[Samba] PointnPrint Permissions

Henry McLaughlin henry at incred.com.au
Mon Nov 23 23:09:19 UTC 2015 

On 23/11/15 19:34, Henry McLaughlin wrote:
>/Printer has been setup, shared and confirmed as working. />//>/Using the following guide: />/https://wiki.samba.org/index.php/Configuring_Point%27n%27Print_automatic_printer_driver_deployment 
/>//>/1) I have granted print operator privileges to "Domain Admins" />//>/user at jupiter <https://lists.samba.org/mailman/listinfo/samba>:~$ net 
rpc rights list accounts -U'ABC\administrator' />/Enter INCRED\administrator's password: />/BUILTIN\Print Operators />/No privileges assigned />//>/BUILTIN\Account Operators />/No privileges assigned />//>/BUILTIN\Backup Operators />/No privileges assigned />//>/BUILTIN\Server Operators />/No privileges assigned />//>/ABC\Domain Admins />/SePrintOperatorPrivilege />/SeDiskOperatorPrivilege />//>/BUILTIN\Administrators />/SeMachineAccountPrivilege />/... />/SeEnableDelegationPrivilege />//>/Everyone />/No privileges assigned />//>/user at jupiter <https://lists.samba.org/mailman/listinfo/samba>:~$ />//>//>/When creating the [print$] share />//>/2) I have created the share in smb.conf and it can be seen in Windows: />//>/[print$] />/path = /srv/samba/Printer_drivers/ />/comment = Printer drivers />/writeable = yes />//>//>/3) I have created the physical folder (default permissions as per guide): />//>/user at jupiter <https://lists.samba.org/mailman/listinfo/samba>:~$ ls 
-l /srv/samba />/total 12 />/drwxrwxr-x 2 root domain admins 4096 Nov 22 21:38 Demo />/drwxrwxr-x 2 root domain admins 4096 Nov 15 11:51 Finance />/drwxr-xr-x 2 root root 4096 Nov 24 06:00 Printer_drivers />/user at jupiter <https://lists.samba.org/mailman/listinfo/samba>:~$ />//>/3) When I try to set the permissions of the share using Windows ACLs I am />/given a permission denied error: />/"An error occurred whilst applying security information to: />/\\JUPITER.AD.ABC.COM.AU\print$ />/Access is denied" /
Well you would :-)

  From the above the Unix ownership of the directory is 'rwxr-xr-x'
root:root. This means that the user 'root' has full control, the 'root'
group has read permissions and can enter the directory, 'others' (this
includes Domain Admins) have the same rights as the 'root' group. So
from this you can see, whilst members of 'Domain Admins' can enter the
dir and read what is in it, they cannot write to anything.

Try changing the group ownership of the share to match the other two shares.

Rowland

Thanks Rowland. I used:
chmod g=rwx /srv/samba/Printer_drivers/
chgrp "Domain Admins" /srv/samba/Printer_drivers/

I tried this earlier and it didn't work. Tried again and it now works.

user at jupiter:~$ ls -l /srv/samba
total 16
drwxrwxr-x  2 root domain admins 4096 Nov 22 21:38 Demo
drwxrwxr-x  2 root domain admins 4096 Nov 15 11:51 Finance
drwxrwx---+ 4 root domain admins 4096 Nov 24 08:12 Printer_drivers
user at jupiter:~$

I have now been able to upload a 32 & 64 driver for my printer without 
errors however they do not appear in the list of installed drivers in 
Windows. On the server they do appear to have been uploaded:

user at jupiter:~$ sudo ls -l /srv/samba/Printer_drivers/
total 16
drwxrwx---+ 3 administrator domain users 4096 Nov 24 08:12 W32X86
drwxrwx---+ 3 administrator domain users 4096 Nov 24 08:11 x64

user at jupiter:~$ sudo ls -l /srv/samba/Printer_drivers/W32X86
total 8
drwxrwx---+ 2 administrator domain users 4096 Nov 24 08:12 3

user at jupiter:~$ sudo ls -l /srv/samba/Printer_drivers/x64
total 8
drwxrwx---+ 2 administrator domain users 4096 Nov 24 08:11 3

Each of the two "3" subfolders appear to contain the driver files

When I attempt to connect to the printer from a Windows client I receive 
the following error:
"Windows cannot connect to the printer. The print processor does not exist"

More information about the samba mailing list