CUPS and Samba as Printserver in a Samba/LDAP-Domain
Disclaimer
No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies, that could be damage your system. Proceed with caution, and although this is highly unlikely, the author do not take any responsibility. All copyrights are held by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.
This short Howto describes a Samba-(3.0.23b-13) and CUPSYS-(1.2.1-2bpo1) configuration for a print server as member of an Samba-Domain with (Open)LDAP backend. This example is based on the sernet-samba package and the cups package from backports.org on an Debian sarge system.
First setting up the samba server. I use an OpenLDAP server as backend for the samba PDC/BDC. Here is my configuration:
# global parameters
[global]
## NETBIOS / Domain Server settings
workgroup = <your domain>
netbios name = <the netbios name>
security = domain
server string = <a string>
## USER / LDAP settings
ldap suffix = dc=your,dc=ldap,dc=suffix
ldap machine suffix = ou=machines
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap idmap suffix = ou=idmap
ldap admin dn=cn=admin,dc=your,dc=ldap,dc=suffix
idmap backend = ldap:ldap://<your ldap server ip>
winbind enum users = yes
winbind enum groups = yes
## WINS / DNS settings
wins server = <your WINS server ip('s)>
dns proxy = no
name resolve order = wins hosts bcast
## LOGGING
syslog = 0
log level = 3 passdb:1 auth:1 winbind:1
panic action = /usr/share/samba/panic-action %d
max log size = 1000
log file = /var/log/samba/log.%m
## MISC Files/Directories
map acl inherit = yes
case sensitive = no
directory mask = 0770
hide unreadable = yes
printcap name = cups
printing = cups
cups options = "raw"
### printer admin is marked as deprecated
### use: net rpc rights grant "<Domain\username>" SePrintOperatorPrivilege -U <admin>
[printers]
comment = all printers
path = /var/spool/samba
public = yes
guest ok = yes
writable = no
printable = yes
[print$]
comment = printer drivers
path = /var/lib/samba/printers
browseable = yes
guest ok = no
read only = yes
write list = root,"Domain\username"
Now check the nessesary directories for spooling the jobs /var/spool/samba and the printer drivers /var/lib/samba/printers and the right permissons. The printer admins need write access to the driver directory. Add a printer admin with the command (as root) net rpc rights grant "<Domain\name>" SePrintOperatorPrivilege -U <admin> and the associated; password. Sometimes you don't see it in the MS-Printer options dialog.
You also have to set up the /etc/ldap/ldap.conf like this:
BASE dc=your,dc=ldap,dc=suffix URI ldap://<your ldap server ip>:389 pam_password exop LDAP_VERSION 3 nss_base_passwd ou=people,dc=your,dc=ldap,dc=suffix?one nss_base_shadow ou=people,dc=your,dc=ldap,dc=suffix?one nss_base_group ou=groups,dc=your,dc=ldap,dc=suffix?one
Your /etc/nsswitch.conf (you need the 'libnss-ldap' package) should contain the following lines:
passwd: compat ldap winbind group: compat ldap winbind shadow: compat ldap hosts: files winbind dns
And don't forget a smbpasswd -w to set the LDAP-Password.
Now comment out the line beginning with application/octet-stream inside the files /etc/cups/mime.types and /etc/cups/mime.convs.
Use the admistration webfronted coming with cupsys to add some RAW-printers. Now you are ready to use the Add Printer Wizard or the cupsaddsmb to upload the necessary printer driver.
Todo: samba and cups fine tuning (refresh rate inside the printer view, ...)
Copyright and License
This document, CUPS and Samba as Printserver in a Samba/LDAP-Domain, is copyrighted (c) by Tom Geißer,.
last changes: 11.12.2006
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html.