[Samba] ?==?utf-8?q? unable to upload printer driver
Heinz Hölzl
heinz.hoelzl at gvcc.net
Tue Dec 6 16:49:45 UTC 2016
HI,
> Which brother printer is it ? you didnt tell us that.
I tryed it with various drivers, e.g. HP Laserjet Enterprise M603 PCL6
> Did you set the SePrivileges?
yes
> Did you configure the share with "POSIX" or WINDOWS rights. ?
Both.
On the frest try with POSIX, and now with WINDOWS rights
> And in the folder /srv/samba/Printer_drivers/
> make this symlink. : ls -s x64 X64
ll X64
lrwxrwxrwx 1 root root 3 Dec 6 17:37 X64 -> x64/
net rpc rights list accounts -U'Klingons\administrator'
BUILTIN\Print Operators
SePrintOperatorPrivilege
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
KLINGONS\administrator
SePrintOperatorPrivilege
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
....
....
KLINGONS\Domain Admins
SePrintOperatorPrivilege
SeDiskOperatorPrivilege
>
>
>
> And this is my smb.conf
>
> [global]
>
> workgroup = NTDOM
>
> security = ADS
>
> realm = SOME.REALM.TLD
>
>
>
> preferred master = no
>
> domain master = no
>
> host msdfs = no
>
>
>
> interfaces = 192.168.0.5 127.0.0.1
>
> bind interfaces only = yes
>
> dns proxy = yes
>
>
>
> server signing = mandatory
>
> ntlm auth = yes
>
>
>
> tls enabled = yes
>
> tls keyfile = /etc/ssl/xxxxxxxxxxxx.key.pem
>
> tls certfile = /etc/ssl//xxxxxxxxxxxx..cert.pem
>
> tls cafile = /etc/ssl/certs/company-ca.pem
>
>
>
> idmap_ldb:use rfc2307 = yes
>
>
>
> idmap config * :backend = tdb
>
> idmap config * :range = 2000-9999
>
>
>
> idmap config NTDOM : backend = ad
>
> idmap config NTDOM : schema_mode = rfc2307
>
> idmap config NTDOM : range = 10000-3999999
>
>
>
> dedicated keytab file = /etc/krb5.keytab
>
> kerberos method = secrets and keytab
>
>
>
> winbind refresh tickets = yes
>
> winbind nss info = rfc2307
>
> winbind trusted domains only = no
>
> winbind use default domain = yes
>
> winbind enum users = yes
>
> winbind enum groups = yes
>
> winbind offline logon = yes
>
> winbind expand groups = 4
>
>
>
> username map = /etc/samba/samba_usermapping
>
> usershare path =
>
>
>
> vfs objects = acl_xattr
>
> map acl inherit = yes
>
> store dos attributes = yes
>
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
>
> hide unreadable = yes
>
>
>
> rpc_server:spoolss = external
>
> rpc_daemon:spoolssd = fork
>
> spoolss:architecture = Windows x64
>
>
>
> load printers = yes
>
> enumports command = /etc/samba/bin/show-ports.sh
>
>
>
> [print$]
>
> comment = Printer Drivers
>
> path = /home/samba/printing/drivers
>
> acl_xattr:ignore system acl = yes
>
> browseable = yes
>
> writable = yes
>
> guest ok = no
>
> write list = root, administrator, @"Domain Admins", @lpadmin, @"Print Operators"
>
>
>
> [printers]
>
> comment = All Printers
>
> path = /home/samba/printing/spool
>
> acl_xattr:ignore system acl = yes
>
> browseable = yes
>
> printable = yes
>
> printing = CUPS
>
>
>
>
>
> note on the Write list for print$.
>
>
>
> Im use Debian Jessie, with samba 4.4.5 ( debian stretch rebuild )
>
> To stay inline with other Debian settings im using the write list also.
>
> You need to add the needed SePrivileges on "Domain Admins" and "Print Operators"
>
>
>
> And the best tip i can give.
>
> Add on both shares : acl_xattr:ignore system acl = yes
>
> And configure ONLY WINDOWS ACL !
>
>
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
>
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Heinz Hölzl via
>
> > samba
>
> > Verzonden: dinsdag 6 december 2016 15:27
>
> > Aan: samba at lists.samba.org
>
> > Onderwerp: [Samba] unable to upload printer driver
>
> >
>
> > Hi list,
>
> >
>
> > i have a samba member-server in a samba4-AD with cups.
>
> > cups works fine, i can print the testpage from cups and from a
>
> > windowsclient.
>
> > but, i am not able to upload a printer driver to a samba4 print-server:
>
> >
>
> > i followed this howto:
>
> > https://wiki.samba.org/index.php/Configuring_Point%27n%27Print_automatic_p
>
> > rinter_driver_deployment
>
> >
>
> >
>
> > in printmanagement.msc i can add the server, and i can see the printer
>
> > configuerd in cups.
