# Cannot access printers over network, visible but denied

## Gruelius

Hi all.

I believe this deserves a new thread since the old one was about sharing files (which we manage to do).

Anyway i have a printer setup in CUPS that can print test pages as many times as i like. My windows pc and my server are both in the workgroup ROSCH. I have set in cups in the gui to share access to the printers.

Anyway i am stumpted as to why i see this on my windows pc's

http://img.photobucket.com/albums/v403/Gruelius/Forums%20Pics/problemmo.jpg

And in the error logs for samba i see:

```

[2007/05/07 07:26:50, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

[2007/05/07 07:31:26, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

[2007/05/07 07:31:28, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

[2007/05/07 07:36:35, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

[2007/05/07 07:36:37, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

```

Here is my smb config and my cups config. the user julius has been added to the samba users

smb.conf

```

[global]

   workgroup = ROSCH

   server string = Samba Server %v

   printcap name = cups

   printing = cups

   load printers = yes

   log file = /var/log/samba/log.%m

   max log size = 100

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   interfeaces = lo eth1

   hosts allow = 127.0.0.1 192.168.0.*

   vfs object = vsan-clamav

   vscan-clamav:config-file = /etc/samba/vscan-oav.conf

   

   security = user

   force user = julius

   guest ok = Yes

   

   hosts allow = 127.0.0.1, 192.168.0., 192.168.1., 192.168.0.

   hosts deny = 0.0.0.0/0

   vfs objects = vscan-clamav

[print$]

   comment = Printer Drivers

   path = /etc/samba/printer

   browseable = yes

   guest ok = yes

   read only = yes

[printers]

   comment = All Printers

   path = /var/spool/samba

   printable = Yes

   browseable = No

   public = yes

   guest ok = yes

[Transfer]

   comment = Transferizzle

   path = /mnt/raid/tfer

   read only = No

[Tv Shows]

   comment = TV shit

   path = /mnt/raid/TV Shows/

   read only = Yes

```

cupsd.conf

```

LogLevel info

SystemGroup lpadmin

# Allow remote access

Port 631

Listen /var/run/cups/cups.sock

# Share local printers on the local network.

Browsing On

BrowseOrder allow,deny

BrowseAddress @LOCAL

DefaultAuthType Basic

<Location />

  # Allow shared printing and remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin>

  Encryption Required

  # Allow remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin/conf>

  AuthType Basic

  Require user @SYSTEM

  # Allow remote access to the configuration files...

  Order allow,deny

  Allow @LOCAL

</Location>

<Policy default>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>

    AuthType Basic

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

```

i am fairly sure i have set up the domain right, my network is just 5 windows pc's and the tux box. The linux server's name is tuxserver.

ive googled around and found many people with the same message but for different reasons so im a bit muddled and have no idea what to do.

Anyway thanks for the help

Julius

----------

## salahx

See your other thread - remove "julius" from the smbpasswd file, and add "map to guest = bad user" to [global] in your smb.conf.

----------

## Gruelius

I tried that and it still gives the same error. Network transfer still work tho.

Im 99% sure i removed all users by doing smbpasswd -x julius, smbpasswd -x root e.t.c. 

How can i check if i left any users. Here is my new file

```

[global]

   workgroup = ROSCH

   server string = Samba Server %v

   printcap name = cups

   printing = cups

   load printers = yes

   log file = /var/log/samba/log.%m

   max log size = 100

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   interfeaces = lo eth1

   hosts allow = 127.0.0.1 192.168.0.*

   vfs object = vsan-clamav

   vscan-clamav:config-file = /etc/samba/vscan-oav.conf

   

   security = user

   guest ok = Yes

   map to guest = bad user   

   force user = julius 

   hosts allow = 127.0.0.1, 192.168.0., 192.168.1., 192.168.0.

   hosts deny = 0.0.0.0/0

   vfs objects = vscan-clamav

[print$]

   comment = Printer Drivers

   path = /etc/samba/printer

   browseable = yes

   guest ok = yes

   read only = yes

   force user = julius

[printers]

   comment = All Printers

   path = /var/spool/samba

   printable = Yes

   browseable = No

   public = yes

   guest ok = yes

   force user = julius

[Transfer]

   comment = Transferizzle

   path = /mnt/raid/tfer

   read only = No

   force user = julius

[Tv Shows]

   comment = TV shit

   path = /mnt/raid/TV Shows/

   read only = Yes

   #writeable = yes

   force user = julius

```

Thanks for your help.

*edit*

in the guide at gentoo.org it says:

Warning: If you like to use Samba's guest account to do anything concerning printing from Windows clients: don't set guest only = yes in the [global] section. The guest account seems to cause problems when running cupsaddsmb sometimes when trying to connect from Windows machines. See below, too, when we talk about cupsaddsmb and the problems that can arise. Use a dedicated printer user, like printeruser or printer or printme or whatever. It doesn't hurt and it will certainly protect you from a lot of problems.

if i am mapping the users to a guest accound could that cause the problems?

----------

## Gruelius

I redid the samba config file so it was very basic, however using security = user, and setting map to guest = bad user and guest user = printinguser.

Anyway i could access the printer, however on my vista machine i got an error, the printer spooler would crash when i tried to print. It also crashed for an unknown reason when i tried to connect to the printer however it still added the printer.

The drivers i was using were just the ones within the windows default drivers thing.

Any help would really be appriciated. If i cant get past this block i will be being forced to use windows  :Sad: , incidentally does windows support mdadm raid5 arrays through some kind of software driver?

thanks

Julius

--------------------------------------------------------------

Edit.

I have determined it to just be vista. 

Now that the printer works i cant access files anymore  :Sad: 

```

# Samba config file created using SWAT

# from 127.0.0.1 (127.0.0.1)

# Date: 2007/05/09 04:49:27

[global]

        workgroup = ROSCH

        map to guest = Bad User

        guest account = printeruser

        printcap name = cups

        disable spoolss = Yes

        show add printer wizard = No

        printing = cups

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        interfaces = lo eth1

        bind interfaces only = yes

        vfs object = vscan-clamav

        vscan-clamav: config-file = /etc/samba/vscan-oamav.conf

[printers]

     comment = All Printers

        browseable = no

        printable = yes

        writable = no

        public = yes

        guest ok = yes

        path = /var/spool/samba/

[TV Shows]

        comment = TV Directory

        browseable = yes

        writeable = no

        public = yes

        path = /mnt/raid/TV Shows/

        guest ok = yes

        force user = printeruser

[Transfer]

        comment = File Tfer

        browseable = yes

        writeable = yes

        public = yes

        path = /mnt/raid/filedisk/

        guest ok = yes

        read only = no

        force user = printeruser

```

Ideas?

----------

## salahx

Drop the "guest account = printeruser" from [global], its not needed.

I suspect for the [TV Shows] and [Transfer] you don't want "force user = printeruser", rather the forced user should probably be the one who owns the files. However, if they are read-only shares are world accessible locally, you drop the "force user" for those shares

----------

## Gruelius

Good news everyone! it all works  :Very Happy: 

One slight issue though is that it seems that when is elect the printer in winows the app's almost crash (not even printing) suggesting an issue with communication, what should i be looking at? i remember someone telling me Samba + Cups and windows argue over something if you dont specify a setting.

----------

