Tisknuti na Sambe s lprng
Matej Cepl
cepl.m na neu.edu
Úterý Duben 23 03:11:57 CEST 2002
Dobrý den,
omlouvám se velice za to, že se tady ptám asi velice FA. Ale
skutečně ať hledám, jak hledám, nedokážu najít odpověď. Mám tady
síťku jenom mezi mnou (RedHat 7.0 na desktopu, samba 2.0.10-0.7,
LPRng 3.7.4-23) a moji manželkou (Windows 98 na notebooku) a
nějak nedokážu rozjet vzdálený tisk (k Linuxu je připojena
tiskárna HP DeskJet 400). Windowsi mi nadávají, že není možné
najít tiskárnu a to i tehdy, když jsem si ji do příslušného
chlívečku nabrowsoval (uznávám, že tohle je jedna
z nejnesmyslnějších chybových hlášek možných, ale popravdě
řečeno, samba a lprng nejsou v tomto případě o mnoho lepších --
v syslogu není nic). Netřeba dodávat, že všichni lokální
uživatelé mohou klidně na tiskárně tisknout (vyzkoušeno) a
sdílení adresářích funguje bez problémů.
Mám podezření, že problém je v právech na spoolovacím adresáři
/var/spool/lpd/samba. Podle smb.conf(5) ,,Typically the path
specified would be that of a world-writeable spool directory with
the sticky bit set on it``. Tak jsem si nastavil chmod a+w,+s na
příslušný adresář a pak mi to jednou i fungovalo (teď už to zase
stojí za starou bačkoru). Když ale projedu checkpc -f z LPRng
(nebo kdykoli se nastartuje lpd démon), tak mi nadává na blbá
práva a přestaví je na 0700. Mimochodem paramter printing
v smb.conf nemá zjevně vůbec žádný význam (ať už je tam
"bsd" nebo "lprng" tak to stojí stejně za bačkoru).
Nejhorší na tom je, že už mi to jednou fungovalo, ale pak jsem
si hrál s nastavením lprng -- pochopitelně bez RCS :-( -- a
teď to nefunguje, i když si myslím, že jsem to přestavěl do
správného směru.
Co mě na tom také mate je to, že podle mého porozumění
LPRng-HOWTO práva na spooladresáři by neměla být tak
rozhodující jako /etc/lpd.perm (který přikládám, stejně
jako /etc/samba/smb.conf).
Nemůžete mě někdo nakopnout správným směrem, prosím?
Děkuji
Matěj
--
Matej Cepl, cepl.m na neu.edu
138 Highland Ave. #10, Somerville, Ma 02143, (617) 623-1488
In the autumn mountains
The yellow leaves are so thick.
Alas, how shall I seek my love
Who has wandered away?
I see the messenger come
As the yellow leaves are falling.
Oh, well I remember
How on such a day we used to meet--
My lover and I!
-- Kakinomoto Hitomaro
(from an example sed script :-)
