[Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even
though I do;-)
Glenn T. Arnold
garnold at unrealsolutions.com
Thu Jul 2 19:29:29 GMT 2009
Harry,
You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers.
root at server01:/var/lib/samba# getfacl printers/*
# file: printers/COLOR
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/IA64
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/showtrueconfig
# owner: root
# group: root
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
# file: printers/W32ALPHA
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/W32MIPS
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/W32PPC
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/W32X86
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/WIN40
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
# file: printers/x64
# owner: root
# group: Domain\040Admins
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::rwx
root at server01:/var/lib/samba#
-Glenn
----- Original Message -----
From: "Harry Jede" < walk2sun at arcor.de >
To: samba at lists.samba.org
Sent: Thursday , July 2, 2009 2:53:41 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)
On Donnerstag, 2. Juli 2009 wrote Glenn T. Arnold:
> Here is the rights on the /var/lib/samba/printers directory
>
> root at server01:/var/lib/samba# getfacl printers -R
> # file: printers
> # owner: root
> # group: Domain\040Admins
> user::rwx
> group::r-x
# grant Domain\040Admins write access
group::rwx
> group:Domain\040Admins:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:group::r-x
> default:group:Domain\040Admins:rwx
> default:mask::rwx
> default:other::r-x
--
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
-Glenn
----- Original Message -----
From: "Glenn T. Arnold" <garnold at unrealsolutions.com>
To: "samba" <samba at lists.samba.org>
Sent: Thursday, July 2, 2009 2:49:27 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-)
I found in the samba log for my machine the following error:
[2009/07/02 13:13:34, 0] groupdb/mapping.c:pdb_create_builtin_alias(802)
pdb_create_builtin_alias: Could not add group mapping entry for alias 545 (NT_STATUS_GROUP_EXISTS)
Any input on this would be appreciated! I researching this error now.
-Glenn
----- Original Message -----
From: "Glenn T. Arnold" <garnold at unrealsolutions.com>
To: "samba" <samba at lists.samba.org>
Sent: Thursday, July 2, 2009 2:09:15 PM GMT -05:00 US/Canada Eastern
Subject: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-)
I am setting up a OpenLdap PDC with file and print services on Ubuntu Jaunty. Jaunty ships with samba 3.3.2. I configured samba to just use the registry back in which I think is pretty cool! What happend when I use the Add print wizard to add my Windows XP drivers I get the famous "unable to install driver access denied" message. I can ssh into the box with my user id and create files in the /var/lib/samba/printers folder with no problem. I have gave the Domain Admins and root all privileges to manage the domain see bellow.
root at SERVER01:/var/lib/samba/printers# net rpc rights list root
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
net rpc rights list "Domain Admins"
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
Here is the rights on the /var/lib/samba/printers directory
root at server01:/var/lib/samba# getfacl printers -R
# file: printers
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/W32X86
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/W32ALPHA
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/showtrueconfig
# owner: root
# group: root
user::rw-
group::r-x #effective:r--
group:Domain\040Admins:rwx #effective:rw-
mask::rw-
other::r--
# file: printers/W32MIPS
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/x64
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/W32PPC
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/IA64
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/WIN40
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
# file: printers/COLOR
# owner: root
# group: Domain\040Admins
user::rwx
group::r-x
group:Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:Domain\040Admins:rwx
default:mask::rwx
default:other::r-x
I created a second share called printer drivers to prove I have rights to write to the /var/lib/samba/printers folder from a windows xp. Which I can create and copy files and folders with no problems through the print drivers share, but when I connect to the /var/lib/samba/printers folder through print$ I get access denied. But, I can add workstations to the domain with no problems, I can change security on the printer I am trying to upload a print driver with no problems. If you run smbstatus you can see when I connect with root that it only shows read only rights here is my smbstatus ouptput .
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
12885 0 DENY_NONE 0x100081 RDONLY NONE /var/lib/samba/printers . Thu Jul 2 13:13:34 2009
12885 0 DENY_NONE 0x100081 RDONLY NONE /var/lib/samba/printers . Thu Jul 2 13:13:34 2009
12471 10000 DENY_NONE 0x100081 RDONLY NONE /var/lib/samba/printers . Thu Jul 2 13:06:46 2009
12471 10000 DENY_NONE 0x100081 RDONLY NONE /var/lib/samba/printers . Thu Jul 2 13:06:46 2009
12471 10000 DENY_NONE 0x100081 RDONLY NONE /var/lib/samba/printers . Thu Jul 2 13:35:05 2009
12471 10000 DENY_NONE 0x100081 RDONLY NONE /home/gtarnold . Thu Jul 2 13:39:55 2009
Below is my smb.conf and my registry based any sugestions would be appreciated! Sorry for being so long winded!
