You are not logged in.
Hi, I'm trying to get windows clients in my local lan to be able to print in a printer plugged in my linux box. I've tried many ways and I'm sick and tired. I can't get it to allow.
I tried accessing through "windows shares" and also with the address in the format of "http://IP_ADDRESS:631/printers/printer". Here is what I get in the Samba logs whenever I try to print from a windows client:
[2009/05/06 21:54:25, 0] printing/printing.c:print_job_start(2489)
print_job_start: insufficient permissions to open spool file /var/spool/samba/smbprn.00000005.FY4Mvb.
Please give me a hand. Here's my smb.conf:
[global]
workgroup = LOSMONTE
server string = Compu de Pablo
null passwords = Yes
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = No
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
I've already tried with "security = share", but it didn't work. I also tried adding the "[print$]" share mentioned in the Samba docs and also adding explicitly a share to my printer. Didn't work either.
Last edited by foolosophy (2009-05-07 18:18:55)
Offline
Try setting you spool path to /tmp, or change the permissions of /var/spool/samba.
[printers]
comment = All Printers
path = /tmp
guest ok = Yes
printable = Yes
browseable = No
or
$ chmod 777 /var/spool/samba
Last edited by Neb (2009-05-07 12:47:03)
Offline
Thank you very much. That solved it for the "http://IP_ADDRESS:631/printers/PRINTER_NAME" way (don't know why the other method does not work, but I guess that it doesn't matter.
EDIT: I was wrong. See next post.
Last edited by foolosophy (2009-05-07 15:05:45)
Offline
No, I have to correct myself.
I CAN print from a WinXP client setting the printer to an address of this format "http://IP_ADDRESS:631/printers/PRINTER_NAME" but not through the "point-n-click" configuration.
And I CANNOT print from a Windows Vista client, neither way. The way I see it, printing to the IP address and port number supposedly bypasses samba, and prints directly into CUPS. Right? Well, when trying to print directly to CUPS from a Windows Vista client, I get this in CUPS's "access log":
192.168.1.7 - - [07/May/2009:11:49:42 -0300] "POST /printers/Impresora HTTP/1.1" 200 132 Get-Printer-Attributes successful-ok
192.168.1.7 - - [07/May/2009:11:49:42 -0300] "POST /printers/Impresora HTTP/1.1" 200 75 windows-ext client-error-bad-request
192.168.1.7 - - [07/May/2009:11:49:42 -0300] "POST /printers/Impresora HTTP/1.1" 200 132 Get-Printer-Attributes successful-ok
192.168.1.7 - - [07/May/2009:11:50:06 -0300] "POST /printers/Impresora HTTP/1.1" 200 132 Get-Printer-Attributes successful-ok
192.168.1.7 - - [07/May/2009:11:50:10 -0300] "POST /printers/Impresora HTTP/1.1" 200 174 Get-Jobs successful-ok
192.168.1.7 - - [07/May/2009:11:50:12 -0300] "POST /printers/Impresora HTTP/1.1" 200 132 Get-Printer-Attributes successful-ok
192.168.1.7 - - [07/May/2009:11:50:13 -0300] "POST /printers/Impresora HTTP/1.1" 200 1624131 Print-Job client-error-not-authorized
Here is my CUPS config:
DefaultEncryption IfRequested
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup sys root
# Allow remote access
Port 631
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
Allow localhost
Allow all
# Allow shared printing...
Order allow,deny
Allow all
</Location>
<Location /admin>
Allow localhost
# Restrict access to the admin pages...
Order allow,deny
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Allow localhost
# Restrict access to the configuration files...
Order allow,deny
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
Any suggestions?
Last edited by foolosophy (2009-05-07 15:05:01)
Offline
You are right, should be able to add the printer in Vista with the format "http://IP_ADDRESS:631/printers/PRINTER_NAME"
The only thing I see different about your cupsd.conf is the access. I am not sure if it will matter but it should be Allow from ALL and BrowseAllow from ALL. Here is the modified version:
DefaultEncryption IfRequested
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup sys root
# Allow remote access
Port 631
#The above should work, might want to change to one interface like
#Listen 192.168.1.1:631
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
# Changed form BrowseAllow all
BrowseAllow from ALL
DefaultAuthType Basic
<Location />
#Allowing from all localhost is redundant
Allow from ALL
Order allow,deny
</Location>
<Location /admin>
Allow from @LOCAL
# Restrict access to the admin pages...
Order allow,deny
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Allow localhost
# Restrict access to the configuration files...
Order allow,deny
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
You also might want to change, after debugging, "Allow from ALL" and "BrowseAllow from ALL" to something more secure like IP or interface even. Something like
Allow from @IF(eth1)
BrowseAllow from 192.168.0.0/16
Just a thought
Last edited by Neb (2009-05-07 20:03:41)
Offline