[Samba] point n print driver deployment for canon ip7250
Rowland Penny
rpenny at samba.org
Sun Nov 27 16:32:05 UTC 2016
See inline comments:
Sun, 27 Nov 2016 14:31:44 +0000
niya levi via samba <samba at lists.samba.org> wrote:
> > On Mon, 21 Nov 2016 13:42:57 +0100
> > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> >
> >> Hi,
> >>
> >> Yes thats correct.
> >> But try the following.
> >> Make sure you use the usermapping.
> >>
> >> username map = /etc/samba/samba_usermapping
> >> containing:
> >> !root = NTDOM\Administrator NTDOM\administrator Administrator
> >> administrator
> >>
> >> And according to the wiki.
> >> (https://wiki.samba.org/index.php/Configuring_Point%27n%27Print_automatic_printer_driver_deployment)
> >>
> >> For POSIX ACLs:
> >> # chgrp -R "SAMDOM\Domain Admins" /srv/samba/Printer_drivers/
> >> # chmod -R 2755 /srv/samba/Printer_drivers/
> >> Is wrong in my opinion.
> >>
> >> # chmod -R 2775 /srv/samba/Printer_drivers/
> >> Looks better to me.
> >>
> >> How else are "members of domain admins" allowed to write in
> >> the /srv/samba/Printer_drivers/ folder?
> >>
> >> Rowland, can you confirm this?
> > Fixed
> >
> i also thought the permissions looked odd
> but resisted going against the wiki
> until advised by more knowledgeable minds.
> >> But i use the
> >> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs setup.
> > This is my share setup:
> > [print$]
> > comment = Printer Drivers
> > path = /home/samba/printing/drivers
> > acl_xattr:ignore system acl = yes
> > writable = yes
> > guest ok = no
> does acl_xattr:ignore system acl = yes mean ignore posix acls ?
If you mean ignore the Unix ACLs, then yes.
> > Perhaps we need to also add a note that it is better to use windows
> > ACLs
Done.
> last tip. ( for win64 drivers )
> > cd /smb/Printer_drivers
> > ln -s x64 X64
> >
> > i noticed some drivers used capital X in the X64
> >
> >
> >
> > Greetz,
> >
> > Louis
>
> i have tried using rsat to alter the windows acl permissions a couple
> of times
> because i didn't get the permissions right on the previous attempts
> i ended up with permission denied when trying to alter permissions on
> the print$ share
> so i reset the acl's with the following commands
>
> $ sudo setfacl -b -R /smb/Printer_drivers/*
> $ sudo setfacl -b -R /smb/Printer_drivers/
> $ sudo setfacl -R -m default:group:"Domain
> Admins":rwx /smb/Printer_drivers/
>
> $ ls -al /smb/Printer_drivers/
> total 8
> drwxrwsr-x+ 1 root domain admins 84 Nov 22 01:47 .
> drwxr-xr-x 7 root root 4096 Nov 14 03:18 ..
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 IA64
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32ALPHA
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32MIPS
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32PPC
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 W32X86
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 WIN40
> drwxrwsr-x+ 1 root domain admins 0 Oct 30 15:25 x64
> lrwxrwxrwx 1 root domain admins 3 Nov 22 01:47 X64 -> x64
>
> $ sudo getfacl /smb/Printer_drivers/
> getfacl: Removing leading '/' from absolute path names
> # file: smb/Printer_drivers/
> # owner: root
> # group: domain\040admins
> # flags: -s-
> user::rwx
> group::rwx
> other::r-x
> default:user::rwx
> default:group::rwx
> default:group:domain\040admins:rwx
> default:mask::rwx
> default:other::r-x
>
> i still get the followig errors.
>
> Computer Management(TARDIS)\System Tools\SharedFolders\Shares\print$
> share permission tab
>
> =======================
> an error occurred while applying security information to
> \\TARDIS.AD.TISSISAT.COUK\print$
> failed to enumerate object in the container. access denied
> if i press continue i get
> unable to save permission changes on print$
> \\TARDIS.AD.TISSISAT.COUK\print$
> access is denied
>
> if i press cancel i get
> if you stop the propergation of permission settings,
> it might lead to a inconsistent state where objects have different
> settings. if you made this change by mistake you should apply the
> correct permission settings immediately.
>
> print management/print servers/TARDIS/drivers/add Driver
> ==================================================
> error
> failed to add driver
> access denied
>
>
>
>
I think you must be mixing up Windows and Posix ACLs, if I follow the
wiki, I get this:
root at devstation:/home/rowland# ls -la /var/lib/samba/Printer_drivers/
total 40
drwxrwx---+ 9 root root 4096 Nov 27 15:45 .
drwxr-xr-x 3 root root 4096 Nov 27 15:44 ..
drwxr-xr-x 2 root root 4096 Nov 27 15:45 IA64
drwxr-xr-x 2 root root 4096 Nov 27 15:45 W32ALPHA
drwxr-xr-x 2 root root 4096 Nov 27 15:45 W32MIPS
drwxr-xr-x 2 root root 4096 Nov 27 15:45 W32PPC
drwxr-xr-x 2 root root 4096 Nov 27 15:45 W32X86
drwxr-xr-x 2 root root 4096 Nov 27 15:45 WIN40
drwxr-xr-x 2 root root 4096 Nov 27 15:45 x64
getfacl /var/lib/samba/Printer_drivers/
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/Printer_drivers/
# owner: root
# group: root
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:2004:r-x
group:2005:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:2004:r-x
default:group:2005:rwx
default:mask::rwx
default:other::---
Rowland
More information about the samba
mailing list