------------- další část ---------------
###########################################################################
# LPRng - An Extended Print Spooler System
#
# Copyright 1988-1995 Patrick Powell, San Diego, CA
# papowell na lprng.com
# See LICENSE for conditions of use.
#
###########################################################################
# MODULE: TESTSUPPORT/lpd.perms.proto
# PURPOSE: prototype printer permissions file
# lpd.perms,v 3.7 1998/03/24 02:43:22 papowell Exp
##########################################################################
# Printer permissions data base
## #
## LPRng - An Enhanced Printer Spooler
## lpd.perms file
## Patrick Powell <papowell na lprng.com>
##
## VERSION=3.7.4
##
## Access control to the LPRng facilities is controlled by entries
## in a set of lpd.perms files. The common location for these files
## are: /etc/lpd.perms, /usr/etc/lpd.perms, and /var/spool/lpd/lpd.perms.
## The locations of these files are set by the perms_path entry
## in the lpd.conf file or by compile time defaults in the src/common/defaults.c
## file. In addition to the global permissions files, each spool queue
## can also have a permissions file. This file is searched when information
## or operations on a specific printer is requested.
##
## Each time the lpd server is given a user request or carries out an unspooling
## operation, it searches to the perms files to determine if the action
## is ACCEPT or REJECT. The first ACCEPT or REJECT found terminates the search.
## If none is found, then the last DEFAULT action is used.
##
## Permissions are checked by the use of 'keys' and matches. For each of
## the following LPR activities, the following keys have a value.
##
## Key Match Connect Job Job LPQ LPRM LPC
## Spool Print
## SERVICE S 'X' 'R' 'P' 'Q' 'M' 'C'
## USER S - JUSR JUSR JUSR JUSR JUSR
## HOST S RH JH JH JH JH JH
## GROUP S - JUSR JUSR JUSR JUSR JUSR
## IP IP RIP JIP JIP RIP JIP JIP
## PORT N PORT PORT - PORT PORT PORT
## REMOTEUSER S - JUSR JUSR JUSR CUSR CUSR
## REMOTEHOST S RH RH JH RH RH RH
## REMOTEGROUP S - JUSR JUSR JUSR CUSR CUSR
## REMOTEIP IP RIP RIP JIP RIP RIP RIP
## CONTROLLINE S - CL CL CL CL CL
## PRINTER S - PR PR PR PR PR
## FORWARD V - SA - - SA SA
## SAMEHOST V - SA - SA SA SA
## SAMEUSER V - - - SU SU SU
## SERVER V - SV - SV SV SV
## LPC S - - - - - LPC
## AUTH V - AU AU AU AU AU
## AUTHTYPE S - AU AU AU AU AU
## AUTHUSER S - AU AU AU AU AU
## AUTHFROM S - AU AU AU AU AU
## AUTHSAMEUSER S - AU AU AU AU AU
##
## KEY:
## JH = HOST host in control file
## RH = REMOTEHOST connecting host name
## JUSR = USER user in control file
## CUSR = REMOTEUSER user from control request
## JIP= IP IP address of host in control file
## RIP= REMOTEIP IP address of requesting host
## PORT= connecting host origination port
## CONTROLLINE= pattern match of control line in control file
## FW= IP of source of request = IP of host in control file
## SA= IP of source of request = IP of host in control file
## SU= user from request = user in control file
## SA= IP of source of request = IP of host in control file FROM info
## SV= IP of source of request = IP of server host or server Localhost
## LPC= lpc command globmatched against values
## AU= Authorization check on transfer
## AUTH will match (true) if authenticated transfer
## AUTHTYPE will match authentication type
## AUTHUSER will match client authentication type
## AUTHFROM will match server authentication type and is NULL if not from server
## AUTHSAMEUSER will match client authentication to save authentication in job
##
## Match: S = globmatch, IP = IPaddress[/netmask],
## N = low[-high] number range, V= matching or compatible values
## SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
## 'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
## 'C' - lpc spool control request;
## NOTE: when printing (P action), the remote and job check values
## (i.e. - RUSR, JUSR) are identical.
## NOTE: the HOST, USER, SAMEUSER and SAMEHOST checks always succeed
## when checking permissions for a spool queue; they are active only when
## checking permissions of a spooled job.
##
## The SAMEHOST match checks to see that one (or more) of the
## IP addresses of the host originating the request are the
## same as one or more of the IP addresses of the host whose
## hostname appears in the control file.
## The SERVER match checks to see if one (or more) of the
## IP addresses of the host originating the request are the
## same as one or more of the IP addresses of the server or
## match the localhost's IP address. Note that in IPV6, there may
## be multiple IP addresses for a single host.
## The FORWARD checks to see that all of the IP addresses of the
## IP addresses of the host originating the request are not the
## same as one or more of the IP addresses of the host whose
## hostname appears in the control file. This is equivalent to
## NOT SAMEHOST
##
## The special key letter=patterns searches the control file
## line starting with the (upper case) letter, and is usually
## used with printing and spooling checks. For example,
## C=A*,B* would check that the class information (i.e.- line
## in the control file starting with C) had a value starting
## with A or B.
##
## A permission line consists of list of tests and an a result value
## If all of the tests succeed, then a match has been found and the
## permission testing completes with the result value. You use the
## DEFAULT reserved word to set the default ACCEPT/DENY result.
