[Samba] point n print driver deployment for canon ip7250
niya levi
niyalevi at gmail.com
Sun Nov 27 14:31:44 UTC 2016
> On Mon, 21 Nov 2016 13:42:57 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> Yes thats correct.
>> But try the following.
>> Make sure you use the usermapping.
>>
>> username map = /etc/samba/samba_usermapping
>> containing:
>> !root = NTDOM\Administrator NTDOM\administrator Administrator
>> administrator
>>
>> And according to the wiki.
>> (https://wiki.samba.org/index.php/Configuring_Point%27n%27Print_automatic_printer_driver_deployment)
>>
>> For POSIX ACLs:
>> # chgrp -R "SAMDOM\Domain Admins" /srv/samba/Printer_drivers/
>> # chmod -R 2755 /srv/samba/Printer_drivers/
>> Is wrong in my opinion.
>>
>> # chmod -R 2775 /srv/samba/Printer_drivers/
>> Looks better to me.
>>
>> How else are "members of domain admins" allowed to write in
>> the /srv/samba/Printer_drivers/ folder?
>>
>> Rowland, can you confirm this?
> Fixed
>
i also thought the permissions looked odd
but resisted going against the wiki
until advised by more knowledgeable minds.
>> But i use the
>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs setup.
> This is my share setup:
> [print$]
> comment = Printer Drivers
> path = /home/samba/printing/drivers
> acl_xattr:ignore system acl = yes
> writable = yes
> guest ok = no
does acl_xattr:ignore system acl = yes mean ignore posix acls ?
> Perhaps we need to also add a note that it is better to use windows ACLs
> last tip. ( for win64 drivers )
> cd /smb/Printer_drivers
> ln -s x64 X64
>
> i noticed some drivers used capital X in the X64
>
>
>
> Greetz,
>
> Louis
i have tried using rsat to alter the windows acl permissions a couple of
times
because i didn't get the permissions right on the previous attempts
i ended up with permission denied when trying to alter permissions on
the print$ share
so i reset the acl's with the following commands
$ sudo setfacl -b -R /smb/Printer_drivers/*
$ sudo setfacl -b -R /smb/Printer_drivers/
$ sudo setfacl -R -m default:group:"Domain Admins":rwx /smb/Printer_drivers/
$ ls -al /smb/Printer_drivers/
total 8
drwxrwsr-x+ 1 root domain admins 84 Nov 22 01:47 .
drwxr-xr-x 7 root root 4096 Nov 14 03:18 ..
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 IA64
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32ALPHA
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32MIPS
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32PPC
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32X86
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 WIN40
drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 x64
lrwxrwxrwx 1 root domain admins 3 Nov 22 01:47 X64 -> x64
$ sudo getfacl /smb/Printer_drivers/
getfacl: Removing leading '/' from absolute path names
# file: smb/Printer_drivers/
# owner: root
# group: domain\040admins
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::r-x
i still get the followig errors.
Computer Management(TARDIS)\System Tools\SharedFolders\Shares\print$
share permission tab
=======================
an error occurred while applying security information to
\\TARDIS.AD.TISSISAT.COUK\print$
failed to enumerate object in the container. access denied
if i press continue i get
unable to save permission changes on print$
\\TARDIS.AD.TISSISAT.COUK\print$
access is denied
if i press cancel i get
if you stop the propergation of permission settings,
it might lead to a inconsistent state where objects have different settings.
if you made this change by mistake you should apply the correct
permission settings immediately.
print management/print servers/TARDIS/drivers/add Driver
==================================================
error
failed to add driver
access denied
More information about the samba
mailing list