[Samba] Upgrade to 2:4.16.2+dfsg-1nmu1~deb11.1 borks printing
L. van Belle
belle at samba.org
Thu Sep 1 07:20:35 UTC 2022
i've been reading the thread, On this.
>> Absolutely nothing prints except a test page submitted directly through
the CUPS web GUI
So, then yes, this has to be the link between samba and cups.
so, I suggest to enable debugging and to not get overloaded in it.
Read these first.
And enable debugging for 1 client, makes debugging bit more easy.
Can you also share a smb.conf and/or compare it to mine,
as im also running with this version : 2:4.16.2+dfsg-1nmu1~deb11.1 and no
I use backend AD with point and print setup.
All printer shares are pushed through AD with \\FQ.DN.TLD\printer
And my printer had A and PTR dns records.
# Workaround *na laatste CVE update.
min domain uid = 0
#log level = 1 auth_audit:3
#log level = 0 full_audit:2@/var/log/samba_audit.log
log level = 0
workgroup = ADDOM
security = ADS
realm = ADDOM.DOMAIN.TLD
netbios name = PRINT1
preferred master = no
domain master = no
host msdfs = no
interfaces = 192.168.1.11 127.0.0.1
bind interfaces only = yes
dns proxy = yes
# Add and Update TLS Key
tls enabled = yes
tls keyfile = /etc/ssl/local/private/XXXXXXX.key
tls certfile = /etc/ssl/local/certs/XXXXXXX.crt
tls cafile = /etc/ssl/local/XXXXXXX_CA_Intermediate.crt
## map id's outside to domain to tdb files.
idmap config * :backend = tdb
idmap config * :range = 2000-9999
## map ids from the domain the range may not overlap !
idmap config ADDOM : backend = ad
idmap config ADDOM : schema_mode = rfc2307
idmap config ADDOM : range = 10000-3999999
idmap config ADDOM : unix_primary_group = yes
idmap config ADDOM : unix_nss_info = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# Renew the kerberos ticket
winbind refresh tickets = yes
# show domain prefix
# set to no, dont use the default domain, output shows: DOMAIN\user
# set to yes, use the default domain, output shows: user
winbind use default domain = yes
# show users with getent passwd
winbind enum users = no
winbind enum groups = no
# enable offline logins
winbind offline logon = yes
# check depth of nested groups, ! slows down you samba, if to much
winbind expand groups = 1
# user Administrator workaround, without it you are unable to set
username map = /etc/samba/samba_usermapping
# disable usershares creating, when set empty no error log messages.
usershare path =
# For Windows ACL support on member file server, enabled globaly,
# For a mixed setup of rights, put this per share!
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
# Share Setting Globally
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
##### PRINT SERVER PART #######
#enable asu support = yes
## Enabling spoolssd
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss:architecture = Windows x64
spoolssd:prefork_min_children = 5 # Minimum number of child
spoolssd:prefork_max_children = 25 # Maximum number of child
spoolssd:prefork_spawn_rate = 5 # Start (fork) x new childs
if one connection comes in (up to prefork_max_children)
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child
process should be responsible for
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a
child process (60 seconds
# is the minimum, even a lower value has been configured)
load printers = yes
# Windows clients look for this share name as a source of downloadable
# printer drivers
comment = Printer Drivers
path = /var/lib/samba/printers
acl_xattr:ignore system acl = yes
browseable = yes
writable = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
write list = root, administrator, @"Domain Admins", @lpadmin, @"Print
comment = All Printers
path = /var/lib/samba/printing/spool
acl_xattr:ignore system acl = yes
browseable = yes
printable = yes
printing = CUPS
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Aaron de Bruyn via
> Verzonden: woensdag 31 augustus 2022 21:33
> Aan: Rowland penny <rpenny at samba.org>; samba at lists.samba.org
> Onderwerp: Re: [Samba] Upgrade to 2:4.16.2+dfsg-1nmu1~deb11.1 borks
> These machines are all domain members, not DCs.
> I'll do some more troubleshooting tonight and enable debugging when the
> network is quiet and see if I can find anything.
> On Wed Aug 31, 2022, 06:06 PM GMT, Rowland Penny via samba
> <mailto:samba at lists.samba.org> wrote:
> > On Wed, 2022-08-31 at 17:52 +0000, Aaron de Bruyn wrote:
> >> Hey Rowland,
> >> I did see that thread.
> >> I don't have a /var/cache/samba/printer_list.tdb.
> > Funny that, I don't print, but I have, but only on Unix domain member.
> >> # find /var/cache/samba -iname '*print*'
> >> /var/cache/samba/printing
> >> /var/cache/samba/printing/printers.tdb
> >> #
> >> I did try stopping Samba and CUPS at one site and I removed the
> >> printers.tdb file, then started Samba and CUPS. That didn't resolve
> >> the issue.
> > The fix was posted by Andreas and he should know, he writes some of
> > the code. I wouldn't have a clue about printing.
> > Rowland
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba