[Samba] NSS and group enumeration in CUPS...

L.P.H. van Belle belle at bazuin.nl
Thu Jun 14 07:11:30 UTC 2018


Hai, 

@Rowland.
Yes, the link is what i have setup, but in less steps without sssd. 
For the kerberos part, you only need to add the HTTP/UPN. 
After a join with winbind you have the host/UPN. 
I must say that the CUPS setup is working great. 
Only 1 or 2 problems in almost 2 years.

@Marco, 
> ...but you have added 'locally' (eg, in /etc/group
> and /etc/shadow) the user 'winadmin', 'otherwinuser' and 'a-linuxuser'?!

Yes, i did add my AD admin user to a local group but only once. 
And its only for the lpadmin group. 

Everthing else can be done through windows groups. 
And yes, you can replace the lpadmin group for a windows group but thats more work imo. 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: woensdag 13 juni 2018 17:53
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NSS and group enumeration in CUPS...
> 
> On Wed, 13 Jun 2018 17:40:35 +0200
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> 
> > Mandi! Rowland Penny via samba
> >   In chel di` si favelave...
> > 
> > > > ...but you have added 'locally' (eg, in /etc/group
> > > > and /etc/shadow) the user 'winadmin', 'otherwinuser' and
> > > > 'a-linuxuser'?!
> > 
> > Ahem i meant '/etc/group' and '/etc/gshadow', sorry.
> > 
> > 
> > > It surprises me that nobody has mentioned 'kerberos' yet.
> > 
> > ?! Kerberos can also handle membership information?
> > 
> 
> No, but AD can, try reading this:
> 
> https://roughlea.wordpress.com/linux-administration/configurin
> g-cups-for-kerberos-authentication/
> 
> mentally replace all mentions of LDAP with AD ;-)
> 
> Never tried it, but it should work.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list