Further information on this issue includes output from my smblog file:
[2004/12/08 11:48:13, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
init_sam_from_ldap: Entry found for user: chuck
[2004/12/08 11:48:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(864)
init_ldap_from_sam: Setting entry for user: chuck
[2004/12/08 11:48:13, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [chuck] -> [chuck] FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/12/08 11:48:22, 2] smbd/server.c:exit_server(571)
Closing connections
This is repeated ten times for each attempt to display the printer properties dialog. I am able to see all other shares from the server, thus my NT and LM passwords are correct, so why the refusal?
See below for permissions I have set for the print spool and print driver directories.
Thanks, Chuck
At 04:11 PM 12/7/2004, Chuck Theobald wrote:
Hi All,
I finally signed up for the list after years of using Samba successfully - a testament to the quality of Samba. Yet now I have a problem with the point-and-print functionality. I am able to authenticate against my server (Solaris 8, Samba 3.0.7, OpenLDAP 2.1.25) as user 'chuck' in my LDAP directory and browse the shares, but when I right-click on the printer and select Properties (on WinXP), I get a dialog:
Printer properties cannot be displayed. Access is denied.
And no properties dialog is shown. I googled the above message and found exactly one reference, the advice of which I followed (chmod 1777 /var/spool/samba), to no avail. A bit of background information:
mansfield{79}# pwd /usr/local/samba mansfield{80}# bin/testparm Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[printers]" Processing section "[print$]" Processing section "[homes]" Processing section "[netlogon]" Processing section "[profiles]" Processing section "[htdocs]" Processing section "[data]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = LCNI-MAN
server string = Mansfield Server
passdb backend = ldapsam:ldap://mansfield.uoregon.edu
password level = 8
username level = 8
log level = 2 winbind:10
log file = /var/adm/samba/smblog.%m
max log size = 500
add user script = /usr/local/samba/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/samba/sbin/smbldap-userdel "%u"
add group script = /usr/local/samba/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/samba/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/samba/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/samba/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/samba/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=smbadmin,ou=people,dc=lcni,dc=uoregon,dc=edu
ldap delete dn = Yes
ldap group suffix = ou=group
ldap machine suffix = ou=people
ldap passwd sync = Yes
ldap suffix = dc=lcni,dc=uoregon,dc=edu
ldap ssl = start tls
ldap user suffix = ou=people
printer admin = @sysadmin, chuck, root, LCNI-MAN\chuck
printing = bsd
print command = /usr/ucb/lpr -r -P'%p' %s
lpq command = /usr/ucb/lpq -P'%p'
lprm command = /usr/ucb/lprm -P'%p' %j
[printers] path = /var/spool/samba printable = Yes browseable = No
[print$] comment = Print Driver Area path = /usr/local/samba/lib/printers write list = @sysadmin, chuck, root, LCNI-MAN\chuck browseable = No
[homes] comment = Home Directories read only = No browseable = No
[netlogon] comment = Domain Logon path = /usr/local/samba/lib/netlogon browseable = No
[profiles] comment = Roaming Profiles path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700
[htdocs] comment = Web Server Files path = /var/www/htdocs read only = No
[data]
comment = Basic Data Storage
path = /data
read only = No
mansfield{81}# ls -l /var/spool
total 14
drwxr-xr-x 4 root sys 512 Oct 8 2003 cron
drwxr-xr-x 2 uucp uucp 512 Nov 29 17:51 locks
drwxrwxr-x 7 lp lp 512 Dec 6 16:20 lp
drwxr-x--- 2 root bin 512 Dec 7 15:55 mqueue
drwxrwxrwt 4 root bin 512 Oct 9 2003 pkg
drwxr-xr-x 2 root lp 512 Oct 8 2003 print
drwxrwxrwt 2 root other 512 Dec 7 10:38 samba
mansfield{83}# ls -ld /usr/local/samba/lib/printers
drwxrwxr-x 4 root sysadmin 512 Dec 7 14:42 /usr/local/samba/lib/printers
mansfield{84}#
The sysadmin group is a native posix group on my server (not just an LDAP group), and chuck is listed as a user in /etc/group. I am trying to work from chapter 17 of the Samba-3 HOW-TO, but so far little joy except that of knowing I am not dealing with M$AD.
I will try the above with a native Unix user and see how that goes. Any advice on doing this with an LPAP user would be appreciated.
Thanks,
Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