>
> > Then when i try to upload the driver, i get a "access is denied" on
>
> > windows and on the server i can see this :
>
> >
>
> > in the syslog:
>
> > Dec 06 15:05:38 pagh smbd[1127]: [2016/12/06 15:05:38.360276, 0]
>
> > ../source3/rpc_server/spoolss/srv_spoolss_nt.c:8474(_spoolss_AddPrinterDri
>
> > verEx)
>
> > Dec 06 15:05:38 pagh smbd[1127]: _spoolss_AddPrinterDriverEx: level 8
>
> > not yet implemented
>
> > Dec 06 15:05:38 pagh smbd[1121]: [2016/12/06 15:05:38.377745, 0]
>
> > ../source3/printing/nt_printing.c:1039(move_driver_file_to_download_area)
>
> > Dec 06 15:05:38 pagh smbd[1121]: move_driver_file_to_download_area:
>
> > Unable to rename [x64/bribmf03] to [x64/3/BRIBMF03]:
>
> > NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> >
>
> >
>
> > smb.conf:
>
> > [global]
>
> > bind interfaces only = Yes
>
> > interfaces = lo eth0
>
> > netbios name = PAGH
>
> > security = ADS
>
> > workgroup = KLINGONS
>
> > realm = KLINGONS.GVCC.NET
>
> > #log file = /srv/samba/var/samba/%m.log
>
> > log level = 3
>
> > #dedicated keytab file = /etc/krb5.keytab
>
> > kerberos method = secrets and keytab
>
> > winbind refresh tickets = yes
>
> > #vfs objects = recycle
>
> > #recycle: repository = .recycle/%U
>
> > #recycle: keeptree = yes
>
> > #recycle: versions = yes
>
> > #recycle: touch = yes
>
> > #recycle: exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.lnk
>
> > winbind trusted domains only = no
>
> > winbind use default domain = yes
>
> > winbind enum users = no
>
> > winbind enum groups = no
>
> > #winbind nss info = rfc2307
>
> > winbind nss info = template
>
> > template homedir = /home/%U
>
> > template shell = /bin/bash
>
> >
>
> > # idmap config used for your domain.
>
> > # Choose one of the following backends fitting to your
>
> > # requirements and add the corresponding configuration.
>
> > # - idmap config ad
>
> > # - idmap config rid
>
> > # - idmap config autorid
>
> > idmap config *: backend = tdb
>
> > idmap config *:range = 300000-400000
>
> > idmap config KLINGONS : backend = ad
>
> > idmap config KLINGONS : schema_mode = rfc2307
>
> > idmap config KLINGONS : range = 500-290000
>
> > #allow insecure wide links = yes
>
> > unix charset = utf8
>
> > hosts allow = localhost, 100.0.0.0/255.0.0.0,
>
> > 172.27.0.0/255.255.0.0, 172.20.0.0/24
>
> > logon path =
>
> > logon home = \\%N\%U
>
> > logon drive = k:
>
> > hide unreadable = no
>
> > read only = no
>
> > store dos attributes = yes
>
> > dos filemode = yes
>
> > map readonly = no
>
> > map system = no
>
> > map hidden = no
>
> > map archive = no
>
> > create mode = 0770
>
> > force create mode = 0770
>
> > directory mask = 0770
>
> > force directory mode = 2000
>
> > inherit acls = yes
>
> > rpc_server:spoolss = external
>
> > rpc_daemon:spoolssd = fork
>
> > load printers = yes
>
> > printing = cups
>
> > printcap name = cups
>
> > auth methods = guest sam winbind
>
> >
>
> >
>
> >
>
> > [printers]
>
> > path = /srv/samba/var/spool
>
> > printable = yes
>
> > printing = CUPS
>
> > #guest ok = Yes
>
> > #browseable = No
>
> >
>
> > [print$]
>
> > path = /srv/samba/Printer_drivers/
>
> > comment = Printer drivers
>
> > writeable = yes
>
> > read only = no
>
> > admin users = root, Administrator, @Domain Admins
>
> > acl group control= yes
>
> > force directory mode= 0755
>
> > directory mask= 0755
>
> > force create mode= 0644
>
> > create mask= 0644
>
> >
>
> > ls -l /srv/samba/Printer_drivers
>
> > total 0
>
> > drwxrwsr-x 9 root domain admins 94 Dec 6 15:16 ./
>
> > drwxr-xr-x 5 root root 52 Dec 6 08:39 ../
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 IA64/
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 W32ALPHA/
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 W32MIPS/
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 W32PPC/
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 W32X86/
>
> > drwxr-sr-x 2 root domain admins 6 Dec 6 15:16 WIN40/
>
> > drwxrwsr-x 3 root domain admins 14 Dec 6 15:15 x64/
>
> >
>
> > What went wrong on my setup?
>
> >
>
> > Thanks,
>
> > Heinz
>
> >
>
> >
>
> >
>
> > --
>
> > To unsubscribe from this list go to the following URL and read the
>
> > instructions: https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Heinz Hölzl
EDV-Abteilung | Ripartizione EDP
Südtiroler Gemeindenverband Genossenschaft
Consorzio dei Comuni della Provincia di Bolzano Societá Cooperativa
I – 39100 Bozen – Kanonikus-Michael-Gamper-Straße 10
I – 39100 Bolzano – via Canonico Michael Gamper 10
More information about the samba
mailing list