[Samba] RSAT Print Management won't show shared printers under the "Printers" section
L.P.H. van Belle
belle at bazuin.nl
Tue Oct 10 09:16:39 UTC 2017
Hai Tomas,
And Marc thank for having a look also.
@ Tomas, now i think you setup is ok, but review it based on my setup below.
Now, i am using samba 4.6.8 here, but this is working as of 4.2.x.
There where a few small problems, i just cant recall exact what these where.
If you want to stay in the 4.5 line, then its an option to try my 4.5.14 package if needed.
I did some testing also, my steps,
add printer in cups through webinterface, ( other network printers / HP Jet direct )
Add socket: socket://hostname:9100
Ext, name disc loc connection: ( socket )
Enabled Share This Printer.
Driver RAW.
Model Raw Queue
Add printer, banner none.
Cups result : Printer Test default options have been set successfully.
Changing to Win7 64Bit pc, start Print management. ( logged in as Admin ( member of domain admins) )
And.. No Test printer.. When you look directly after creating the printer in cups.
But, i've waited about 5-10 min, after i added the printer in cups.
Then a refresh and it did show up in my printer list.
And from that point i linked the driver, ( the view in Print management does not show it. )
A manual refresh and the printer is shown with with the driver.
Now, i browse with my windows explorer to the print server, the test printer is there.
And as a normal domain user, i connected to this printer and its installed. *Note, the driver was already deployed to the pc.
So except it takes some "waiting" time, this works fine for me.
The is a snap of my config(s)
This is my smb.conf.
[global]
log level = 0
workgroup = YOURNTDOM
security = ADS
realm = CHANGE.TO.YOUR_REALM
preferred master = no
domain master = no
host msdfs = no
interfaces = 192.168.0.5 127.0.0.1
bind interfaces only = yes
tls enabled = yes
tls keyfile = /etc/ssl/private/XXXXXXXXXX.key.pem
tls certfile = /etc/ssl/certs/XXXXXXXXXX.cert.pem
tls cafile = /etc/ssl/certs/XXXXXXXXXX-ca.pem
# !Note, samba 4.6.x idmap setup.
idmap config * :backend = tdb
idmap config * :range = 2000-9999
idmap config YOURNTDOM : backend = ad
idmap config YOURNTDOM : schema_mode = rfc2307
idmap config YOURNTDOM : range = 10000-3999999
idmap config YOURNTDOM : unix_nss_info = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind offline logon = yes
winbind expand groups = 4
username map = /etc/samba/samba_usermapping
usershare path =
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss:architecture = Windows x64
load printers = yes
enumports command = /etc/samba/bin/show-ports.sh
# (optional) I change these path locations to my own.
[print$]
comment = Printer Drivers
path = /home/samba/printing/drivers
acl_xattr:ignore system acl = yes
browseable = yes
writable = yes
guest ok = no
write list = root, administrator, @"Domain Admins", @lpadmin, @"Print Operators"
[printers]
comment = All Printers
path = /home/samba/printing/spool
acl_xattr:ignore system acl = yes
browseable = yes
printable = yes
printing = CUPS
# Optional
The path steps, normaly not needed, but this is how i did setup.
mkdir -p /home/samba/printing/{drivers,spool}
cp -R /var/lib/samba/printers/* /home/samba/printing/drivers
chmod -R 755 /home/samba
chmod -R 2777 /home/samba/printing/spool
My /etc/cups/cupsd.conf
LogLevel warn
MaxLogSize 0
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
ServerName FQDN
ServerAlias *
ServerTokens None
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
Browsing Off
BrowseLocalProtocols none
DefaultAuthType Negotiate
WebInterface Yes
The other settings in cupsd.conf are unchanged, i use the debian default where possible.
The certificates for cups are the same as in samba, but symlinked.
The "show-port.sh" , uses dedicated hostname for my printers in the DNS, A and PTR records.
#!/bin/bash
# To change the ports, only adjust the ip range in the line
# for ip in {10..40} ...
# means, start ip 10 until end ip 40
# Your local range is autodetected. ( like 192.168.0 )
# sample, ptr-010 = 192.168.0.10
# We dont want to lose the old printer ports..
echo "Samba Printer Port"
# Default local domain. ( rotterdam.bazuin.nl )
IPRANGE=$(hostname -i | cut -d"." -f1,2,3)
DOMAIN=$(hostname -d)
for ip in {10..40}
do
echo "${IPRANGE}.${ip}"
echo "ptr-0${ip}.${DOMAIN}"
Done
## optional.
# Other remote location
#IPRANGE="10.1.2"
#DOMAIN="other.domain.tld"
#for ip in {11..23}
#do
# echo "${IPRANGE}.${ip}"
# echo "loc-ptr-0${ip}.${DOMAIN}"
#done
( kinit Administrator )
SePrivileges, i've set the followin for BUILTIN\Administrators
net rpc rights list accounts -k -S NETBIOS_HOSTNAME
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
AND more important is this one.
# all SePrivileges set for the FQDN.
net rpc rights list accounts -k -S $(hostname -f)
BUILTIN\Print Operators
SePrintOperatorPrivilege
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
NTDOM\Domain Admins
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SePrintOperatorPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
Everyone
No privileges assigned
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Thomas Keppler via samba
> Verzonden: maandag 9 oktober 2017 20:55
> Aan: Marc Muehlfeld
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] RSAT Print Management won't show
> shared printers under the "Printers" section
>
> Hm, I really am wondering now:
>
> @Louis: How "recent" is your version of the RSAT tools on
> Windows 7? Everything up to date?
> If you, in turn, try out the standard Debian 4.5.8 version of
> Samba, can you still see printers?
> Do you have WINS enabled and working?
>
> @Marc: Good that you can replicate my scenario. :-D
>
> I don't have WINS support just yet with my domain.
>
> --
> Best regards
> Thomas
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list