I have done this repeatedly many years ago, but see that stuff may have changed.
Although I set browseable = yes for [printers], testparm reports browseable = No
Even if I try to acces "hidden" printers by their Netbios address, I get an error in my WIN7 test laptop.
Following
https://www.samba.org/~ab/output/htmldo ... nting.html
I try root@alg:/etc/samba$ ldd `which smbd` | grep cups
Does this mean that libcups was "forgotten" to be built into bookworm's Samba?
Or just that things have changed?
Code: Select all
[globals]
...........
# ========= cups stuff
# https://oprtr.org/cups-printserver-fur-alte-drucker-einrichten/
load printers = yes
printing = cups
printcap name = cups
map to guest = bad user
guest account = nobody
browseable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = Yes
# public = Yes
# guest ok = Yes
writeable = no
printable = yesCode: Select all
[global]
bind interfaces only = Yes
interfaces = enp1s0.274
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
ntlm auth = ntlmv1-permitted
panic action = /usr/share/samba/panic-action %d
printcap name = cups
security = USER
server min protocol = CORE
server role = standalone server
workgroup = ROSNER
idmap config * : backend = tdb
[printers]
browseable = No
comment = All Printers
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[SCANS]
comment = canon Maxify MB5100 SCANS
create mask = 0770
force group = scan2smb
guest ok = Yes
path = /media/nfs/cleo/scans
read only = No
Debian version 12.9 (fresh install)
Samba 2:4.17.12+dfsg-0+deb12u1
cups 2.4.2-3+deb12u8
-----------------------------------------
Full story - may be hidden quirks/side effects?
Or may be my setup and expectations are a bit weird?
anyway ....
I'm going to segment my network into different vlans.
My idea was to build a samba/cups gateway (call it ALG aka application layer gate) on OSI layer 7, some kind of proxy, to hide the real data "VAULT" from direct access from lesser trusted segments of my network.
For that purpose I've seet up a multi homed (single NIC, multiple vlan subnets) ALG box.
I managed to deliver scans from a Canon Maxify (hence the deprecated protocols) to the SCAN share on ALG and show them on WIN test clients.
This share is on a nfs, combined from multiple bind mounts, residing on, on my "real" VAULT samba server, so that other user data beyond scans are not exposed to protocols from the last millenium.
Tested, works - possible hidden side effects?
Cups on my ALG is forwarding 3 printers via IPP to VAULT. It's tested to work with cups testpages, linux clients, WIN IPP configuration and androids.
I tried "IPP everywhere" with this mDNS stuff, but can't get WIN7 (haven't bothered WIN10 / WIN11 users yet to test) to find IPP printers on *.local.
So for easy setup of WIN boxes, I tried to fall back to "good old" cups over samba.
Did I just miss some silly detail?
Does the new OpenPrinting cups break old reliabilities?
Or does my multi-subnet-proxy setup incur some weird side effects?
