11/11 11:24:49.187927, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
> Need to read 28 extra bytes
> [2015/11/11 11:24:49.188048, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
> child daemon request 59
> [2015/11/11 11:24:49.188104, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual.c:510(child_process_request)
> child_process_request: request fn NDRCMD
> [2015/11/11 11:24:49.188149, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
> winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
> [2015/11/11 11:24:49.188244, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
> query_user: [Cached] - doing backend query for info for domain
> DOMAIN[2015/11/11 11:24:49.188292, 3, pid=1120, effective(0, 0), real(0,
> 0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
> sam_query_user
> [2015/11/11 11:24:49.204429, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
> refresh_sequence_number: DOMAIN time ok
> [2015/11/11 11:24:49.204546, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
> refresh_sequence_number: DOMAIN seq number is now 1
> [2015/11/11 11:24:49.204712, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
> wcache_save_user: S-1-5-21-2055965025-1941025422-1966682674-1109
> (acct_name d.carrasco)
> [2015/11/11 11:24:49.204849, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
> Finished processing child request 59
> [2015/11/11 11:24:49.204930, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
> Writing 3640 bytes to parent
> [2015/11/11 11:24:49.205702, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
> Need to read 28 extra bytes
> [2015/11/11 11:24:49.205836, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
> child daemon request 59
> [2015/11/11 11:24:49.205888, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual.c:510(child_process_request)
> child_process_request: request fn NDRCMD
> [2015/11/11 11:24:49.205932, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
> winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
> [2015/11/11 11:24:49.206059, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
> sid_to_name: [Cached] - doing backend query for name for domain
> DOMAIN[2015/11/11 11:24:49.206114, 3, pid=1120, effective(0, 0), real(0,
> 0), class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
> sam_sid_to_name
> [2015/11/11 11:24:49.221588, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
> refresh_sequence_number: DOMAIN time ok
> [2015/11/11 11:24:49.221712, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
> refresh_sequence_number: DOMAIN seq number is now 1
> [2015/11/11 11:24:49.221859, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
> wcache_save_sid_to_name: S-1-5-21-2055965025-1941025422-1966682674-513 ->
> DOMAIN\Domain Users (NT_STATUS_OK)
> [2015/11/11 11:24:49.221972, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
> Finished processing child request 59
> [2015/11/11 11:24:49.222058, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
> Writing 3560 bytes to parent
> [2015/11/11 11:24:49.234160, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
> Need to read 28 extra bytes
> [2015/11/11 11:24:49.234268, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
> child daemon request 59
> [2015/11/11 11:24:49.234320, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual.c:510(child_process_request)
> child_process_request: request fn NDRCMD
> [2015/11/11 11:24:49.234365, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
> winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
> [2015/11/11 11:24:49.234458, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
> query_user: [Cached] - doing backend query for info for domain
> DOMAIN[2015/11/11 11:24:49.234505, 3, pid=1120, effective(0, 0), real(0,
> 0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
> sam_query_user
> [2015/11/11 11:24:49.250376, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
> refresh_sequence_number: DOMAIN time ok
> [2015/11/11 11:24:49.250498, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
> refresh_sequence_number: DOMAIN seq number is now 1
> [2015/11/11 11:24:49.250664, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
> wcache_save_user: S-1-5-21-2055965025-1941025422-1966682674-1109
> (acct_name d.carrasco)
> [2015/11/11 11:24:49.250802, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
> Finished processing child request 59
> [2015/11/11 11:24:49.250877, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
> Writing 3640 bytes to parent
> [2015/11/11 11:24:49.251661, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
> Need to read 28 extra bytes
> [2015/11/11 11:24:49.251758, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
> child daemon request 59
> [2015/11/11 11:24:49.251808, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual.c:510(child_process_request)
> child_process_request: request fn NDRCMD
> [2015/11/11 11:24:49.251853, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
> winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
> [2015/11/11 11:24:49.251949, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
> sid_to_name: [Cached] - doing backend query for name for domain DOMAIN
> [2015/11/11 11:24:49.251996, 3, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
> sam_sid_to_name
> [2015/11/11 11:24:49.267429, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
> refresh_sequence_number: DOMAIN time ok
> [2015/11/11 11:24:49.267557, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
> refresh_sequence_number: DOMAIN seq number is now 1
> [2015/11/11 11:24:49.267705, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
> wcache_save_sid_to_name: S-1-5-21-2055965025-1941025422-1966682674-513 ->
> DOMAIN\Domain Users (NT_STATUS_OK)
> [2015/11/11 11:24:49.267818, 4, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
> Finished processing child request 59
> [2015/11/11 11:24:49.267868, 10, pid=1120, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
> Writing 3560 bytes to parent
>
> ==> winbindd.log <==
> [2015/11/11 11:24:49.186377, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
> process_request: Handling async request 1162:GETPWUID
> [2015/11/11 11:24:49.187025, 3, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
> getpwuid 10001
> [2015/11/11 11:24:49.187545, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
> idmap_cache_find_uid2sid found 10001
> [2015/11/11 11:24:49.205249, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
> SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
> [2015/11/11 11:24:49.205457, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
> find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
> [2015/11/11 11:24:49.205526, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
> calling find_domain_from_sid
> [2015/11/11 11:24:49.222253, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
> SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
> [2015/11/11 11:24:49.222483, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
> wb_request_done[1162:GETPWUID]: NT_STATUS_OK
> [2015/11/11 11:24:49.222624, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> winbind_client_response_written[1162:GETPWUID]: delivered response to
> client
> [2015/11/11 11:24:49.233686, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
> process_request: Handling async request 1162:GETPWUID
> [2015/11/11 11:24:49.233802, 3, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
> getpwuid 10001
> [2015/11/11 11:24:49.233904, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
> idmap_cache_find_uid2sid found 10001
> [2015/11/11 11:24:49.251178, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
> SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
> [2015/11/11 11:24:49.251420, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
> find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
> [2015/11/11 11:24:49.251489, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
> calling find_domain_from_sid
> [2015/11/11 11:24:49.268067, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
> SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
> [2015/11/11 11:24:49.268293, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
> wb_request_done[1162:GETPWUID]: NT_STATUS_OK
> [2015/11/11 11:24:49.268436, 10, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
> winbind_client_response_written[1162:GETPWUID]: delivered response to
> client
> [2015/11/11 11:24:51.489389, 6, pid=1111, effective(0, 0), real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
> closing socket 42, client exited
>
>
> I did not see any strange in that log...
>
> Is possible or i'm trying something impossible?
>
>
> Thanks and greetings!!
>
>
> PDTA: I know that the best practice is to have the print server on a
> separated computer but i don't have enough resources to do it.
First of all, I would remove these lines, they are either the defaults
or will not work on a DC:
server services = +winbindd
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind expand groups = 4
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Juego de caractreres para archivos dos y unix
dos charset = CP850
unix charset = UTF-8
# Mejoras para cups
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
Also, the last two could be your problem, spoolss is now built in.
Rowland
More information about the samba
mailing list