Univention Bugzilla – Bug 30450
Free printing prohibits printing for everyone else
Last modified: 2013-05-02 16:37:50 CEST
When a computer rooms "Print mode" is set to "Free printing", the IPs of all clients get written to "hosts allow" of the print shares (in Samba). This prohibits printing of _every_ client except those actively selected for "Free printing" via a computer room.
Workaround: Force IP whitelist to be empty. The drawback of this workaround is that access to printers restricted via UDM "Access control" can't be forced. # ucr set --force samba/printmode/hosts/all=""; /etc/init.d/samba reload
The easiest workaround would remove the functionality of allowing free printing or to remove the functionality of controlling printer access via the computer room module.
The current source code says: /* if theres no deny list and no allow list then allow access */ /* if there is an allow list but no deny list then allow only hosts on the allow list */ /* if theres a deny list but no allow list then allow all hosts not on the deny list */ /* if there are both types of list then allow all hosts on the allow list */ /* if there are both types of list and it's not on the allow then allow it if its not on the deny */ So from this I would guess generally defining a deny list should do fix the problem. E.g. the workaround ucr set --force samba/printmode/hosts/none='""'; /etc/init.d/samba reload allows access from all adresses. So I guess it would help if univention/lib/share_restrictions.py would set this as a default in case a "hosts allow" list is configured and the "hosts deny" list would be empty.
The computer room module now sets samba/printmode/hosts/none to '""' if no other IP address will be set in this variable. '""' gets removed, if at least one IP address will be added to the deny list. Updatehint has been added in SVN: doku/branches/ucs-3.1/errata-ucs-school/README_UPDATE_3.1.2 The package has been built in the scopes "ucsschool" and "ucsschool-3.1-R2".
QA: please enable/disable/reset printing mode for a specific room and test if - the setting applies to computers of the selected room - the setting does not affect computers of other rooms - the setting does not affect the domaincontroller slave itself
(In reply to comment #4) > The computer room module now sets samba/printmode/hosts/none to '""' if no > other IP address will be set in this variable. '""' gets removed, if at least > one IP address will be added to the deny list. OK > Updatehint has been added in SVN: > doku/branches/ucs-3.1/errata-ucs-school/README_UPDATE_3.1.2 OK Changelog OK > The package has been built in the scopes "ucsschool" and "ucsschool-3.1-R2". OK (In reply to comment #5) > QA: please enable/disable/reset printing mode for a specific room and test if > - the setting applies to computers of the selected room > - the setting does not affect computers of other rooms > - the setting does not affect the domaincontroller slave itself OK
UCS@school 3.1 rev1 has been release in the App Center.