[Samba] Un compte qui marche, un qui marche pas...

Un compte qui marche, un qui marche pas... [Samba] - réseaux et sécurité - Linux et OS Alternatifs

Marsh Posté le 16-02-2005 à 20:26:09    

Situation:
Debian Sarge
 
 
HP DeskJet 5740 configurée correctement sous CUPS

<DefaultPrinter hp_deskjet_5740>
Info 574X
Location USB Printer #1
DeviceURI usb://574X?serial=HU49S1Y16M046W
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>


(/etc/cups/printers.conf)
 

########
######## Security Options
########
 
#
# SystemGroup: the group name for "System" (printer administration)
# access.  The default varies depending on the operating system, but
# will be "sys", "system", or "root" (checked for in that order.)
#
# Debian: The default CUPS group is "lpadmin".
#
 
#SystemGroup lpadmin
 
#
# RootCertDuration: How frequently the root certificate is regenerated.
# Defaults to 300 seconds.
#
 
#RootCertDuration 300
 
#
# Access permissions for each directory served by the scheduler.
# Locations are relative to DocumentRoot...
#
# AuthType: the authorization to use:
#
#    None   - Perform no authentication
#    Basic  - Perform authentication using the HTTP Basic method.
#    Digest - Perform authentication using the HTTP Digest method.
#
#    (Note: local certificate authentication can be substituted by
#           the client for Basic or Digest when connecting to the
#           localhost interface)
#
# AuthClass: the authorization class; currently only "Anonymous", "User",
# "System" (valid user belonging to group SystemGroup), and "Group"
# (valid user belonging to the specified group) are supported.
#
# AuthGroupName: the group name for "Group" authorization.
#
# Order: the order of Allow/Deny processing.
#
# Allow: allows access from the specified hostname, domain, IP address,
# network, or interface.
#
# Deny: denies access from the specified hostname, domain, IP address,
# network, or interface.
#
# Both "Allow" and "Deny" accept the following notations for addresses:
#
#     All
#     None
#     *.domain.com
#     .domain.com
#     host.domain.com
#     nnn.*
#     nnn.nnn.*
#     nnn.nnn.nnn.*
#     nnn.nnn.nnn.nnn
#     nnn.nnn.nnn.nnn/mm
#     nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
#     @LOCAL
#     @IF(name)
#
# The host and domain address require that you enable hostname lookups
# with "HostNameLookups On" above.
#
# The @LOCAL address allows or denies from all non point-to-point
# interfaces.  For example, if you have a LAN and a dial-up link,
# @LOCAL could allow connections from the LAN but not from the dial-up
# link.  Similarly, the @IF(name) address allows or denies from the
# named network interface, e.g. @IF(eth0) under Linux.  Interfaces are
# refreshed automatically (no more than once every 60 seconds), so
# they can be used on dynamically-configured interfaces, e.g. PPP,
# 802.11, etc.
#
# Encryption: whether or not to use encryption; this depends on having
# the OpenSSL library linked into the CUPS library and scheduler.
#
# Possible values:
#
#     Always       - Always use encryption (SSL)
#     Never        - Never use encryption
#     Required     - Use TLS encryption upgrade
#     IfRequested  - Use encryption if the server requests it
#
# The default value is "IfRequested".
#
 
<Location />
 
AuthType Basic
AuthClass User
 
Order Deny,Allow
Deny From All
Allow From 10.0.1.*
</Location>
 
#<Location /classes>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
#</Location>
 
#<Location /classes/name>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
#</Location>
 
#<Location /jobs>
#
# You may wish to limit access to job operations, either with Allow
# and Deny lines, or by requiring a username and password.
#
#AuthType Basic
#AuthClass User
#</Location>
 
#<Location /printers>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
#</Location>
 
<Location /printers/name>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
 
## Anonymous access (default)
AuthType None
 
## Require a username and password (Basic authentication)
AuthType Basic
AuthClass User
 
## Require a username and password (Digest/MD5 authentication)
#AuthType Digest
#AuthClass User
 
## Restrict access to local domain
#Order Deny,Allow
#Deny From All
#Allow From .mydomain.com
</Location>
 
<Location /admin>
#
# You definitely will want to limit access to the administration functions.
# The default configuration requires a local connection from a user who
# is a member of the system group to do any admin tasks.  You can change
# the group name using the SystemGroup directive.
#
AuthType Basic
AuthClass System
SytemGroup sys
 
Order Deny,Allow
Deny From All
Allow From 10.0.1.*
 
#Encryption Required
</Location>


(fin de/etc/cups/cupsd.conf)
 
 
 
... et partagée avec samba 3

# Global parameters
[global]
        unix charset = ISO8859-15
        server string = %h
        obey pam restrictions = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        os level = 99
        wins support = Yes
        panic action = /usr/share/samba/panic-action %d
        invalid users = root
        load printers = yes
        printing = cups
        printcap name = cups
        printer admin = chris olivier
 
[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        printable = Yes
        browseable = No
        public = yes
        guest ok = yes
        valid users = chris olivier
[print$]
        comment = Drivers pour imprimantes
        path = /usr/share/cups/print$
        browseable = No
        guest ok = Yes
        read only = No
        write list = @ntadmin, root, chris, olivier
        valid users = chris olivier


(/etc/samba/smb.conf)
bien
avec l'utilisateur chris, ça marche.
cool.
mais... avecl'utilisateur olivier, ça marche pas (enfin, j'ai accès aux dossiers partagés et je peux faire un joli "clic droit => connexion" mais pas moyen d'imprimer :/ pas moyen de créer une tâche :/
et ça depuis la même machine
des idées ? je me demande avec quel user samba fait ses requêtes sur le cupsd ?
je ne vois pas le pb, ça fait des heures que je suis dessus :/


Message édité par Piksou le 16-02-2005 à 20:29:47

---------------
« Le verbe "aimer" est le plus compliqué de la langue. Son passé n'est jamais simple, son présent n'est qu'imparfait et son futur toujours conditionnel. » Jean Cocteau
Reply

Marsh Posté le 16-02-2005 à 20:26:09   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed