[Samba] Printer server on AD server

Daniel Carrasco Marín danielmadrid19 at gmail.com
Wed Nov 11 11:59:44 UTC 2015


It's already done. I did a lot of tests, installed testing packages... and
y prefer to start with a clean system. Anyway was an empty domain with only
an user.

I'll report how it works ;)

Greetings!!
El 11 nov. 2015 12:43 p. m., "Rowland Penny" <rowlandpenny241155 at gmail.com>
escribió:

> On 11/11/15 11:31, Daniel Carrasco Marín wrote:
>
>> Thanks to both but did not worked. Tomorrow i'll try to reinstall the
>> whole OS because maybe i've installed something wrong.
>>
>> Greetings!!
>>
>> 2015-11-11 12:08 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com
>> <mailto:rowlandpenny241155 at gmail.com>>:
>>
>>     On 11/11/15 10:41, Daniel Carrasco Marín wrote:
>>
>>         Hi, first of all i'm sorry for my english.
>>
>>         I'm trying to create a print server in the same server that
>>         has the samba
>>         AD but i cannot make it work. For now i've:
>>
>>             - A working AD server with Samba 4.2.5
>>             - A Cups server with the print drivers
>>             - GPO policies to install the printers in the client computer
>>
>>
>>         All works perfect and even i can send test pages from cups,
>>         but i cannot
>>         print from clients computers.
>>
>>         My smb.conf is:
>>
>>         # Global parameters
>>         [global]
>>                  workgroup = DOMAIN
>>                  realm = aplein.red
>>                  netbios name = PDC
>>                  server role = active directory domain controller
>>                  server services = +winbindd
>>                  dns forwarder = 8.8.8.8
>>                  idmap_ldb:use rfc2307 = yes
>>
>>                  winbind nss info = rfc2307
>>                  winbind trusted domains only = no
>>                  winbind use default domain = yes
>>                  winbind enum users  = yes
>>                  winbind enum groups = yes
>>                  winbind refresh tickets = Yes
>>                  winbind expand groups = 4
>>                  vfs objects = acl_xattr
>>                  map acl inherit = Yes
>>                  store dos attributes = Yes
>>
>>                  # Juego de caractreres para archivos dos y unix
>>                  dos charset = CP850
>>                  unix charset = UTF-8
>>
>>                  # Mejoras para cups
>>                          rpc_server:spoolss = external
>>                          rpc_daemon:spoolssd = fork
>>
>>                  # Configuración para las impresoras
>>                          printing = cups
>>                          printcap name = cups
>>                          load printers = yes
>>
>>                  # Impresión anónima (No funciona en AD)
>>         #               map to guest = bad user
>>
>>
>>                  # Opciones de Log
>>                  log level = 2 winbind:10 auth:10
>>                  debug uid = yes
>>                  log file = /var/log/samba/%m.log
>>                  max log size = 10000
>>                  syslog = 0
>>                  panic action = /usr/share/samba/panic-action %d
>>
>>
>>         [printers]
>>                  comment = All Printers
>>                  browseable = yes
>>                  path = /var/spool/samba
>>                  printable = yes
>>                  guest ok = yes
>>         #       read only = yes
>>                  public = yes
>>         #       create mask = 0700
>>         #       valid users = @"Domain Users"
>>
>>
>>         [print$]
>>                  comment = Printer Drivers
>>                  path = /server/samba/printers
>>                  browseable = yes
>>                  #read only = no
>>                  #public = yes
>>                  #guest ok = yes
>>                  valid users = @"Domain Users"
>>                  write list = Administrator, @Printers_Admins
>>
>>
>>
>>         And the log shows this:
>>
>>         ==> log.wb-DOMAIN <==
>>         [2015/11/11 11:24:49.187927, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:68(child_read_request)
>>            Need to read 28 extra bytes
>>         [2015/11/11 11:24:49.188048,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1387(child_handler)
>>            child daemon request 59
>>         [2015/11/11 11:24:49.188104, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:510(child_process_request)
>>            child_process_request: request fn NDRCMD
>>         [2015/11/11 11:24:49.188149, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
>>            winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
>>         [2015/11/11 11:24:49.188244, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:2374(query_user)
>>            query_user: [Cached] - doing backend query for info for domain
>>         DOMAIN[2015/11/11 11:24:49.188292,  3, pid=1120, effective(0,
>>         0), real(0,
>>         0), class=winbind]
>>         ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
>>            sam_query_user
>>         [2015/11/11 11:24:49.204429, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN time ok
>>         [2015/11/11 11:24:49.204546, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN seq number is now 1
>>         [2015/11/11 11:24:49.204712, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
>>            wcache_save_user:
>>         S-1-5-21-2055965025-1941025422-1966682674-1109
>>         (acct_name d.carrasco)
>>         [2015/11/11 11:24:49.204849,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1395(child_handler)
>>            Finished processing child request 59
>>         [2015/11/11 11:24:49.204930, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:102(child_write_response)
>>            Writing 3640 bytes to parent
>>         [2015/11/11 11:24:49.205702, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:68(child_read_request)
>>            Need to read 28 extra bytes
>>         [2015/11/11 11:24:49.205836,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1387(child_handler)
>>            child daemon request 59
>>         [2015/11/11 11:24:49.205888, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:510(child_process_request)
>>            child_process_request: request fn NDRCMD
>>         [2015/11/11 11:24:49.205932, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
>>            winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
>>         [2015/11/11 11:24:49.206059, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
>>            sid_to_name: [Cached] - doing backend query for name for domain
>>         DOMAIN[2015/11/11 11:24:49.206114,  3, pid=1120, effective(0,
>>         0), real(0,
>>         0), class=winbind]
>>         ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
>>            sam_sid_to_name
>>         [2015/11/11 11:24:49.221588, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN time ok
>>         [2015/11/11 11:24:49.221712, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN seq number is now 1
>>         [2015/11/11 11:24:49.221859, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
>>            wcache_save_sid_to_name:
>>         S-1-5-21-2055965025-1941025422-1966682674-513 ->
>>         DOMAIN\Domain Users (NT_STATUS_OK)
>>         [2015/11/11 11:24:49.221972,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1395(child_handler)
>>            Finished processing child request 59
>>         [2015/11/11 11:24:49.222058, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:102(child_write_response)
>>            Writing 3560 bytes to parent
>>         [2015/11/11 11:24:49.234160, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:68(child_read_request)
>>            Need to read 28 extra bytes
>>         [2015/11/11 11:24:49.234268,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1387(child_handler)
>>            child daemon request 59
>>         [2015/11/11 11:24:49.234320, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:510(child_process_request)
>>            child_process_request: request fn NDRCMD
>>         [2015/11/11 11:24:49.234365, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
>>            winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (DOMAIN)
>>         [2015/11/11 11:24:49.234458, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:2374(query_user)
>>            query_user: [Cached] - doing backend query for info for domain
>>         DOMAIN[2015/11/11 11:24:49.234505,  3, pid=1120, effective(0,
>>         0), real(0,
>>         0), class=winbind]
>>         ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
>>            sam_query_user
>>         [2015/11/11 11:24:49.250376, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN time ok
>>         [2015/11/11 11:24:49.250498, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN seq number is now 1
>>         [2015/11/11 11:24:49.250664, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
>>            wcache_save_user:
>>         S-1-5-21-2055965025-1941025422-1966682674-1109
>>         (acct_name d.carrasco)
>>         [2015/11/11 11:24:49.250802,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1395(child_handler)
>>            Finished processing child request 59
>>         [2015/11/11 11:24:49.250877, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:102(child_write_response)
>>            Writing 3640 bytes to parent
>>         [2015/11/11 11:24:49.251661, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:68(child_read_request)
>>            Need to read 28 extra bytes
>>         [2015/11/11 11:24:49.251758,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1387(child_handler)
>>            child daemon request 59
>>         [2015/11/11 11:24:49.251808, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:510(child_process_request)
>>            child_process_request: request fn NDRCMD
>>         [2015/11/11 11:24:49.251853, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
>>            winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (DOMAIN)
>>         [2015/11/11 11:24:49.251949, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
>>            sid_to_name: [Cached] - doing backend query for name for
>>         domain DOMAIN
>>         [2015/11/11 11:24:49.251996,  3, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
>>            sam_sid_to_name
>>         [2015/11/11 11:24:49.267429, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN time ok
>>         [2015/11/11 11:24:49.267557, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
>>            refresh_sequence_number: DOMAIN seq number is now 1
>>         [2015/11/11 11:24:49.267705, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
>>            wcache_save_sid_to_name:
>>         S-1-5-21-2055965025-1941025422-1966682674-513 ->
>>         DOMAIN\Domain Users (NT_STATUS_OK)
