Hi Vickie (and others).
I think I spoke a bit soon... at least on the global default settings...
There are still a few strange things going on...
My situation is slightly different from yours (I think). My users don't
necessarily have logins on the linux server. I probably should use
"security = share" - but with this setting - I couldn't get the driver
upload to work. When I reverted to "security = user" (default) the
upload worked - but workstations without suitable usernames - couldn't
even see the server's shared printers. My solution was to use:
"map to guest = Bad Password" (see man smb.conf).
[global]
log file = /var/log/samba/%m.log
load printers = yes
smb ports = 139
enable privileges = yes
map to guest = Bad Password
encrypt passwords = yes
allow hosts = 192.168.0. 127.
dns proxy = no
cups options = raw
netbios name = C5
server string = Centos 5 Linux
workgroup = aardvarkwg
os level = 20
max log size = 50
[printers]
comment = All Printers
printable = yes
path = /var/spool/samba
public = yes
[print$]
comment = Windows Printer Driver Share
path = /var/lib/samba/drivers
public = yes
browseable = yes
read only = yes
write list = root, @ntadmin, richard, rhc
This seems to mostly work - but there are a few things I don't understand:
While logged in as a member of "ntadmin", I can upload drivers - and I
can open the servers "Printers & Faxes", then right click the Printer,
select Properties/advanced/printing defaults - and set the settings.
If I go to a workstation which has a login not recognised by the server
- I can install the printer and it downloads the drivers fine. The
printer works fine.
However:
On the non admin workstation - the initial printer settings do not match
the global defaults, and I can change the local defaults (both the
settings - and the defaults). Worse still - I can go to "server
properties" and delete "server side" drivers from the server (from the
non admin workstation). Interestingly - it doesn't actually seem to
delete files from the print$ share - but the driver does disappear from
the driver list - even when viewed on an admin worstation.
I do get an error if I try to upload drivers from a non-admin
workstation - (as I should).
It seems like the guest login has nearly all the rights of an "ntdmin'
login - but I can't figure out why. I am confident that the username on
the non-admin workstation is not a server logon - and certainly not
included in ntadmin.
Any ideas anyone...
Thanks.
Richard.
Vickie L. Kidder wrote:
Richard,
It is great to hear that you got printer upload working! I'm glad my
response was of some help to you. When you posted your question, I
had also been struggling with printer admin issue, and had just gotten
it working with some help from the list.
Vickie Kidder
Information Systems
McIlhenny Company
337.373.6126
*Richard Chapman <[EMAIL PROTECTED]>*
01/28/2008 08:26 PM
To
"Vickie L. Kidder" <[EMAIL PROTECTED]>, Samba List
<[email protected]>
cc
Subject
Re: Fw: [Samba] printer admin option replacement on stand alone (not
domain) print server running version 3.0.25
Hi Vickie
I hope you don't mind me contacting you directly - but I wanted to thank
you (and otters) for your help with this problem. I have finally got
printer driver upload working - after having taken a break from it for a
couple of weeks leave....
Everything went more or less as you said - but I also had some "bad
stuff" in my smb.conf - which took a bit of careful weeding to get rid
off...:-)
I think I have also just figured out how to set a global default
"printer Preference" so that my printer prints monochrome by default.
This is really wonderful...
Thanks Vickie
Richard.
Vickie L. Kidder wrote:
>
> I was able to get my print drivers to upload after doing the following.
>
> 1) Checked that the settings for the printer driver upload directory
> were set to allow my account to write to it.
> /# ls -l /s01/samba
> drwxrwsr-x 3 vlkidder samba 512 Jan 06 21:45 drivers
>
> 2) Removed the printer admin option from smb.conf file.
> These are my current smb.conf settings related to printing.
> ; Global Settings for Printers
> printing = aix
> load printers = yes
> printcap name = /etc/printcap
> print command = /usr/bin/lpr -P%p -h -r %s
> lpq command = enq -e -As -P'%p'
> use client driver = no
> [printers]
> comment = samba printers
> path = /var/spool/samba
> printable = yes
> browseable = no
> guest ok = no
> public = no
> read only = yes
> writeable = no
> [print$]
> comment = samba printer driver upload
> path = /s01/samba/drivers
> write list = vlkidder
> browseable = yes
> guest ok = no
> read only = yes
>
>
> 3) Ran "net rpc rights grant vlkidder SePrintOperatorPrivilege" to
> grant my account "vlkidder" printer admin rights.
