# Samba + cups NT_STATUS_ACCESS_DENIED

## raptor5001

I have my Vista machine printing successfully to my Linux box's Lexmark Z645 via IPP, but I'd like to use the lexmark drivers. So I set up samba and cups the way as was described on many sites (i.e. set up a raw queue for the printer etc) and when I try to print a test page from Vista, I get this in my log.smbd file:

```
[2007/08/15 18:23:59, 0] smbd/server.c:main(847)

  smbd version 3.0.24 started.

  Copyright Andrew Tridgell and the Samba Team 1992-2006

[2007/08/15 18:25:46, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Laptop1.  Error was NT_STATUS_ACCESS_DENIED

[2007/08/15 18:25:47, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Laptop1.  Error was NT_STATUS_ACCESS_DENIED

[2007/08/15 18:25:53, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Laptop1.  Error was NT_STATUS_ACCESS_DENIED
```

The Lexmark window on the Vista box says "Unable to communicate with printer." Also, I assume this is the same problem, but my XP machine won't print to it either. After I select the driver on XP, it just hangs.

My smb.conf:

```
[global]

   printing = cups

   netbios name = Aether

   workgroup = WORKGROUP

   load printers = yes

   guest ok = yes

   use client driver = yes

   map to guest = bad user

   security = share

   printcap name = cups

[printers]

   comment = All Printers

        path = /var/spool/samba

   browseable = no

   guest ok = yes

        printable = yes

        public = yes

        writable = no

   create mode = 0777

```

and my cupsd.conf:

```
LogLevel info

SystemGroup lpadmin

# Allow remote access

Port 631

Listen /var/run/cups/cups.sock

# Share local printers on the local network.

Browsing On

BrowseOrder allow,deny

BrowseAddress @LOCAL

DefaultAuthType Basic

User lp

Group lp

<Location />

  # Allow shared printing...

  Order allow,deny

  Allow localhost

  Allow 10.0.1.*

</Location>

<Location /admin>

  Encryption Required

  Order deny,allow

  Allow localhost

  Allow 10.0.1.*

</Location>

<Location /admin/conf>

  AuthType Basic

  Require user @SYSTEM

  Order deny,allow

  Allow localhost

  Allow 10.0.1.*

</Location>

<Policy default>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>

    AuthType Basic

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

```

I am pretty sure it's an issue with samba though, as IPP printing works. I did not execute any commands, like smbpasswd, because it should be unnecessary if I have it set up for guest ok, right?

Thanks for any help. This has been plaguing me for awhile.

----------

## raptor5001

Does anyone just have a Linux box with a printer shared via samba working?

If so maybe a recap of what you had to do incase I am doing something wrong?

Thanks.

----------

## raptor5001

Last bump, with hope.

----------

## nobspangle

```
security = share
```

Use

```
security = user
```

There is a reason why it is the default.

----------

## raptor5001

Thanks for the suggestion, nobspangle, but it had no effect. I have never used samba before; is there anything else I need to do other than configure the smb.conf file correctly and run it?

Maybe it is the windows computer? I saw a post on some forums talking about a back-connection from the Linux box to the Windows PC. I have no idea why the Windows PC's would be denying access...

----------

## transient

Do either windows computers have a firewall? Including the built-in windows firewall.

If so, check ports 137, 139 and 445.

----------

