Samba, SELinux, Printing problem
Craig White
craigwhite at azapple.com
Fri Aug 25 03:54:20 UTC 2006
On Fri, 2006-08-25 at 13:37 +1000, Brian Chadwick wrote:
> hi all,
>
> Having had a great time with Fedora FC5, I decided it was time I got to
> know something about this SELinux stuff. So I did a clean install of
> FC5, completely updated it and proceeded to try and get Samba going to
> dole out services to my windoze machines.
>
> I had a problem in that home directories were not accessible (permission
> denied) from the windoze boxen. I did a little playing with the FC5
> security configurator and discovered a boolean to enable samba to access
> home directories, and then made that permanent using setsebool.
>
> Now it comes to printing. I have tried every conceivable combination of
> samba settings to no avail..windoze boxen cannot print to the smb printer.
>
> I suspect that SELinux policies are somehow constraining this in much
> the same way as the problem I had with accessing home directories.
>
> Am I on the right track?.....point me in the right direction please :)
----
If the problem were selinux, you would see 'avc denied' errors
in /var/log/messages - I don't think that is the problem though.
add this or something like it in /etc/samba/smb.conf
load printers = yes
show add printer wizard = yes
printcap = cups
cups options = raw
printing = cups
printer admin = @"Domain Administrators"
use client driver = yes
[printers]
comment = Network Printers
printer admin = @"Print Operators"
path = /var/spool/samba
guest ok = yes
printable = yes
writable = no
read only = Yes
[print$]
path = /home/printers
guest ok = Yes
browseable = Yes
read only = Yes
printer admin = root Administrator
write list = root
create mask = 0664
directory mask = 0775
mkdir /var/spool/samba
chmod 777 /var/spool/samba
chmod +t /var/spool/samba
# someone can probably tell us the octal equivalent that would
# change the above 2 lines to one line
mkdir /home/printers
and since you are going to allow 'raw' printing, you have to enable raw
printing within cups...
remove the comment mark (the #) from /etc/cups/mime.convs
application/octet-stream application/vnd.cups-raw 0 -
remove the comment mark (the #) from /etc/cups/mime.types
application/octet-stream
per the instructions in each file, restart cups...
/sbin/service cups restart
probably unnecessary but restart samba...
/sbin/service smb restart
and you should be good to go
Craig
More information about the fedora-list
mailing list