samba icon indicating copy to clipboard operation
samba copied to clipboard
verified publisher icon dperson

failed to access printer via samba

Open starworld99 opened this issue 9 months ago • 0 comments

I built two dockers: cups & samba to enable windows client accessing printers configured on cups.

the question is even though I enabled guest account on smb.conf, windows users still cannot add printers, they got error 0x00000709.

api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 api_pipe_bind_req: spoolss -> spoolss rpc service check_bind_req for spoolss context_id=0 check_bind_req: spoolss -> spoolss rpc service api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \10.167.33.200\hrit755 Setting printer type=\10.167.33.200\hrit755 _spoolss_OpenPrinterEx: Cannot open a printer handle for printer \10.167.33.200 chdir_current_service: vfs_ChDir(/var/spool/cups) got permission denied, current token: uid=65534, gid=65533, 1 groups: 65534 smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2558 PC0366 (ipv4:10.167.108.11:45953) closed connection to service IPC$ PC0366 (ipv4:10.167.108.11:45953) closed connection to service HRIT755 Server exit (NT_STATUS_CONNECTION_RESET)

smb.conf

[global] abort shutdown script = add group script = additional dns hostnames = add machine script = addport command = addprinter command = add share command = add user script = add user to group script = afs token lifetime = 604800 afs username map = aio max threads = 100 algorithmic rid base = 1000 allow dcerpc auth level connect = No allow dns updates = secure only allow insecure wide links = No allow nt4 crypto = No allow trusted domains = Yes allow unsafe cluster upgrade = No apply group policies = No async smb echo handler = No auth event notification = No auto services = binddns dir = /var/lib/samba/bind-dns bind interfaces only = No browse list = Yes cache directory = /var/cache/samba change notify = Yes change share command = check password script = cldap port = 389 client ipc max protocol = SMB3 client ipc min protocol = SMB2 client ipc signing = default client lanman auth = No client ldap sasl wrapping = sign client max protocol = SMB3 client min protocol = SMB2 client NTLMv2 auth = Yes client plaintext auth = No client schannel = Yes client signing = No client use spnego principal = No client use spnego = Yes cluster addresses = clustering = No config backend = file config file = create krb5 conf = Yes ctdbd socket = ctdb locktime warn threshold = 0 ctdb timeout = 0 cups connection timeout = 30 cups encrypt = No cups server = 172.25.0.2:631 dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver deadtime = 10080 debug class = No debug encryption = No debug hires timestamp = Yes debug pid = No debug prefix timestamp = No debug uid = No dedicated keytab file = default service = defer sharing violations = Yes delete group script = deleteprinter command = delete share command = delete user from group script = delete user script = dgram port = 138 disable netbios = No disable spoolss = No dns forwarder = dns proxy = No dns update command = /usr/sbin/samba_dnsupdate dns zone scavenging = No domain logons = No domain master = Auto dos charset = CP850 dsdb event notification = No dsdb group change notification = No dsdb password event notification = No enable asu support = No enable core files = Yes enable privileges = Yes encrypt passwords = Yes enhanced browsing = Yes enumports command = eventlog list = get quota command = getwd cache = Yes gpo update command = /usr/sbin/samba-gpupdate guest account = nobody homedir map = host msdfs = Yes hostname lookups = No idmap backend = tdb idmap cache time = 604800 idmap gid = idmap negative cache time = 120 idmap uid = include system krb5 conf = Yes init logon delay = 100 init logon delayed hosts = interfaces = iprint server = keepalive = 300 kerberos encryption types = all kerberos method = default kernel change notify = Yes kpasswd port = 464 krb5 port = 88 lanman auth = No large readwrite = Yes ldap admin dn = ldap connection timeout = 2 ldap debug level = 0 ldap debug threshold = 10 ldap delete dn = No ldap deref = auto ldap follow referral = Auto ldap group suffix = ldap idmap suffix = ldap machine suffix = ldap max anonymous request size = 256000 ldap max authenticated request size = 16777216 ldap max search request size = 256000 ldap page size = 1000 ldap passwd sync = no ldap replication sleep = 1000 ldap server require strong auth = Yes ldap ssl = start tls ldap ssl ads = No ldap suffix = ldap timeout = 15 ldap user suffix = lm announce = Auto lm interval = 60 load printers = Yes local master = Yes lock directory = /var/cache/samba lock spin time = 200 log file = /dev/stdout logging = log level = 1 log nt token command = logon drive = logon home = \%N%U logon path = \%N%U\profile logon script = log writeable files on exit = No lpq cache time = 30 lsa over netlogon = No machine password timeout = 604800 mangle prefix = 1 mangling method = hash2 map to guest = Bad User max disk size = 0 max log size = 50 max mux = 50 max open files = 16424 max smbd processes = 0 max stat cache size = 512 max ttl = 259200 max wins ttl = 518400 max xmit = 16644 mdns name = netbios message command = min receivefile size = 0 min wins ttl = 21600 mit kdc command = multicast dns register = Yes name cache timeout = 660 name resolve order = lmhosts wins host bcast nbt client socket address = 0.0.0.0 nbt port = 137 ncalrpc dir = /var/run/samba/ncalrpc netbios aliases = netbios name = E9F53EFB4AF1 netbios scope = neutralize nt4 emulation = No NIS homedir = No nmbd bind explicit broadcast = Yes nsupdate command = /usr/bin/nsupdate -g ntlm auth = ntlmv1-permitted nt pipe support = Yes ntp signd socket directory = /var/lib/samba/ntp_signd nt status support = Yes null passwords = No obey pam restrictions = No old password allowed period = 60 oplock break wait time = 0 os2 driver map = os level = 20 pam password change = Yes panic action = passdb backend = tdbsam passdb expand explicit = No passwd chat = newpassword* %n\n newpassword* %n\n changed passwd chat debug = No passwd chat timeout = 2 passwd program = password hash gpg key ids = password hash userPassword schemes = password server = * perfcount module = pid directory = /run/samba preferred master = Auto prefork backoff increment = 10 prefork children = 4 prefork maximum backoff = 120 preload modules = printcap cache time = 750 printcap name = cups private dir = /var/lib/samba/private raw NTLMv2 auth = No read raw = Yes realm = registry shares = No reject md5 clients = No reject md5 servers = No remote announce = remote browse sync = rename user script = require strong key = Yes reset on zero vc = No restrict anonymous = 0 root directory = rpc big endian = No rpc server dynamic port range = 49152-65535 rpc server port = 0 samba kcc command = /usr/sbin/samba_kcc security = AUTO server max protocol = SMB3 server min protocol = SMB2 server multi channel support = No server role = standalone server server schannel = Yes server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns server signing = No server string = Samba Server set primary group script = set quota command = share backend = classic show add printer wizard = Yes shutdown script = smb2 leases = Yes smb2 max credits = 8192 smb2 max read = 8388608 smb2 max trans = 8388608 smb2 max write = 8388608 smbd profiling level = off smb passwd file = /var/lib/samba/private/smbpasswd smb ports = 445 139 socket options = TCP_NODELAY spn update command = /usr/sbin/samba_spnupdate stat cache = Yes state directory = /var/lib/samba svcctl list = syslog = 1 syslog only = No template homedir = /home/%D/%U template shell = /bin/false time server = No timestamp logs = Yes tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls priority = NORMAL:-VERS-SSL3.0 tls verify peer = as_strict_as_possible unicode = Yes unix charset = UTF-8 unix extensions = Yes unix password sync = No use mmap = Yes username level = 0 username map = username map cache time = 0 username map script = usershare allow guests = Yes usershare max shares = 0 usershare owner only = Yes usershare path = /var/lib/samba/usershares usershare prefix allow list = usershare prefix deny list = usershare template share = utmp = No utmp directory = winbind cache time = 300 winbindd socket directory = /var/run/samba/winbindd winbind enum groups = No winbind enum users = No winbind expand groups = 0 winbind max clients = 200 winbind max domain connections = 1 winbind nested groups = Yes winbind normalize names = No winbind nss info = template winbind offline logon = No winbind reconnect delay = 30 winbind refresh tickets = No winbind request timeout = 60 winbind rpc only = No winbind scan trusted domains = Yes winbind sealed pipes = Yes winbind separator =
winbind use default domain = No winbind use krb5 enterprise principals = No wins hook = wins proxy = No wins server = wins support = No workgroup = MYGROUP write raw = Yes wtmp directory = fruit:wipe_intentionally_left_blank_rfork = yes fruit:veto_appledouble = no fruit:time machine = yes fruit:delete_empty_adfiles = yes recycle:versions = yes recycle:repository = .deleted recycle:maxsize = 0 recycle:keeptree = yes idmap config * : backend = tdb access based share enum = No acl allow execute always = No acl check permissions = Yes acl group control = No acl map full control = Yes administrative share = No admin users = afs share = No aio read size = 0 aio write behind = aio write size = 0 allocation roundup size = 0 available = Yes blocking locks = Yes block size = 1024 browseable = Yes case sensitive = Auto check parent directory delete on close = No comment = copy = create mask = 0664 csc policy = manual cups options = default case = lower default devmode = Yes delete readonly = No delete veto files = No dfree cache time = 0 dfree command = directory mask = 0775 directory name cache size = 100 dmapi support = No dont descend = dos filemode = No dos filetime resolution = No dos filetimes = Yes durable handles = Yes ea support = Yes fake directory create times = No fake oplocks = No follow symlinks = Yes force create mode = 0664 force directory mode = 0775 force group = nogroup force printername = No force unknown acl user = No force user = nobody fstype = NTFS guest ok = No guest only = No hide dot files = Yes hide files = hide new files timeout = 0 hide special files = No hide unreadable = No hide unwriteable files = No hosts allow = hosts deny = include = inherit acls = No inherit owner = no inherit permissions = No invalid users = kernel oplocks = No kernel share modes = Yes level2 oplocks = Yes locking = Yes lppause command = lpq command = %p lpresume command = lprm command = magic output = magic script = mangled names = illegal mangling char = ~ map acl inherit = No map archive = Yes map hidden = No map readonly = no map system = No max connections = 0 max print jobs = 1000 max reported print jobs = 0 min print space = 0 msdfs proxy = msdfs root = No msdfs shuffle referrals = No nt acl support = Yes ntvfs handler = unixuid, default oplocks = Yes path = posix locking = Yes postexec = preexec = preexec close = No preserve case = Yes printable = No print command = printer name = printing = cups printjob username = %U print notify backchannel = No queuepause command = queueresume command = read list = read only = Yes root postexec = root preexec = root preexec close = No short preserve case = Yes smbd async dosmode = No smbd getinfo ask sharemode = Yes smbd max async dosmode = 0 smbd search ask sharemode = Yes smb encrypt = No spotlight = No spotlight backend = noindex store dos attributes = Yes strict allocate = No strict locking = No strict rename = No strict sync = Yes sync always = No use client driver = No use sendfile = No valid users = veto files = veto oplock files = vfs objects = catia fruit recycle streams_xattr volume = wide links = No write list = [printers] browseable = No cups options = raw guest ok = Yes path = /var/spool/cups printable = Yes read only = No

starworld99 avatar Mar 18 '25 07:03 starworld99