[Samba] Shares requiring "Everyone" access...

Mon Aug 18 21:44:18 MDT 2014

Alright, in a last-ditch effort to resolve this, I did the extreme. I 
deleted the VM and created a new one. I did remove the old one from the 
domain first. I have the new one up, joined it to the domain, and 
followed the Samba printer guide to the letter and had zero issues doing 
so. However, I am still getting "Access is denied" in the event log and 
it refuses to map the printer. Any domain user can do "net use z: 
\\ps01\print$ /persistent:no" and get the drive, browse it, even copy 
files from it. I did setup the Kerberos keytab again, as Rowland 
suggested. Everything was as smooth as butter, it just won't grant access.

At this point I am going to stop troubleshooting my server. MY very last 
thought is that somehow a copy of Windows 7 that is about a month old 
has somehow got corrupted permissions or something somewhere that is 
blocking printer driver install. I am going to ask if any of you know of 
a way to get more info out of the Windows error beyond "0x00000002". If 
it would tell me some folder is denying access I could fix it, but how 
the heck would every computer on the domain have the same error at the 
exact same time? I just fail to believe every domain computer had the 
exact same issue on the exact same day at the exact same time. It is 
just unbelievable.

So, since I am not getting anything beyond an error number indicating 
access being denied, does anybody know how to dig into it? Without a 
log, I am hosed.

On 08/18/2014 01:11 PM, Ryan Ashley wrote:
> More work and rework. I double and triple-checked permissions on both 
> /var/spool/samba and /srv/samba/printer_drivers to verify they are 
> correct. They are. I went into print management and reinstalled the 
> driver to the server. I then went to the printer tab and selected the 
> driver for that printer. Still no dice. I can use print management to 
> see the ports, drivers, printers, and forms on the server just fine, 
> but it will NOT install and gives that dammed 0x00000002 error every 
> time. Event logs are useless because I do not know where the error is. 
> Is it a printer access error, driver share access error, or something 
> I do not know of?
>
> If you need the exact setup, here is my physical setup.
>
> 192.168.3.1 -> Xerox WorkCentre 7545 PCL6
> 192.168.0.3 -> PS01
> 192.168.1.1 -> Remote Workstation (Win7 Pro 64bit)
>
> The way I have deployed these printers before is with group policy 
> preferences. It has worked until now. I set the printer preference 
> port to th IP of the printer and then set the server to 
> "\\ps01\xerox7545". This worked for about two weeks and then stopped. 
> I cannot make it work now. It has been down for about three weeks and 
> while everybody can access the drivers, we are being denied access to 
> the printer itself. I will also note that using the official driver 
> for Linux does not fix this issue.
>
> On 08/18/2014 11:43 AM, Ryan Ashley wrote:
>> A further update. Since the printer was not being added via GPO as it 
>> should. I attempted to add it by hand to my remote workstation. If I 
>> try at add it using the Windows GUI, I get to the point where you 
>> select the printer (in my case, \\PS01\Xerox7545) and then is gives 
>> me error 0x00000002. The strange thing however, is that I CAN access 
>> the driver share as both an admin user AND a normal domain user. 
>> Share permissions on "/var/spool/samba" are 1777 per the guide, and I 
>> also added "Domain Users", "Domain Computers", and "Domain Admins" to 
>> the list, but no dice.
>>
>