https://bugzilla.novell.com/show_bug.cgi?id=661845
https://bugzilla.novell.com/show_bug.cgi?id=661845#c7
Johannes Meixner changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |Factory
--- Comment #7 from Johannes Meixner 2011-01-13 08:27:41 UTC ---
Implemented in yast2-printer 2.20.4
(already available via the "Printing" project) and
submitted to openSUSE:Factory via submitrequest 57971
There is now a check box in the "connection wizard" dialog for SMB:
[ ] Support for Windows Active Directory
It is checked if the link /usr/lib[64]/cups/backend/smb
points to /usr/bin/get_printing_ticket
If the user checks it, yast2-printer tests if the
package samba-krb-printing is installed and if not
it tries to install it.
If the user unchecks it, yast2-printer only lets the link
/usr/lib[64]/cups/backend/smb point to its traditional
target /usr/bin/smbspool but yast2-printer does not remove
the samba-krb-printing packet.
If the user likes to test the SMB connection when the check box
is checked, yast2-printer shows a popup which reads:
----------------------------------------------------------------------------
This is only a generic test which may untruly report failures
if authentication via Windows Active Directory is required.
In this case a particular user who is allowed to print via Active Directory
should log in and test by himself if he can print from Gnome or KDE.
----------------------------------------------------------------------------
The help text in yast2-printer is:
------------------------------------------------------------------------
By default CUPS runs backends (here smbspool) as user 'lp'.
When printing in a Windows Active Directory (AD) environment
the user 'lp' is not allowed to print in this environment
so that the traditional way to print via smbspool as user 'lp'
would not work.
For printing in an AD environment additionally
the RPM package samba-krb-printing must be installed.
In this case the CUPS backend 'smb' link
is changed to /usr/bin/get_printing_ticket
which is a wrapper to run smbspool as the original user
who submitted a particular print job.
When the Kerberos protocol is used for authentication
in an AD environment, a user gets a ticket granting ticket (TGT)
via the display manager during login at the Gnome or KDE desktop.
When smbspool is run as the original user who submitted
a particular print job, it can access the TGT of this user
and use it to pass the printing data to the SMB printer share
even in an AD environment with Kerberos authentication.
In this case neither a fixed user name nor a fixed password
has to be specified for authentication.
A precondition is that get_printing_ticket runs on the same host
where the user who submitted a particular print job is logged in.
This means that it must be set up on the workstation
for the particular user who will submit such print jobs
and the user's workstation must send its printing data
directly to the SMB printer share in the AD environment.
In particular it does not work on a separated CUPS server machine
where users who submit print jobs are not logged in.
------------------------------------------------------------------------
Lars,
does this look o.k. for you?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.