[Samba] Printer management on Samba server connected to ADS
R. Gruyters
r.gruyters at yirdis.nl
Mon Sep 3 11:52:05 GMT 2007
Hello,
Last week we'd moved our PDC (Samba) to RDM (Active Directory). Everything
(almost) went okay, but I encounter some problems with the printers which
are connected to the Samba server.
We have three printers connected to the Samba server, when I try to update
the properties of each printer, It doesn't allow me to update them. (e.g.
paper format, tray configuration, duplex, etc)
I have tried to set the "SePrintOperatorPrivilege", but it doesn't allow me
to do so.
$ net -Urobin rpc rights grant 'DOMAIN\Domain Admins'
SePrintOperatorPrivilege
Password:
Failed to grant privileges for DOMAIN\Domain Admins
(NT_STATUS_ACCESS_DENIED)
When I check the user permissions:
$ id robin
uid=20006(robin) gid=20004(domain users) groups=20004(domain users),
20019(domain admins), 20000(BUILTIN\administrators)
When I create a usermap to link my account with root, it works perfectly.
$ echo "root = DOMAIN\robin" > /usr/local/etc/smb.usermap
$ net -Urobin rpc rights grant 'DOMAIN\Domain Admins'
SePrintOperatorPrivilege
Password:
Successfully granted rights.
When I remove the usermap and try to update the properties on a printer, It
still doesn't allow me to do so.
Has anybody got an idea? Do I need to reinstall each printer on the Samba
server?
Here is an overview of my smb.conf:
Server role: ROLE_DOMAIN_MEMBER
[global]
unix charset = ISO8859-1
workgroup = DOMAIN
realm = DOMAIN.NL
server string = YIRDIS Office Server
interfaces = xxx.xxx.xxx.xxx/24
security = ADS
password server = domain.nl
username map = /usr/local/etc/smb.usermap
log file = /var/log/samba/log.%m
max log size = 1024
os level = 32
wins server = xxx.xxx.xxx.xxx
ldap admin dn = cn=Samba, ou=SysAdm, dc=yirdis, dc=nl
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap suffix = dc=yirdis, dc=nl
ldap ssl = no
remote announce = xxx.xxx.xxx.xxx
remote browse sync = xxx.xxx.xxx.xxx
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 20000-40000
idmap gid = 20000-40000
template homedir = /home/samba/%D/%U
template shell = /bin/sh
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
[netlogon]
path = /data2/samba/netlogon/scripts/%g
locking = No
[profiles]
comment = Roaming Profiles
path = /data2/samba/profiles
admin users = "@DOMAIN\Domain Admins"
read only = No
create mask = 0700
directory mask = 0700
profile acls = Yes
hide files = /desktop.ini/
browseable = No
[homes]
comment = Home Directories
read only = No
hide files = /desktop.ini/
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Driver Download Area
path = /data3/samba/shares/printers
guest ok = Yes
Kind regards,
Robin Gruyters
Network and Security Engineer
YIRDIS
I: http://yirdis.com
P: +31(0)20 5659193
F: +31(0)20 5659190
More information about the samba
mailing list