Web lists-archives.com

Re: [Samba] RSAT Print Management won't show shared printers under the "Printers" section




Hai Tomas, 

And Marc thank for having a look also.

@ Tomas, now i think you setup is ok, but review it based on my setup below. 
Now, i am using samba 4.6.8 here, but this is working as of 4.2.x.
There where a few small problems, i just cant recall exact what these where. 
If you want to stay in the 4.5 line, then its an option to try my 4.5.14 package if needed.

I did some testing also, my steps, 
add printer in cups through webinterface, ( other network printers / HP Jet direct ) 
Add socket: socket://hostname:9100 
Ext, name disc loc connection: ( socket ) 
Enabled Share This Printer. 

Driver RAW. 
Model Raw Queue
Add printer, banner none. 
Cups result : Printer Test default options have been set successfully.  

Changing to Win7 64Bit pc, start Print management. ( logged in as Admin ( member of domain admins) )
And.. No Test printer..  When you look directly after creating the printer in cups.
But, i've waited about 5-10 min, after i added the printer in cups. 
Then a refresh and it did show up in my printer list. 
And from that point i linked the driver, ( the view in Print management does not show it. ) 
A manual refresh and the printer is shown with with the driver. 

Now, i browse with my windows explorer to the print server, the test printer is there.
And as a normal domain user, i connected to this printer and its installed. *Note, the driver was already deployed to the pc. 
So except it takes some "waiting" time, this works fine for me. 

The is a snap of my config(s)

This is my smb.conf. 

[global]
    log level = 0
    workgroup = YOURNTDOM
    security = ADS
    realm = CHANGE.TO.YOUR_REALM
    preferred master = no
    domain master = no
    host msdfs = no

    interfaces = 192.168.0.5 127.0.0.1
    bind interfaces only = yes

    tls enabled = yes
    tls keyfile = /etc/ssl/private/XXXXXXXXXX.key.pem
    tls certfile = /etc/ssl/certs/XXXXXXXXXX.cert.pem
    tls cafile = /etc/ssl/certs/XXXXXXXXXX-ca.pem

    # !Note, samba 4.6.x idmap setup.
    idmap config * :backend = tdb
    idmap config * :range = 2000-9999
    idmap config YOURNTDOM : backend = ad
    idmap config YOURNTDOM : schema_mode = rfc2307
    idmap config YOURNTDOM : range = 10000-3999999
    idmap config YOURNTDOM : unix_nss_info = yes

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    winbind refresh tickets = yes
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind offline logon = yes
    winbind expand groups = 4

    username map = /etc/samba/samba_usermapping
    usershare path =

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
    hide unreadable = yes

    rpc_server:spoolss = external
    rpc_daemon:spoolssd = fork
    spoolss:architecture = Windows x64
    load printers = yes

    enumports command = /etc/samba/bin/show-ports.sh

# (optional) I change these path locations to my own. 
[print$]
   comment = Printer Drivers
   path = /home/samba/printing/drivers
   acl_xattr:ignore system acl = yes
   browseable = yes
   writable = yes
   guest ok = no
   write list = root, administrator, @"Domain Admins", @lpadmin, @"Print Operators"

[printers]
   comment = All Printers
   path = /home/samba/printing/spool
   acl_xattr:ignore system acl = yes
   browseable = yes
   printable = yes
   printing = CUPS

# Optional 
The path steps, normaly not needed, but this is how i did setup. 
mkdir -p /home/samba/printing/{drivers,spool}
cp -R /var/lib/samba/printers/* /home/samba/printing/drivers
chmod -R 755 /home/samba
chmod -R 2777  /home/samba/printing/spool


My /etc/cups/cupsd.conf

LogLevel warn
MaxLogSize 0
# Allow remote access 
Port 631
Listen /var/run/cups/cups.sock
ServerName FQDN
ServerAlias *
ServerTokens None
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
Browsing Off
BrowseLocalProtocols none
DefaultAuthType Negotiate
WebInterface Yes

The other settings in cupsd.conf are unchanged, i use the debian default where possible. 
The certificates for cups are the same as in samba, but symlinked. 


The "show-port.sh" , uses dedicated hostname for my printers in the DNS, A and PTR records. 
#!/bin/bash
# To change the ports, only adjust the ip range in the line
# for ip in {10..40} ...
# means, start ip 10 until end ip 40
# Your local range is autodetected. ( like 192.168.0 )
# sample, ptr-010 = 192.168.0.10

# We dont want to lose the old printer ports..
echo "Samba Printer Port"
# Default local domain. ( rotterdam.bazuin.nl )
IPRANGE=$(hostname -i | cut -d"." -f1,2,3)
DOMAIN=$(hostname -d)
for ip in {10..40}
do
 echo "${IPRANGE}.${ip}"
 echo "ptr-0${ip}.${DOMAIN}"
Done
## optional. 
# Other remote location
#IPRANGE="10.1.2"
#DOMAIN="other.domain.tld"
#for ip in {11..23}
#do
# echo "${IPRANGE}.${ip}"
# echo "loc-ptr-0${ip}.${DOMAIN}"
#done

( kinit Administrator ) 
SePrivileges, i've set the followin for BUILTIN\Administrators
net rpc rights list accounts -k -S NETBIOS_HOSTNAME 
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege

AND more important is this one. 
# all SePrivileges set for the FQDN. 
net rpc rights list accounts -k -S $(hostname -f)
BUILTIN\Print Operators
SePrintOperatorPrivilege

BUILTIN\Account Operators
No privileges assigned

BUILTIN\Backup Operators
No privileges assigned

BUILTIN\Server Operators
No privileges assigned

NTDOM\Domain Admins
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SePrintOperatorPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege

BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege

Everyone
No privileges assigned


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Thomas Keppler via samba
> Verzonden: maandag 9 oktober 2017 20:55
> Aan: Marc Muehlfeld
> CC: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] RSAT Print Management won't show 
> shared printers under the "Printers" section
> 
> Hm, I really am wondering now:
> 
> @Louis: How "recent" is your version of the RSAT tools on 
> Windows 7? Everything up to date?
> If you, in turn, try out the standard Debian 4.5.8 version of 
> Samba, can you still see printers?
> Do you have WINS enabled and working?
> 
> @Marc: Good that you can replicate my scenario. :-D
> 
> I don't have WINS support just yet with my domain.
> 
> --
> Best regards
> Thomas
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba