Multiuser linux to multiaccount samba printer

Helge Blischke H.Blischke at srz-berlin.de
Tue Oct 12 05:16:17 PDT 2004 

Anonymous wrote:
> 
> Bernhard Ege wrote:
> 
> > We would like to be able to print to a samba (windows) printer from
> > linux. Cups can do that, but apparently it is not able to use the
> > individual user/password for the samba printer depending on who is
> > printing.
> 
> Correct.
> 
> > We need the individual samba accounts to have accounting working.
> >
> > So, my question is: Will cups at some time be able to query the user for a password when printing to a samba printer?
> 
> I dont think so.
> 
> > Or will I have to switch to LPRng and redo my hack?
> 
> No. But you could ponder this suggestion to work around it. It replaces the original "smbspool" backend by a script that uses "smbclient" to forward the printjob to the Windows printer share.
> 
> 1. Create a special file $HOME/.smbprint/smbauthcredentials for
>    each user. (Set permissions accordingly)
> 
> 2. Put this as content of "smbauthcredentials":
> 
>      username = DOMAIN-USERNAME
>      password = DOMAIN-PASSWORD
>      domain = DOMAIN-NAME
> 
> 3. Write a replacement backend script as "/usr/lib/cups/backend/smb"
>    (or symlink to it if you prefer to use a different name) with these
>    key lines in it:
> 
>      SMBPRINTAUTH=/home/$2/.smbprint/smbauthcredentials
>      SMBPRINTER=$( echo $DEVICE_URI | sed 's#smb://##g' )
>      smbclient //$SMBPRINTER -A $SMBPRINTAUTH -c "print $6"
> 
> You should know that each filter and backend in the CUPS filtering chain "sees" these commandline argument in the given order:
> 
>  $1: CUPS job ID
>  $2: user name
>  $3: job title
>  $4: number of requested copies
>  $5: print job options
>  $6: print job file (with path)
> 
> The filters and backends also see a few environment variables, one of them being the $DEVICE_URI of the selected target printer.
> 
> The new smb backend script makes use of DEVICE_URI, $2 and $6 to print the file (and ignores the rest).
> 
> Make sure the complete script "behaves" like a CUPS backend. Then install the printers as usual (with the "smb://workgroup/server/printshare" syntax, but without specifying the "username:password@" part).
> 
> Advantage: username/password are no longer exposed in "ps aux" or log
>            files
> 
> Disadvantage: needs separate file "smbauthcredentials" in each user's
>               $HOME/.smbprint/
> 
> Caveat: smb must run as root (so it can read the "smbauthcredentials"
>         file) -- meaning "RunAsUser" can't be used in cupsd.conf
> 
> Cheers,
> Kurt

And don't forget to check if the argument $6 is really defined - if not
the backend
must read from stdin (which is the default unless you stick to pure raw
printing).
In this case you will have to dump stdin to a temp file first.

Helge

-- 
Helge Blischke
Softwareentwicklung
SRZ Berlin | Firmengruppe besscom
http://www.srz.de
tel: +49 30 75301-360

More information about the cups mailing list