> I'm not sure why, but when I run a net rpc command I get this the
> error message
> "Could not connect to server 127.0.0.1 The username or password was
> not correct. Connection failed: NT_STATUS_LOGON_FAILURE". There is a
> password for root account in the smbpasswd file. If I reset the samba
> password for root using "smbpasswd root", I can run the net rpc
> commands with no problem.
>
>
> That's it. Now driver upload works fine.
>
> The error I originally posted "_spoolss_addprinterdriver: Failed to
> send message about upgrading driver[]!" still shows up in my log file.
> The driver uploads and I'm able to modify the printer properties,
> connect the printer to a client computer, and print, so I'm not going
> to worry about it.
>
>
> Richard Chapman <[EMAIL PROTECTED]> wrote on 01/05/2008
> 06:42:11 PM:
>
> > Hi Vickie
> >
> > I have been following your thread in the samba list - and I think I am
> > wrestling with a similar problem. I want to upload windows printer
> > drivers to a workgroup samba server. My samba is also 3.0.25. on a
> > Centos 5.1 server.
> >
> > I have put the "enable privilege = yes" into smb.conf - and
> restarted samba.
> > However - unlike you - when I try the command:
> >
> > #net rpc rights grant 'rhc' SePrintOperatorPrivilege
> > And give the root password, I get the error:
> > Failed to grant privileges for rhc (NT_STATUS_ACCESS_DENIED)
> >
> > "rhc" is a user on both the linux server and a windows client
> > machine - though I must admit I am confused about how the two user5
> > groups relate to each other in a workgroup samba setup.
> >
> > Curiously - if I attempt to grant the right to a non-existent user -
> > I do not get an error.
> >
> > Since you seem to be trying to achieve the same thing - you may have
> > encountered similar problems. Can you throw any light on this problem?
> >
> > Thanks
> >
> > Richard.
> >
> >
> >
> >
> >
> > Vickie L. Kidder wrote:
> > > Thanks to those who responded to my original question.
> > >
> > > I ran this command and it accepted it after I provided the root
> password.
> > > # net rpc rights grant 'vlkidder' SePrintOperatorPrivilege
> > >
> > > Checked to see if 'vlkidder' had printer admin privilege and it
> seems ok.
> > > # net rpc rights list accounts
> > > Password:
> > > BUILTIN\Print Operators
> > > No privileges assigned
> > >
> > > SMBTEST\vlkidder
> > > SePrintOperatorPrivilege
> > >
> > > BUILTIN\Account Operators
> > > No privileges assigned
> > >
> > > BUILTIN\Backup Operators
> > > No privileges assigned
> > >
> > > BUILTIN\Server Operators
> > > No privileges assigned
> > >
> > > BUILTIN\Administrators
> > > SeMachineAccountPrivilege
> > > SeTakeOwnershipPrivilege
> > > SeBackupPrivilege
> > > SeRestorePrivilege
> > > SeRemoteShutdownPrivilege
> > > SePrintOperatorPrivilege
> > > SeAddUsersPrivilege
> > > SeDiskOperatorPrivilege
> > >
> > > Everyone
> > > No privileges assigned
> > >
> > > After using the Printer Wizard from Windows to upload the driver,
> it goes
> > > through the process of copying the driver files to the [print$]
> directory,
> > > but there is still an error in my log file.
> > >
> > > _spoolss_addprinterdriver: Failed to send message about
> upgrading driver
> > > []!
> > > [2007/12/27 15:59:26, 1] smbd/service.c:close_cnum(1230)
> > > vlkidder-06212 (10.1.3.8) closed connection to service print$
> > >
> > >
> > >
> > >
> > >> I'm trying to upload print drivers to a stand-alone samba server
> running
> > >>
> > >
> > >
> > >> version 3.0.25.
> > >> The server is part of a workgroup (not domain).
> > >>
> > >> My log files show messages that it cannot update the driver.
> > >> Before I had the printer admin option set in my smb.conf file to
> allow a
> > >>
> > >
> > >
> > >> non-root user to do the printer admin and everything worked fine.
> > >>
> > >> I have read the Samba How To Notes section on important changes
> since
> > >>
> > > 3.x,
> > >
> > >> it says the following.
> > >> "Group mappings are essential only if the Samba server is running
> as a
> > >> PDC/BDC. Stand-alone servers do not require these group
mappings.".
> > >>
> > >> Can anyone help me to understand what I need to do to allow a
> non-root
> > >> user to perform printer admin functions on a stand-alone server?
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions: https://lists.samba.org/mailman/listinfo/samba
> > >>
> >
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
