I'm running a CUPS print server with SuSe 9.0 Pro with printers shared through
Samba. I've recently upgraded from 2.28 to 3.010. My server is a member of an
NT 4 domain. I run winbind to authenticate users to the domain; however, I
also allow guest printing because many laptop users' machines are not domain
members.
There has been a change in guest printing behavior after the upgrade. Domain
authentication is working fine. Guest printing (desired) is working OK if the
guest's username is not a valid domain username. However, guest printing for
laptop users who have domain accounts but are not logged in to the domain does
not work and actually locks the user's domain account. In Samba 2.28, these
users would map to "nobody" and could print as desired.
I have tried changing the winbind use default domain parameter, the allow
trusted domains parameter, etc. with no change. I'd like to be able to
authenticate users if possible, but still provide guest printing to laptop
users. I've pasted a sanitized version of my smb.conf file below. What am I
overlooking?
Thanks,
Dan Willis
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/12/19 23:29:05
# Global parameters [global]
workgroup = DOMAINNAME
server string = Print server
security = DOMAIN
auth methods = guest, sam, winbind
allow trusted domains = No
min password length = 6
map to guest = Bad Password
pam password change = Yes
unix password sync = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 2
log file = /var/log/samba/log.%m
acl compatibility = win2k
name resolve order = wins lmhosts host bcast
time server = Yes
paranoid server security = No
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
domain master = No
dns proxy = No
wins server = IP ADDRESS
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = Yes
invalid users =
printer admin =
hosts deny =
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
level2 oplocks = No
[homes]
comment = Home Directories
valid users = %D/%U/%S
read only = No
create mask = 0640
directory mask = 0750
browseable = No
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
guest ok = Yes
printable = Yes
use client driver = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[Lexmark]
comment = Lexmark example printer
path = /var/tmp
printer admin = Mydomain\myusername
read only = No
create mask = 0600
guest ok = Yes
printable = Yes
printer name = Lexmark example printer
use client driver = Yes
oplocks = No
idmap backend =
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = No
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = Yes
winbind nested groups = No
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
