SW/samba-member
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CUPS persistence
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
CUPS domain administrator permission
dcerpc as a separate service
This commit is contained in:
Roman Vaníček
2022-12-15 02:09:05 +01:00
parent 9670e00722
commit 8bf39954d9
4 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Dockerfile
View File

@@ -55,8 +55,7 @@ RUN apt-get -y update && \
cups && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
systemctl enable sssd && \
mkdir -p /var/lib/samba/private
systemctl enable sssd
#RUN chmod 777 /home
@@ -67,9 +66,15 @@ COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
VOLUME /etc/samba /var/lib/samba
RUN mkdir -p /etc/cups-persist/ppd && \
ln -s /etc/cups-persist/printers.conf /etc/cups/printers.conf && \
ln -s /etc/cups-persist/ppd /etc/cups/ppd && \
sed -i "s:Listen localhost\:631:Port 631\nServerAlias \*:" /etc/cups/cupsd.conf && \
sed -E -i "s:(Order allow\,deny):\1\n Allow all:" /etc/cups/cupsd.conf
EXPOSE 137 138 139 445
VOLUME /etc/samba /var/lib/samba /etc/cups-persist
EXPOSE 135 137 138 139 445 631 9100
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]

6
entrypoint.sh
View File

@@ -113,12 +113,18 @@ if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
echo "Joining domain using net ads"
mkdir -p /var/lib/samba/private
mkdir -p /var/lib/samba/printerdrivers
net ads join -U"$ADMIN_ACCOUNT"%"$ADMIN_PASSWORD"
# Shares are not visible otherwise
chmod 666 /var/lib/samba/share_info.tdb
fi
# CUPS persistence and permissions
mkdir -p /etc/cups-persist/ppd
touch /etc/cups-persist/printers.conf
sed -i -E "s:^(lpadmin\:x\:[0-9]+\:)(.*)$:\1$ADMIN_ACCOUNT\,\2:" /etc/group
echo 'Restarting Samba using supervisord'
/etc/init.d/winbind stop
/etc/init.d/nmbd stop

15
smb.conf.j2
View File

@@ -1,6 +1,16 @@
# Generated by entrypoint.sh. Add customizations under /etc/samba/conf.d.
# DO NOT EDIT THIS FILE.
[printers]
path = /var/tmp/
printable = yes
cups options = "raw"
[print$]
comment = Printer drivers
path = /var/lib/samba/printerdrivers
read only = no
[global]
netbios name = {{ NETBIOS_NAME }}
realm = {{ REALM }}
@@ -18,3 +28,8 @@
winbind refresh tickets = Yes
winbind use default domain = {{ WINBIND_USE_DEFAULT_DOMAIN }}
rpc start on demand helpers = false
printing = cups
load printers = yes
dcerpc endpoint servers = +spoolss
rpcd_spoolss:idle_seconds=300

5
supervisord.conf
View File

@@ -19,7 +19,10 @@ redirect_stderr=true
command=/usr/sbin/winbindd --foreground --no-process-group
redirect_stderr=true
[program:dcerpcd]
command=/usr/libexec/samba/samba-dcerpcd --libexec-rpcds --foreground --no-process-group
redirect_stderr=true
[program:cups]
command=/usr/sbin/cupsd -f
redirect_stderr=true