>>         [2015/11/11 11:24:49.267818,  4, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:1395(child_handler)
>>            Finished processing child request 59
>>         [2015/11/11 11:24:49.267868, 10, pid=1120, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_dual.c:102(child_write_response)
>>            Writing 3560 bytes to parent
>>
>>         ==> winbindd.log <==
>>         [2015/11/11 11:24:49.186377, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
>>            process_request: Handling async request 1162:GETPWUID
>>         [2015/11/11 11:24:49.187025,  3, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
>>            getpwuid 10001
>>         [2015/11/11 11:24:49.187545, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
>>            idmap_cache_find_uid2sid found 10001
>>         [2015/11/11 11:24:49.205249, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
>>            SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
>>         [2015/11/11 11:24:49.205457, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
>>
>>  find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
>>         [2015/11/11 11:24:49.205526, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
>>            calling find_domain_from_sid
>>         [2015/11/11 11:24:49.222253, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
>>            SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
>>         [2015/11/11 11:24:49.222483, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
>>            wb_request_done[1162:GETPWUID]: NT_STATUS_OK
>>         [2015/11/11 11:24:49.222624, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
>>            winbind_client_response_written[1162:GETPWUID]: delivered
>>         response to
>>         client
>>         [2015/11/11 11:24:49.233686, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind] ../source3/winbindd/winbindd.c:725(process_request)
>>            process_request: Handling async request 1162:GETPWUID
>>         [2015/11/11 11:24:49.233802,  3, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd_getpwuid.c:47(winbindd_getpwuid_send)
>>            getpwuid 10001
>>         [2015/11/11 11:24:49.233904, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_uid2sid.c:54(wb_uid2sid_send)
>>            idmap_cache_find_uid2sid found 10001
>>         [2015/11/11 11:24:49.251178, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
>>            SID 0: S-1-5-21-2055965025-1941025422-1966682674-1109
>>         [2015/11/11 11:24:49.251420, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd_util.c:893(find_lookup_domain_from_sid)
>>
>>  find_lookup_domain_from_sid(S-1-5-21-2055965025-1941025422-1966682674-513)
>>         [2015/11/11 11:24:49.251489, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd_util.c:896(find_lookup_domain_from_sid)
>>            calling find_domain_from_sid
>>         [2015/11/11 11:24:49.268067, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/wb_sids2xids.c:109(wb_sids2xids_send)
>>            SID 0: S-1-5-21-2055965025-1941025422-1966682674-513
>>         [2015/11/11 11:24:49.268293, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind] ../source3/winbindd/winbindd.c:787(wb_request_done)
>>            wb_request_done[1162:GETPWUID]: NT_STATUS_OK
>>         [2015/11/11 11:24:49.268436, 10, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>
>> ../source3/winbindd/winbindd.c:851(winbind_client_response_written)
>>            winbind_client_response_written[1162:GETPWUID]: delivered
>>         response to
>>         client
>>         [2015/11/11 11:24:51.489389,  6, pid=1111, effective(0, 0),
>>         real(0, 0),
>>         class=winbind]
>>         ../source3/winbindd/winbindd.c:957(winbind_client_request_read)
>>            closing socket 42, client exited
>>
>>
>>         I did not see any strange in that log...
>>
>>         Is possible or i'm trying something impossible?
>>
>>
>>         Thanks and greetings!!
>>
>>
>>         PDTA: I know that the best practice is to have the print
>>         server on a
>>         separated computer but i don't have enough resources to do it.
>>
>>
>>     First of all, I would remove these lines, they are either the
>>     defaults or will not work on a DC:
>>
>>             server services = +winbindd
>>
>>             winbind nss info = rfc2307
>>             winbind trusted domains only = no
>>             winbind use default domain = yes
>>             winbind enum users  = yes
>>             winbind enum groups = yes
>>             winbind refresh tickets = Yes
>>             winbind expand groups = 4
>>             vfs objects = acl_xattr
>>             map acl inherit = Yes
>>             store dos attributes = Yes
>>
>>             # Juego de caractreres para archivos dos y unix
>>             dos charset = CP850
>>             unix charset = UTF-8
>>
>>             # Mejoras para cups
>>                     rpc_server:spoolss = external
>>                     rpc_daemon:spoolssd = fork
>>
>>     Also, the last two could be your problem, spoolss is now built in.
>>
>>     Rowland
>>
>>
>>
>>     --     To unsubscribe from this list go to the following URL and read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> Have you followed the instructions here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_print_server
>
> Reinstalling seems a bit extreme, check you have everything installed
> correctly before you take this step.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list