troubleshooting Question

"Administrator" job, SMBPRN,  bad postscript;   CUPS

Avatar of bharold
bharold asked on
LinuxDocument Imaging
1 Comment1 Solution2261 ViewsLast Modified:
I've got something really weird going on.   Something, somewhere, in my network, is generating print jobs agaisnt all defined printers,  the userid is Administrator,  with the job name  of the form "smbprn_00000002 Remote Downlevel Document ",  the userid "Administrator ",  the job size arond  104k .       All printers on a given system seem to be queued the job,  which appears to have been generated on a Windows box,  at least has some garbage at the start of the file that claims it can't run under DOS!    The postscript datastream is bogus,  resulting in 2 or 3 lines of output PER page, a ream or so of paper to print  the job.   Needless to say, I wasn't in good graces with other  users of the printroom!

The smbprn part of the file name made me think this was coming in via Samba,  I turned off Samba print (wasn't using it, so no loss),  but had subsequent 'attacks'.

I am not sure what is causing this,  something I am doing,   or,  some external cause.

I tried to track down where the offending jobs came from,   but am not sure I am, or can, be succesful.   My network has WinXP and Linux boxes (Cups running on the Linux boxes).   The WinXP boxes use LPR for Linux print queues,   and these WinXP 'printers' were shared, eg allowed access for SMB or LPR.   In addition, the CUPS print queues were shared between other CUPS servers on the same subnet.

I started by turning off Samba print,  and unSharing the WinXP print queues.    Thought that did it,  then had another 'attack'.    Following the cups access log,  tracked back two of the bad files, I *think* to a WinCenter server in another lab, and to a WebSphere server in another lab.    I changed the access limits on the CUPS server to only allow access from within MY lab subnet,  so far haven't seen another attack,  but I am not confident that I have solved the issue.

Does the job name offer any clue?
ASKER CERTIFIED SOLUTION
owensleftfoot

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros