Samba, SELinux, Printing problem

Brian Chadwick brianchad at westnet.com.au
Fri Aug 25 04:23:12 UTC 2006 

Craig White wrote:
> On Fri, 2006-08-25 at 13:37 +1000, Brian Chadwick wrote:
>   
>> hi all,
>>
>> Having had a great time with Fedora FC5, I decided it was time I got to 
>> know something about this SELinux stuff. So I did a clean install of 
>> FC5, completely updated it and proceeded to try and get Samba going to 
>> dole out services to my windoze machines.
>>
>> I had a problem in that home directories were not accessible (permission 
>> denied) from the windoze boxen. I did a little playing with the FC5 
>> security configurator and discovered a boolean to enable samba to access 
>> home directories, and then made that permanent using setsebool.
>>
>> Now it comes to printing. I have tried every conceivable combination of 
>> samba settings to no avail..windoze boxen cannot print to the smb printer.
>>
>> I suspect that SELinux policies are somehow constraining this in much 
>> the same way as the problem I had with accessing home directories.
>>
>> Am I on the right track?.....point me in the right direction please :)
>>     
> ----
> If the problem were selinux, you would see 'avc denied' errors
> in /var/log/messages - I don't think that is the problem though.
>
> add this or something like it in /etc/samba/smb.conf
>
>         load printers = yes
>         show add printer wizard = yes
>         printcap = cups
>         cups options = raw
>         printing = cups
>         printer admin = @"Domain Administrators"
>         use client driver = yes
>
> [printers]
>         comment = Network Printers
>         printer admin = @"Print Operators"
>         path = /var/spool/samba
>         guest ok = yes
>         printable = yes
>         writable = no
>         read only  = Yes
>
> [print$]
>         path = /home/printers
>         guest ok = Yes
>         browseable = Yes
>         read only = Yes
>         printer admin = root Administrator
>         write list = root
>         create mask = 0664
>         directory mask = 0775
>
> mkdir /var/spool/samba
> chmod 777 /var/spool/samba
> chmod +t /var/spool/samba
> # someone can probably tell us the octal equivalent that would
> # change the above 2 lines to one line
> mkdir /home/printers
>
> and since you are going to allow 'raw' printing, you have to enable raw
> printing within cups...
>
> remove the comment mark (the #) from /etc/cups/mime.convs
> application/octet-stream       application/vnd.cups-raw        0       -
>
> remove the comment mark (the #) from /etc/cups/mime.types
> application/octet-stream
>
> per the instructions in each file, restart cups...
>
> /sbin/service cups restart
>
> probably unnecessary but restart samba...
>
> /sbin/service smb restart
>
> and you should be good to go
>
> Craig
>
>   
Craig

Samba was working "out of the box" without SELinux enabled ... I have 
just done a complete, clean install, only difference being i enabled 
SELinux ... (i did an install instead of a relabel) ...

Here are the relvant entries in smb.conf

 load printers = yes
cups options = raw
[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = yes
   writable = no
   printable = yes


The above is an excerpt from the unadulterated smb.conf installed by fedora.


If it is not SELinux doing something, then why does this cofigration 
work perfectly when FC5 is setup without SELinux?

More information about the fedora-list mailing list