Thanks for your input. Actually we tried using samba version 3.0.22 and changing the winbind separator to a +, and now it works fine. Altough the deleting is something slow, but that might be normal.
Arthur On 5/31/06, Ryan Novosielski <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use: printing = lprng print command = /opt/LPRng/bin/lpr -P%p -U%U -J'%J' -r %s lpq command = /opt/LPRng/bin/lpq -P%p lprm command = /opt/LPRng/bin/lprm -P%p -U%U %j lppause command = /opt/LPRng/sbin/lpc -U%U hold %p %j lpresume command = /opt/LPRng/sbin/lpc -U%U release %p %j queuepause command = /opt/LPRng/sbin/lpc -U%U -P%p stop queueresume command = /opt/LPRng/sbin/lpc -U%U -P%p start Arthur Guez wrote: > Hi, > > We've been stuck with this problem for a while now and we believe I > tried enough potential solutions to justify my posting here. We're > using samba 3.0.14a in Sarge in order to allow printing from > Windows workstations (The authentication works with > AD+Kerberos+Winbind) to a set of shared printers. Printing works > perfectly but we would like to allow users to have control over the > jobs (most importantly remove jobs) they submit and them only. > Unfortunately this does not seem to work with any of the > configurations we've tried. When a job is cancelled, it is replaced > in the windows queue by a job called "remote downlevel document" > Here are the relevant sections of our smb.conf file: (without any > of the hacks we attempted) > > [printers] comment = All Printers path = /var/spool/lpd printable = > yes printing = lprng load printers = yes printcap name = > /etc/printcap guest ok = no print command = /usr/bin/lpr -P%p > -r %s lpq command = /usr/bin/lpq -P%p lprm command = > /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p > %j lpresume command = /usr/sbin/lpc release %p %j queuepause > command = /usr/sbin/lpc stop %p queueresume command = > /usr/sbin/lpc start %p > > One of the things we've tried to do was to replace the lrprng > commands called by samba with setuid programs which call the same > commands but specify the user using the -U option. This works for > lpr as desired but for some unknown reason it seems that the > program that should be called instead of lprm is only called at > times when a user tries to remove a "remote downlevel document". > (When called on a "normal" job, it gets turned into a remote > downlevel, but the program is NOT called) Here is the same file as > above, configured for the above method: (we're using the default > lpd.perms) > > [printers] comment = All Printers path = /var/spool/lpd printable = > yes printing = lprng load printers = yes printcap name = > /etc/printcap guest ok = no print command = /usr/bin/setlpr > "[EMAIL PROTECTED]" "%p" "%s" lpq command = /usr/bin/lpq -P%p lprm > command = /usr/bin/setlprm "[EMAIL PROTECTED]" "%p" "%j" ... > > and the programs look like this: (they are setuid) setuid(0) > system("lprm -U%s -P%s %s", arg1, arg2, arg3); > > Also, we tried to modify the source, but we were surprised by the > fact that samba is doing so much permission checking, isn't that > the role of lprng ? > > Any kind of help would be greatly appreciated, thanks in advance. > > Arthur > > NOTE: Our users are of the form "CAMPUS\username". I don't know if > the backslash can cause a problem, but without using the -U option, > the owner appears as "CAMPUS\username" in lpq but just "username" > in the windows queue, and then "CAMPUS\username" in the windows > queue when it is a remote downlevel document. When using our > programs with the -U option it's just "username" everywhere. - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEfcDqmb+gadEcsb4RAjtXAKCeTMo2B9gNNU5YuVO+jxnVRiF55ACfUHwn sYk/+9zfW03evo5OojAVkS0= =uIzu -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba