1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

doc: Remove all references to 'printer admin' option.

This commit is contained in:
Andreas Schneider 2012-06-22 16:00:26 +02:00
parent 98ab074094
commit 3f14155a9f
13 changed files with 24 additions and 112 deletions

View File

@ -1093,7 +1093,6 @@ index default sub
<smbconfoption name="idmap backend">ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
</smbconfblock>
</example>

View File

@ -674,7 +674,6 @@ Join to 'MEGANET2' failed.
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="winbind trusted domains only">Yes</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection name="[homes]"/>
@ -948,7 +947,6 @@ MEGANET2+PIOps:x:10005:
<smbconfoption name="template primary group">"Domain Users"</smbconfoption>
<smbconfoption name="template shell">/bin/bash</smbconfoption>
<smbconfoption name="winbind separator">+</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="hosts allow">192.168.2., 192.168.3., 127.</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
@ -1041,7 +1039,6 @@ Joined domain MEGANET2.
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="wins server">192.168.2.1</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="hosts allow">192.168.2., 192.168.3., 127.</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
@ -1723,7 +1720,6 @@ data = "\00\00\00\00bp\00\00\06krbtgt\06krbtgt-
<smbconfoption name="winbind enum users">No</smbconfoption>
<smbconfoption name="winbind enum groups">No</smbconfoption>
<smbconfoption name="winbind nested groups">Yes</smbconfoption>
<smbconfoption name="printer admin">"KPAK\Domain Admins"</smbconfoption>
</smbconfblock>
</example>

View File

@ -188,7 +188,6 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption>
</smbconfblock>
</example>
@ -232,7 +231,6 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption>
<smbconfsection name="[special_printer]"/>
<smbconfoption name="comment">A special printer with his own settings</smbconfoption>
@ -243,7 +241,6 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<smbconfoption name="guest ok">no</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">kurt</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0</smbconfoption>
<smbconfoption name="hosts allow">turbo_xp, 10.160.50.23, 10.160.51.60</smbconfoption>
</smbconfblock>
@ -251,9 +248,8 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<para>
This special share is only for testing purposes. It does not write the print job to a file. It just logs the job parameters
known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, the
<smbconfoption name="printer admin"/> of this share is <quote>kurt</quote> (not the <quote>@ntadmins</quote> group),
guest access is not allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it
known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, guest access is not
allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it
allows access from only three hosts. To prevent CUPS from kicking in and taking over the print jobs for that share, we need to set
<smbconfoption name="printing">sysv</smbconfoption> and <smbconfoption name="printcap">lpstat</smbconfoption>.
</para>

View File

@ -495,7 +495,6 @@ Added user jackb.
<smbconfsection name="[printers]"/>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
@ -729,7 +728,6 @@ smb: \> <userinput>q</userinput>
<smbconfsection name="[printers]"/>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
@ -961,7 +959,6 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false
<smbconfsection name="[printers]"/>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
@ -971,7 +968,6 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false
<smbconfoption name="comment">Printer Drivers Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="write list">maryo, root</smbconfoption>
<smbconfoption name="printer admin">maryo, root</smbconfoption>
<smbconfcomment>Needed to support domain logons</smbconfcomment>
<smbconfsection name="[netlogon]"/>

View File

@ -595,7 +595,6 @@ Join to domain 'MEGANET2' is not valid
<smbconfoption name="idmap gid">500-10000000</smbconfoption>
<smbconfoption name="winbind use default domain">Yes</smbconfoption>
<smbconfoption name="winbind nested groups">Yes</smbconfoption>
<smbconfoption name="printer admin">"BUTTERNET\Domain Admins"</smbconfoption>
</smbconfblock>
</example>
@ -728,7 +727,6 @@ Join to domain is not valid
<smbconfoption name="winbind enum users">No</smbconfoption>
<smbconfoption name="winbind enum groups">No</smbconfoption>
<smbconfoption name="winbind nested groups">Yes</smbconfoption>
<smbconfoption name="printer admin">"Domain Admins"</smbconfoption>
</smbconfblock>
</example>

View File

@ -282,7 +282,6 @@ with settings shown in <link linkend="simpleprc">the example above</link>:
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
printer admin =
min print space = 0
max print jobs = 1000
printable = No
@ -404,7 +403,6 @@ be if you used this minimalistic configuration. Here is what you can expect to f
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
printer admin =
min print space = 0
max print jobs = 1000
printable = No
@ -480,7 +478,6 @@ are set by default. You could use a much leaner &smb.conf; file, or you can use
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfoption name="show add printer wizard">yes</smbconfoption>
<smbconfoption name="printcap name">/etc/printcap</smbconfoption>
<smbconfoption name="printer admin">@ntadmin, root</smbconfoption>
<smbconfoption name="max print jobs">100</smbconfoption>
<smbconfoption name="lpq cache time">20</smbconfoption>
<smbconfoption name="use client driver">no</smbconfoption>
@ -498,7 +495,6 @@ are set by default. You could use a much leaner &smb.conf; file, or you can use
<smbconfsection name="[my_printer_name]"/>
<smbconfoption name="comment">Printer with Restricted Access</smbconfoption>
<smbconfoption name="path">/var/spool/samba_my_printer</smbconfoption>
<smbconfoption name="printer admin">kurt</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
@ -624,21 +620,6 @@ globally set share settings and specify other values).
<filename>cupsd.conf</filename> file.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption name="printer admin">@ntadmin </smbconfoption></term>
<listitem><para>
<indexterm><primary>add drivers</primary></indexterm>
<indexterm><primary>/etc/group</primary></indexterm>
<indexterm><primary>printer share</primary></indexterm>
<indexterm><primary>set printer properties</primary></indexterm>
Members of the ntadmin group should be able to add drivers and set printer properties
(<constant>ntadmin</constant> is only an example name; it needs to be a valid UNIX group name); root is
implicitly always a <smbconfoption name="printer admin"/>. The <literal>@</literal> sign precedes group names
in the <filename>/etc/group</filename>. A printer admin can do anything to printers via the remote
administration interfaces offered by MS-RPC (see <link linkend="cups-msrpc">Printing Developments Since
Samba-2.2</link>). In larger installations, the <smbconfoption name="printer admin"/> parameter is normally a
per-share parameter. This permits different groups to administer each printer share.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption name="lpq cache time">20 </smbconfoption></term>
<listitem><para>
<indexterm><primary>lpq command</primary></indexterm>
@ -789,13 +770,6 @@ finds one, it will connect to this and will not connect to a printer with the sa
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption name="printer admin">kurt </smbconfoption></term>
<listitem><para>
The printer admin definition is different for this explicitly defined printer share from the general
<smbconfsection name="[printers]"/> share. It is not a requirement; we did it to show that it is possible.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption name="browseable">yes </smbconfoption></term>
<listitem><para>
This makes the printer browseable so the clients may conveniently find it when browsing the
@ -1256,9 +1230,6 @@ site). See <link linkend="prtdollar">[print\$] Example</link>.
<title>[print$] Example</title>
<smbconfblock>
<smbconfsection name="[global]"/>
<smbconfcomment>members of the ntadmin group should be able to add drivers and set</smbconfcomment>
<smbconfcomment>printer properties. root is implicitly always a 'printer admin'.</smbconfcomment>
<smbconfoption name="printer admin">@ntadmin</smbconfoption>
<smbconfcomment>...</smbconfcomment>
<smbconfsection name="[printers]"/>
@ -1358,9 +1329,7 @@ The following parameters are frequently needed in this share section:
write-access (as an exception to the general public's read-only access), which they need to
update files on the share. Normally, you will want to name only administrative-level user
account in this setting. Check the file system permissions to make sure these accounts
can copy files to the share. If this is a non-root account, then the account should also
be mentioned in the global <smbconfoption name="printer admin"/>
parameter. See the &smb.conf; man page for more information on configuring file shares.
can copy files to the share.
</para></listitem>
</varlistentry>
</variablelist>
@ -1403,10 +1372,6 @@ to support like this:
<listitem><para>
The account used to connect to the Samba host must have a UID of 0 (i.e., a root account).
</para></listitem>
<listitem><para>
The account used to connect to the Samba host must be named in the <emphasis>printer admin</emphasis> list.
</para></listitem>
</itemizedlist>
<para>
@ -1495,15 +1460,14 @@ assign a driver to a printer is open. You now have the choice of:
<para>
Once the APW is started, the procedure is exactly the same as the one you are familiar with in Windows (we
assume here that you are familiar with the printer driver installations procedure on Windows NT). Make sure
your connection is, in fact, set up as a user with <smbconfoption name="printer admin"/>
privileges (if in doubt, use <command>smbstatus</command> to check for this). If you wish to install
your connection is, in fact, set up as a user with printer administrator privileges
(if in doubt, use <command>smbstatus</command> to check for this). If you wish to install
printer drivers for client operating systems other than <application>Windows NT x86</application>,
you will need to use the <guilabel>Sharing</guilabel> tab of the printer properties dialog.
</para>
<para>
Assuming you have connected with an administrative (or root) account (as named by the
<smbconfoption name="printer admin"/> parameter), you will also be able to modify
Assuming you have connected with an administrative (or root) account, you will also be able to modify
other printer properties such as ACLs and default device settings using this dialog. For the default
device settings, please consider the advice given further in <link linkend="inst-rpc">Installing
Print Drivers Using <command>rpcclient</command></link>.
@ -2104,7 +2068,7 @@ user</emphasis> nobody. In a DOS box type:
<para><userinput>net use \\<replaceable>SAMBA-SERVER</replaceable>\print$ /user:root</userinput></para>
<para>
Replace root, if needed, by another valid <smbconfoption name="printer admin"/> user as given in
Replace root, if needed, by another valid printer administrator user as given in
the definition. Should you already be connected as a different user, you will get an error message. There
is no easy way to get rid of that connection, because Windows does not seem to know a concept of logging
off from a share connection (do not confuse this with logging off from the local workstation; that is
@ -2204,7 +2168,7 @@ in the following paragraphs.
</para>
<para>
Be aware that a valid device mode can only be initiated by a <smbconfoption name="printer admin"/> or root
Be aware that a valid device mode can only be initiated by a printer administrator or root
(the reason should be obvious). Device modes can be correctly set only by executing the printer driver program
itself. Since Samba cannot execute this Win32 platform driver code, it sets this field initially to NULL
(which is not a valid setting for clients to use). Fortunately, most drivers automatically generate the
@ -2315,12 +2279,12 @@ command...</guimenuitem> field from the <guimenu>Start</guimenu> menu.
</sect2>
<sect2>
<title>Always Make First Client Connection as root or <quote>printer admin</quote></title>
<title>Always Make First Client Connection as root or printer administrator</title>
<para>
After you installed the driver on the Samba server (in its <smbconfsection name="[print$]"/> share), you
should always make sure that your first client installation completes correctly. Make it a habit for yourself
to build the very first connection from a client as <smbconfoption name="printer admin"/>. This is to make
to build the very first connection from a client as a printer administrator"/>. This is to make
sure that:
</para>
@ -2354,8 +2318,8 @@ To connect as root to a Samba printer, try this command from a Windows 200x/XP D
<para>
You will be prompted for <constant>root</constant>'s Samba password; type it, wait a few seconds, click on
<guibutton>Printing Defaults</guibutton>, and proceed to set the job options that should be used as defaults
by all clients. Alternatively, instead of root you can name one other member of the <smbconfoption
name="printer admin"/> from the setting.
by all clients. Alternatively, instead of root you can give one other member printer adminadministrator
privileges.
</para>
<para>
@ -2458,7 +2422,7 @@ is how I reproduce it in an XP Professional:
Do you see any difference in the two settings dialogs? I do not either. However, only the last one, which you
arrived at with steps C.1 through C.6 will permanently save any settings which will then become the defaults
for new users. If you want all clients to have the same defaults, you need to conduct these steps as
administrator (<smbconfoption name="printer admin"/>) before a client downloads the driver (the clients can
administrator before a client downloads the driver (the clients can
later set their own per-user defaults by following procedures A or B above). Windows 200x/XP allow per-user
default settings and the ones the administrator gives them before they set up their own. The parents of the
identical-looking dialogs have a slight difference in their window names; one is called
@ -2602,7 +2566,7 @@ folder. Also located in this folder is the Windows NT Add Printer Wizard icon. T
<itemizedlist>
<listitem><para>
The connected user is able to successfully execute an <command>OpenPrinterEx(\\server)</command> with
administrative privileges (i.e., root or <smbconfoption name="printer admin"/>).
administrative privileges (i.e., root or a printer administrator).
</para>
<tip><para> Try this from a Windows 200x/XP DOS box command prompt:

View File

@ -333,13 +333,9 @@ mailing lists.
<indexterm><primary>global right</primary></indexterm>
<indexterm><primary>administrative rights</primary></indexterm>
<indexterm><primary>printers admin</primary></indexterm>
This privilege operates identically to the <smbconfoption name="printer admin"/>
option in the &smb.conf; file (see section 5 man page for &smb.conf;)
except that it is a global right (not on a per-printer basis).
Eventually the smb.conf option will be deprecated and administrative
rights to printers will be controlled exclusively by this right and
the security descriptor associated with the printer object in the
<filename>ntprinters.tdb</filename> file.
Administrative rights to printers are only controlled exclusively
by this right and the security descriptor associated with the
printer object in the registry.
</para></listitem>
</varlistentry>

View File

@ -287,7 +287,6 @@ The contents of the &smb.conf; file is shown in <link linkend="AnonPtrSvr">the A
<smbconfsection name="[printers]"/>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>

View File

@ -350,7 +350,6 @@ In alphabetical order, these are the parameters eliminated from Samba-2.2.x thro
<listitem><para>min password length</para></listitem>
<listitem><para>nt smb support</para></listitem>
<listitem><para>post script</para></listitem>
<listitem><para>printer admin</para></listitem>
<listitem><para>printer driver</para></listitem>
<listitem><para>printer driver file</para></listitem>
<listitem><para>printer driver location</para></listitem>

View File

@ -14,8 +14,8 @@
<para>Under normal circumstances, the Windows NT/2000 client will
open a handle on the printer server with OpenPrinterEx() asking for
Administrator privileges. If the user does not have administrative
access on the print server (i.e is not root or a member of the
<parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx()
access on the print server (i.e is not root or the priviledge
SePrintOperatorPrivilege, the OpenPrinterEx()
call fails and the client makes another open call with a request for
a lower privilege level. This should succeed, however the APW
icon will not be displayed.</para>
@ -30,7 +30,6 @@
<related>addprinter command</related>
<related>deleteprinter command</related>
<related>printer admin</related>
<value type="default">yes</value>
</samba:parameter>

View File

@ -1,27 +0,0 @@
<samba:parameter name="printer admin"
context="S"
type="list"
print="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This lists users who can do anything to printers
via the remote administration interfaces offered
by MS-RPC (usually using a NT workstation).
This parameter can be set per-share or globally.
Note: The root user always has admin rights. Use
caution with use in the global stanza as this can
cause side effects.
</para>
<para>
This parameter has been marked deprecated in favor
of using the SePrintOperatorPrivilege and individual
print security descriptors. It will be removed in a future release.
</para>
</description>
<value type="default"></value>
<value type="example">admin, @staff</value>
</samba:parameter>

View File

@ -90,7 +90,7 @@ echo -e " \n\
# driver info and related files from a Windows NT print server.
# It then uploads and installs the drivers to a Samba server. (The
# Samba server needs to be prepared for this: a valid [print$]
# share, with write access set for a \"printer admin\".)
# share, with write access set for a user with SePrintOperatorPrivilege.)
#
# The main commands used are \"smbclient\" and \"rpcclient\" combined
# with \"grep\", \"sed\" and \"awk\". Probably a Perl or Python script
@ -143,15 +143,15 @@ echo -e " \n\
# #################################################################
#
# ntprinteradmin=Administrator # any account on the NT host
# # with \"printer admin\" privileges
# ntadminpasswd=not4you # the \"printer admin\" password on
# # with SePrintOperatorPrivilege privileges
# ntadminpasswd=not4you # the printer admin password on
# # the NT print server
# nthost=windowsntprintserverbox # the netbios name of the NT print
# # server
#
# smbprinteradmin=knoppix # an account on the Samba server
# # with \"printer admin\" privileges
# smbadminpasswd=2secret4you # the \"printer admin\" password on
# # with SePrintOperatorPrivilege privileges
# smbadminpasswd=2secret4you # the printer admin password on
# # the Samba server
# smbhost=knoppix # the netbios name of the Samba
# # print server

View File

@ -90,9 +90,6 @@
; Uncomment the following if you wish to sync unix and smbpasswd
; unix password sync = yes
; Printer admin account to allow uploading printer drivers
printer admin = lp
; Sample winbindd configuration parameters - uncomment and
; change if necessary for your desired configuration
; winbind uid = 50000-60000