Multiuser linux to multiaccount samba printer
Helge Blischke
H.Blischke at srz-berlin.de
Tue Oct 12 05:16:17 PDT 2004
Anonymous wrote:
>
> Bernhard Ege wrote:
>
> > We would like to be able to print to a samba (windows) printer from
> > linux. Cups can do that, but apparently it is not able to use the
> > individual user/password for the samba printer depending on who is
> > printing.
>
> Correct.
>
> > We need the individual samba accounts to have accounting working.
> >
> > So, my question is: Will cups at some time be able to query the user for a password when printing to a samba printer?
>
> I dont think so.
>
> > Or will I have to switch to LPRng and redo my hack?
>
> No. But you could ponder this suggestion to work around it. It replaces the original "smbspool" backend by a script that uses "smbclient" to forward the printjob to the Windows printer share.
>
> 1. Create a special file $HOME/.smbprint/smbauthcredentials for
> each user. (Set permissions accordingly)
>
> 2. Put this as content of "smbauthcredentials":
>
> username = DOMAIN-USERNAME
> password = DOMAIN-PASSWORD
> domain = DOMAIN-NAME
>
> 3. Write a replacement backend script as "/usr/lib/cups/backend/smb"
> (or symlink to it if you prefer to use a different name) with these
> key lines in it:
>
> SMBPRINTAUTH=/home/$2/.smbprint/smbauthcredentials
> SMBPRINTER=$( echo $DEVICE_URI | sed 's#smb://##g' )
> smbclient //$SMBPRINTER -A $SMBPRINTAUTH -c "print $6"
>
> You should know that each filter and backend in the CUPS filtering chain "sees" these commandline argument in the given order:
>
> $1: CUPS job ID
> $2: user name
> $3: job title
> $4: number of requested copies
> $5: print job options
> $6: print job file (with path)
>
> The filters and backends also see a few environment variables, one of them being the $DEVICE_URI of the selected target printer.
>
> The new smb backend script makes use of DEVICE_URI, $2 and $6 to print the file (and ignores the rest).
>
> Make sure the complete script "behaves" like a CUPS backend. Then install the printers as usual (with the "smb://workgroup/server/printshare" syntax, but without specifying the "username:password@" part).
>
> Advantage: username/password are no longer exposed in "ps aux" or log
> files
>
> Disadvantage: needs separate file "smbauthcredentials" in each user's
> $HOME/.smbprint/
>
> Caveat: smb must run as root (so it can read the "smbauthcredentials"
> file) -- meaning "RunAsUser" can't be used in cupsd.conf
>
> Cheers,
> Kurt
And don't forget to check if the argument $6 is really defined - if not
the backend
must read from stdin (which is the default unless you stick to pure raw
printing).
In this case you will have to dump stdin to a temp file first.
Helge
--
Helge Blischke
Softwareentwicklung
SRZ Berlin | Firmengruppe besscom
http://www.srz.de
tel: +49 30 75301-360
More information about the cups
mailing list