-Glenn
smb.conf file
# Generated by /usr/sbin/modify_samba_config.pl
#
[global]
configbackend = registry
## Section - [smbsrvr]
[smbsrvr]
comment = test
maxconnections = 0
path = /smbsrvr
max connections = 0
#
# end of generated smb.conf
#
Samba registry backend configuration
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba]
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\Group Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\global]
"ldap group suffix"="ou=Groups"
"passwd program"="/usr/bin/passwd %u"
"add share command"="/usr/sbin/modify_samba_config.pl"
"netbios name"="SERVER01"
"delete share command"="/usr/sbin/modify_samba_config.pl"
"max log size"="1000"
"idmap uid"="10000-20000"
"map to guest"="bad user"
"add machine script"="sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\""
"printcap name"="cups"
"domain logons"="yes"
"delete user script"="sudo /usr/sbin/smbldap-userdel \"%u\""
"panic action"="/usr/share/samba/panic-action %d"
"shutdown script"="sudo /sbin/shutdown.sh"
"log file"="/var/log/samba/log.%m"
"preferred master"="yes"
"printing"="cups"
"unix extensions"="yes"
"logon drive"="H:"
"add user to group script"="sudo /usr/sbin/smbldap-groupmod -m \"%u\" \"%g\""
"inherit permissions"="Yes"
"ldap machine suffix"="ou=Computers"
"workgroup"="LCSD"
"ldap passwd sync"="yes"
"pam password change"="yes"
"ldap admin dn"="cn=admin,dc=someonenet,dc=net"
"registry shares"="yes"
"security"="user"
"domain master"="yes"
"eventlog list"="Application System Security SyslogLinux"
"abort shutdown script"="sudo /sbin/shutdown -c"
"add group script"="sudo /usr/sbin/smbldap-groupadd -p \"%g\""
"time server"="yes"
"ldap user suffix"="ou=People"
"ldap ssl"="no"
"delete user from group script"="sudo /usr/sbin/smbldap-groupmod -x \"%u\" \"%g\""
"obey pam restrictions"="yes"
"map acl inherit"="yes"
"usershare max shares"="0"
"add user script"="sudo /usr/sbin/smbldap-useradd -m \"%u\""
"dns proxy"="yes"
"set primary group script"="sudo /usr/sbin/smbldap-usermod -g \"%g\" \"%u\""
"interfaces"="eth0, lo"
"ldap idmap suffix"="ou=Idmap"
"passdb backend"="ldapsam:ldap://lcsms01.lynchclay.net"
"delete group script"="sudo /usr/sbin/smbldap-groupdel \"%g\""
"ldap suffix"="dc=lynchclay,dc=net"
"load printers"="yes"
"local master"="yes"
"unix password sync"="yes"
"passwd chat"="*Enter\\snew\\s*\\spassword:* %n\\n *Retype\\snew\\s*\\spassword:* %n\\n *password\\supdated\\ssuccessfully* ."
"change share command"="/usr/sbin/modify_samba_config.pl"
"svcctllist"="slapd gdm ufw networking samba webmin"
"template shell"="/bin/bash"
"server string"="%h server (MS File Server)"
"os level"="64"
"logon path"=""
"cups options"="raw"
"printcap cache time"="180"
"smb ports"="445"
"syslog"="2"
"socket options"="IPTOS_LOWDELAY TCP_NODELAY"
"logon script"="wkix32.exe logon.kix"
"idmap backend"="ldap:ldap://server01.someonenet.net"
"idmap gid"="10000-20000"
"winbind enum users"="yes"
"winbind enum groups"="yes"
"wins support"="yes"
"winbind use default domain "="yes"
"winbind separator"="\\"
"enable privileges"="yes"
"admin users"="@\"Domain Admins\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\netlogon]
"path"="/opt/samba/scripts"
"read only"="yes"
"comment "="Network Logon Service"
"guest ok"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\homes]
"guest ok"="no"
"read only"="no"
"directory mask"="0770"
"create mask"="0770"
"browseable"="no"
"nt acl support"="yes"
"hide dot files"="yes"
"force create mode "="0770"
"force directory mode"="0770"
"comment"="Home Directories"
"force group"="Domain Admins"
"dos file times"="yes"
"valid users"="%S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$]
"path"="/var/lib/samba/printers"
"comment"="Printer Drivers"
"write list "="@\"Domain Admins\",root"
"read only"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\c$]
"read only"="no"
"comment"="Admin Share"
"path"="/srv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\scripts$]
"comment"="Share use to edit login scripts"
"path"="/opt/samba/scripts"
"read only"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printers]
"comment "="All Printers"
"path"="/var/spool/samba"
"browseable "="no"
"public"="yes"
"guest ok"="yes"
"printable"="yes"
"writable"="yes"
"write list"="@\"Domain Admins\""
"admin users"="@\"Domain Admins\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\msstaffhome]
"guest ok"="no"
"read only"="no"
"directory mask"="0770"
"create mask"="0770"
"browseable"="no"
"nt acl support"="yes"
"hide dot files"="yes"
"force create mode "="0770"
"force directory mode"="0770"
"comment"="Home Directories for Staff"
"force group"="Domain Admins"
"dos file times"="yes"
"write list"="%S"
"path"="/home/msstaffhome/%U"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\msstdhome]
"guest ok"="no"
"read only"="no"
"directory mask"="0770"
"create mask"="0770"
"browseable"="no"
"nt acl support"="yes"
"hide dot files"="yes"
"force create mode "="0770"
"force directory mode"="0770"
"force group"="Domain Admins"
"dos file times"="yes"
"path"="/home/msstdhome/%U"
"comment"="Home Directories for Students"
"veto files"="/*.mp3/*.wma/*.mov/*.bat/*.exe/*.com/*.js/*.cmd/*.wsh/*.scr/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\drivers]
"path"="/opt/drivers"
"comment"="DriverPacks Repository"
"writelist"="@\"Domain Admins\""
"guest ok"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers]
"path"="/var/lib/samba/printers"
"read only"="no"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list