Craig White wrote:
On Fri, 2006-08-25 at 13:37 +1000, Brian Chadwick wrote:
hi all,
Having had a great time with Fedora FC5, I decided it was time I got to
know something about this SELinux stuff. So I did a clean install of
FC5, completely updated it and proceeded to try and get Samba going to
dole out services to my windoze machines.
I had a problem in that home directories were not accessible (permission
denied) from the windoze boxen. I did a little playing with the FC5
security configurator and discovered a boolean to enable samba to access
home directories, and then made that permanent using setsebool.
Now it comes to printing. I have tried every conceivable combination of
samba settings to no avail..windoze boxen cannot print to the smb printer.
I suspect that SELinux policies are somehow constraining this in much
the same way as the problem I had with accessing home directories.
Am I on the right track?.....point me in the right direction please :)
----
If the problem were selinux, you would see 'avc denied' errors
in /var/log/messages - I don't think that is the problem though.
add this or something like it in /etc/samba/smb.conf
load printers = yes
show add printer wizard = yes
printcap = cups
cups options = raw
printing = cups
printer admin = @"Domain Administrators"
use client driver = yes
[printers]
comment = Network Printers
printer admin = @"Print Operators"
path = /var/spool/samba
guest ok = yes
printable = yes
writable = no
read only = Yes
[print$]
path = /home/printers
guest ok = Yes
browseable = Yes
read only = Yes
printer admin = root Administrator
write list = root
create mask = 0664
directory mask = 0775
mkdir /var/spool/samba
chmod 777 /var/spool/samba
chmod +t /var/spool/samba
# someone can probably tell us the octal equivalent that would
# change the above 2 lines to one line
mkdir /home/printers
and since you are going to allow 'raw' printing, you have to enable raw
printing within cups...
remove the comment mark (the #) from /etc/cups/mime.convs
application/octet-stream application/vnd.cups-raw 0 -
remove the comment mark (the #) from /etc/cups/mime.types
application/octet-stream
per the instructions in each file, restart cups...
/sbin/service cups restart
probably unnecessary but restart samba...
/sbin/service smb restart
and you should be good to go
Craig
Craig
Samba was working "out of the box" without SELinux enabled ... I have
just done a complete, clean install, only difference being i enabled
SELinux ... (i did an install instead of a relabel) ...
Here are the relvant entries in smb.conf
load printers = yes
cups options = raw
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = yes
writable = no
printable = yes
The above is an excerpt from the unadulterated smb.conf installed by fedora.
If it is not SELinux doing something, then why does this cofigration
work perfectly when FC5 is setup without SELinux?