## The NOT keyword will reverse the sense of a test.
##
## Each test can have one or more optional values separated by
## commas. For example USER=john,paul,mark has 3 test values.
##
## The Match type specifies how the matching is done.
## S = glob type string match
## Format: string with wildcards (*) and ranges
## * matches 0 or more chars
## [a-d] matches a or b or c or d
## Character comparison is case insensitive.
## For example - USER=th*s matches uTHS, This, This, Theses
## USER=[d-f]x matches dx, ex, fx
##
## IP = IP address and submask. IP address must be in dotted form.
## Format: x.x.x.x[/y.y.y.y] x.x.x.x is IP address
## y.y.y.y is optional submask, default is 255.255.255.255
## Match is done by converting to 32 bit x, y, and IP value and using:
## success = ((x ^ IP ) & y) == 0 (C language notation)
## i.e.- only bits where mask is non-zero are used in comparison.
## For example - REMOTEIP=130.191.0.0/255.255.0.0 matches all address 130.191.X.X
##
## N = numerical range - low-high integer range.
## Format: low[-high]
## Example: PORT=0-1023 matches a port in range 0 - 1023 (privileged)
##
## The SAMEUSER and SAMEHOST are options that form values from information
## in control files or connections. The GROUP entry searches the user group
## database for group names matching the pattern, and then searches these
## for the user name. If the name is found, the search is successful.
## The SERVER entry is successful if the request originated from the current
## lpd server host.
##
## Note carefully that the USER, HOST, and IP values are based on values found
## in the control file currently being checked for permissions. The
## REMOTEUSER, REMOTEHOST, and REMOTEIP are based on values supplied as part
## of a connection to the LPD server, or on the actual TCP/IP connection.
##
## The LPC entry matches an LPC command. For example LPC=topq would match
## when an lpc topq command is being executed. You must still have the
## SERVICE=C entry to trigger this action.
##
## Note: the SERVICE=R and SERVICE=P both check the LPR actions
## of sending a job. However, SERVICE=R does it when the job is being
## sent to the LPD server. Some LPD (and LPR) implementations cannot
## handle a job being rejected due to lack of permissions, and sit in
## an endless loop trying to resend the job. This is the reason for
## the SERVICE=P check. You can accept the job for printing, and then
## have the SERVICE=P check remove the job.
##
## NOTE: if you do not have an explicit ACCEPT SERVICE=P or
## DEFAULT ACCEPT action then your print jobs will be accepted
## and then quietly discarded.
##
## Example Permissions
##
## # All operations allowed except those specifically forbidden
## DEFAULT ACCEPT
##
## #Reject connections from hosts not on subnet 130.191.0.0
## # or Engineering pc's
## REJECT SERVICE=X NOT REMOTEIP=130.191.0.0/255.255.0.0
## REJECT SERVICE=X NOT REMOTEHOST=engpc*
##
## #Do not allow anybody but root or papowell on
## #astart1.astart.com or the server to use control
## #facilities.
## ACCEPT SERVICE=C SERVER REMOTEUSER=root
## ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com REMOTEUSER=papowell
##
## #Allow root on talker.astart.com to control printer hpjet
## ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root
## #Reject all others
## REJECT SERVICE=C
##
## #Do not allow forwarded jobs or requests
## REJECT SERVICE=R,C,M FORWARD
##
## You can make sure that connections come from a privileged port.
## Default is to allow them from any port so that non-setuid programs
# can do printing.
# Totally RFC1179
#REJECT SERVICE=X NOT PORT=1-1023
#REJECT SERVICE=X NOT PORT=1-1023
# Privileged
#REJECT SERVICE=X NOT PORT=721-731
#
# allow root on server to control jobs
ACCEPT SERVICE=C SERVER REMOTEUSER=root
# allow anybody to get server, status, and printcap
ACCEPT SERVICE=C LPC=lpd,status,printcap
# network connections
ACCEPT SERVICE=C REMOTEIP=192.168.0.0/255.255.255.0
# reject all others
REJECT SERVICE=C
#
# allow same user on originating host to remove a job
ACCEPT SERVICE=M SAMEHOST SAMEUSER
# allow root on server to remove a job
ACCEPT SERVICE=M SERVER REMOTEUSER=root
# network connections
ACCEPT SERVICE=M REMOTEIP=192.168.0.0/255.255.255.0
# reject all others
REJECT SERVICE=M
# all other operations allowed
DEFAULT ACCEPT
------------- další část ---------------
# Samba config file created using SWAT
# from rehor.surfbest.net (127.0.0.1)
# Date: 2002/04/22 20:23:33
# Global parameters
[global]
client code page = 852
workgroup = DOMA
server string = Treba Matej
encrypt passwords = Yes
syslog = 0
max log size = 1000
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
character set = ISO8859-2
dns proxy = No
invalid users = root
printing = bsd
[homes]
writeable = Yes
create mask = 0700
directory mask = 0700
browseable = No
[HP]
comment = HP DeskJet
path = /var/spool/lpd/samba
create mask = 0700
hosts allow = 192.168. 127.
printable = Yes
print command = /usr/bin/lpr -b -r -P%p %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
lppause command = /usr/sbin/lpc hold &p %j
lpresume command = /usr/sbin/lpc release %p %j
queuepause command = /usr/sbin/lpc -P%p stop
queueresume command = /usr/sbin/lpc -P%p start
[zalohy]
path = /usr/src/redhat/ZALOHY/
writeable = Yes
create mask = 0777
directory mask = 0777
guest ok = Yes
Další informace o konferenci Linux