cupsaddsmb strange error

[rockHardRideFre]

Hi,

I just installed a CUPS and Samba PDC server on a FreeBSD 7.2 machine. File share works ok, printing works from CUPS web interface ok, and at least from one of the Win workstations, but now I wish to share the printer drivers, too.

So I installed the cups-samba port, made sure my [Printers] and [$print] sections as suggested in the cupsaddsmb man page, added the root account to samba and tried to export the drivers to the samba share but cupsaddsmb refuses to:

myserver# cupsaddsmb -U root -a -v
cupsaddsmb: No PPD file for printer "hplj6l" - Missing double quote on line 224!

Now, hplj6l is how I named my HP LaserJet 6L printer in CUPS. I installed it using a ppd file from linuxprinting.org (HP-LaserJet_6L-lj4dith.ppd). CUPS also seems to have put a file named hplj6l.ppd in /usr/local/etc/cups/ppd/hplj6l.ppd. I tried to run cupstestppd against the two files but they pass ok. Tried to add the two files and hplj6p_4.ppd (a file from Windows driver cab) to /usr/local/share/cups/model, but no effect.

Now, where does cupsaddsmb look for the PPD file, and where does it get the funny "Missing double quote on line 224"? Any ideas of what's wrong here?

Thanks in advance.

 

[rockHardRideFre]

I noticed that there's difference between the permissions CUPS itself has made for its drivers in

/usr/local/share/cups/drivers and the Win drivers I copied there. So I changed the permissions to cups:wheel 644, and now cupsaddsmb executes ok, at last.

But there's another issue I can't still figure out: I can only add that printer on Win workstations when

I log in there with local administrator's priviledges. If not, an error message pops up:

"A policy is effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator."

I set /var/spool/samba permissions to 777 but this didn't change anything.

 

[SirDice]

I log in there with local administrator's priviledges. If not, an error message pops up:

"A policy is effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator."

This looks like a local windows issue.

 

[mickey]

I can only add that printer on Win workstations when I log in there with local administrator's priviledges. If not, an error message pops up:

"A policy is effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator."

I set /var/spool/samba permissions to 777 but this didn't change anything.

Not sure, which Windows Version you are having, but you might try the following.

Logged into the system with administrative privileges, open the "Local Security Policy" Snapin. This should be found under Programs->Administrative Tools->Local Security Policy, or by executing the command:

secpol.msc /s

Now in the left tree view, navigate to:
Local Policies->Security Options

There you should find an option titled "Prevent users from installing printer drivers".
Maybe this is what you are looking for?

When your samba server acts as a PDC, there is also the possibility, to change such policies for all workstations within the Domain, by installing a policy file to your "netlogon" share. There is a tool called "poledit" which you can use to create such policy files.

 

[rockHardRideFre]

Thanks for the help. I disabled "Point an Print Restriction" on the workstations local GP (which was "Not configured" by default), and that helped.

Just wondering if a domain member should be really restricted by default from installing a printer shared on a domain controller. Maybe there's still some trickery with Samba and/or CUPS. But it's ok for now.

 

[mickey]

Just wondering if a domain member should be really restricted by default from installing a printer shared on a domain controller. Maybe there's still some trickery with Samba and/or CUPS. But it's ok for now.

You can change a bunch of settings for each member of the domain, by installing a policy file to the netlogon share. It is also possible to put a batch file there, that is executed by each client during logon. You might use this to connect specific shared resources for example.