Multiuser linux to multiaccount samba printer

Anonymous anonymous at easysw.com
Mon Oct 11 10:07:42 PDT 2004 

Bernhard Ege wrote:

> We would like to be able to print to a samba (windows) printer from
> linux. Cups can do that, but apparently it is not able to use the
> individual user/password for the samba printer depending on who is
> printing.

Correct.

> We need the individual samba accounts to have accounting working.
>
> So, my question is: Will cups at some time be able to query the user for a password when printing to a samba printer?

I dont think so.

> Or will I have to switch to LPRng and redo my hack?

No. But you could ponder this suggestion to work around it. It replaces the original "smbspool" backend by a script that uses "smbclient" to forward the printjob to the Windows printer share.

1. Create a special file $HOME/.smbprint/smbauthcredentials for
   each user. (Set permissions accordingly)

2. Put this as content of "smbauthcredentials":

     username = DOMAIN-USERNAME
     password = DOMAIN-PASSWORD
     domain = DOMAIN-NAME

3. Write a replacement backend script as "/usr/lib/cups/backend/smb"
   (or symlink to it if you prefer to use a different name) with these
   key lines in it:

     SMBPRINTAUTH=/home/$2/.smbprint/smbauthcredentials
     SMBPRINTER=$( echo $DEVICE_URI | sed 's#smb://##g' )
     smbclient //$SMBPRINTER -A $SMBPRINTAUTH -c "print $6"

You should know that each filter and backend in the CUPS filtering chain "sees" these commandline argument in the given order:

 $1: CUPS job ID
 $2: user name
 $3: job title
 $4: number of requested copies
 $5: print job options
 $6: print job file (with path)

The filters and backends also see a few environment variables, one of them being the $DEVICE_URI of the selected target printer.

The new smb backend script makes use of DEVICE_URI, $2 and $6 to print the file (and ignores the rest).

Make sure the complete script "behaves" like a CUPS backend. Then install the printers as usual (with the "smb://workgroup/server/printshare" syntax, but without specifying the "username:password@" part).

Advantage: username/password are no longer exposed in "ps aux" or log
           files

Disadvantage: needs separate file "smbauthcredentials" in each user's
              $HOME/.smbprint/

Caveat: smb must run as root (so it can read the "smbauthcredentials"
        file) -- meaning "RunAsUser" can't be used in cupsd.conf


Cheers,
Kurt

More information about the cups mailing list