Multiuser linux to multiaccount samba printer
Anonymous
anonymous at easysw.com
Mon Oct 11 10:07:42 PDT 2004
Bernhard Ege wrote:
> We would like to be able to print to a samba (windows) printer from
> linux. Cups can do that, but apparently it is not able to use the
> individual user/password for the samba printer depending on who is
> printing.
Correct.
> We need the individual samba accounts to have accounting working.
>
> So, my question is: Will cups at some time be able to query the user for a password when printing to a samba printer?
I dont think so.
> Or will I have to switch to LPRng and redo my hack?
No. But you could ponder this suggestion to work around it. It replaces the original "smbspool" backend by a script that uses "smbclient" to forward the printjob to the Windows printer share.
1. Create a special file $HOME/.smbprint/smbauthcredentials for
each user. (Set permissions accordingly)
2. Put this as content of "smbauthcredentials":
username = DOMAIN-USERNAME
password = DOMAIN-PASSWORD
domain = DOMAIN-NAME
3. Write a replacement backend script as "/usr/lib/cups/backend/smb"
(or symlink to it if you prefer to use a different name) with these
key lines in it:
SMBPRINTAUTH=/home/$2/.smbprint/smbauthcredentials
SMBPRINTER=$( echo $DEVICE_URI | sed 's#smb://##g' )
smbclient //$SMBPRINTER -A $SMBPRINTAUTH -c "print $6"
You should know that each filter and backend in the CUPS filtering chain "sees" these commandline argument in the given order:
$1: CUPS job ID
$2: user name
$3: job title
$4: number of requested copies
$5: print job options
$6: print job file (with path)
The filters and backends also see a few environment variables, one of them being the $DEVICE_URI of the selected target printer.
The new smb backend script makes use of DEVICE_URI, $2 and $6 to print the file (and ignores the rest).
Make sure the complete script "behaves" like a CUPS backend. Then install the printers as usual (with the "smb://workgroup/server/printshare" syntax, but without specifying the "username:password@" part).
Advantage: username/password are no longer exposed in "ps aux" or log
files
Disadvantage: needs separate file "smbauthcredentials" in each user's
$HOME/.smbprint/
Caveat: smb must run as root (so it can read the "smbauthcredentials"
file) -- meaning "RunAsUser" can't be used in cupsd.conf
Cheers,
Kurt
More information about the cups
mailing list