[Samba] Print server not loading drivers

Luke Barone lukebarone at gmail.com
Tue Jul 12 23:16:31 UTC 2022 

As an update: I updated to 4.15.7-Debian with Louis' repo, same issue as
before.

On the Samba side, I now see the following errors:

smbd[878]: [2022/07/12 16:05:10.695929,  0]
../../source3/printing/nt_printing.c:1466(move_driver_file_to_download_area)
smbd[878]:   move_driver_file_to_download_area: Unable to rename
[x64/{CD3870D5-31DF-48AF-A911-E815D8AF7DD4}/KOAXOA_D.PPD.NTamd64] to
[x64/3/KOAXOA_D.PPD.NTamd64]: NT_STATUS_OBJECT_NAME_NOT_FOUND
smbd[878]: [2022/07/12 16:05:10.699872,  0]
../../source3/rpc_server/spoolss/srv_spoolss_nt.c:8664(_spoolss_AddPrinterDriverEx)
smbd[878]:   _spoolss_AddPrinterDriverEx: move_driver_to_download_area
failed - WERR_APP_INIT_FAILURE

# ls -lah /usr/local/share/printer_drivers/x64/

drwxrwsr-x+  5 root               TEST/domain admins 4.0K Jul 12 16:05 .
drwxrwsr-x+ 11 TEST/domain admins TEST/domain admins 4.0K Jul  7 14:44 ..
drwxrws---+  2 TEST/lbarone       TEST/domain users  4.0K Jul 12 15:40 3
drwxrws---+  2 TEST/lbarone       TEST/domain users  4.0K Jul 12 16:05
{CD3870D5-31DF-48AF-A911-E815D8AF7DD4}
drwxrwsr-x+  2 root               TEST/domain admins 4.0K Jul  7 14:44 PCC

# net rpc rights list privileges SePrintOperatorPrivilege -UAdministrator
Password for [TEST\Administrator]:
SePrintOperatorPrivilege:
  BUILTIN\Administrators
  TEST\Domain Admins

I re-applied the `chmod -R 2775 /usr/local/share/printer_drivers/`
permissions, and was able to get the driver to copy into the `3` folder,
but I still get the popup to install locally, and failing.

On Thu, Jul 7, 2022 at 11:21 AM Luke Barone <lukebarone at gmail.com> wrote:

> Hi List,
>
> I'm working on setting up a print server using Samba 4.13.13 for Debian. I
> have the DC running in another VM, and the print server (PS1) is joined as
> a member server. I have the printers loaded in CUPS, and followed the
> config guide from the Wiki. I have set the Group Policy to trust the FQDN
> of this print server, and to allow the printer to install without UAC
> prompts.
>
> When I browse to \\PS1.example.com, I can see all the printers listed.
> Good! I move on to the Print Management step.
>
> I load up the FQDN of the server, add the driver (a Type 3 x64 Windows 10
> driver, matching my machine), all good. When I go to Properties of the
> Printer, I choose No, go to Advanced, choose the driver, and hit OK.
> Normally, it'd install the driver and I could start configuring it. What's
> happening now is I get a message "The 'KONICA MINOLTA 368SeriesPCL SP'
> printer driver is nto installed on this computer. Some printer properties
> will not be accessible unless you install the printer driver. Do you want
> to install the driver now?". If I choose No, I don't get to configure much
> on the printer - the name and a few other things. If I click Yes, I go
> through the Add Driver wizard, selecting the same driver, installing it,
> then I get the same basic printer properties dialog as if I said No.
>
> I tried the rpcclient commands listed at the bottom of the Print Server
> wiki, and confirmed the driver does show up:
>
>         flags:[0x800000]
>         name:[\\LOCALHOST\DUCH-Counselling]
>         description:[\\LOCALHOST\DUCH-Counselling,KONICA MINOLTA
> 368SeriesPCL SP,Konica Minolta bizhub 308]
>         comment:[Konica Minolta bizhub 308]
>
> I am a member of the Domain Admins group while doing this, and verified I
> have the SeDiskOperatorPrivilege and SePrintOperatorPrivilege on the print
> server. What am I missing? (Yes, I rebooted both client and server)
>
> Here is my smb.conf:
>
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
> Server role: ROLE_DOMAIN_MEMBER
>
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         client signing = required
>         disable netbios = Yes
>         interfaces = lo enp1s0
>         log file = /var/log/samba/%m.log
>         realm = DUCH.EXAMPLE.COM
>         security = ADS
>         server role = member server
>         server signing = required
>         template homedir = /home/duch/%U
>         winbind separator = /
>         workgroup = DUCH
>         spoolss: architecture = Windows x64
>         rpc_daemon:spoolssd = fork
>         rpc_server:spoolss = external
>         idmap config duch : range = 100000-199999
>         idmap config duch : backend = rid
>         idmap config * : range = 70000-99999
>         idmap config * : backend = tdb
>         map acl inherit = Yes
>         vfs objects = acl_xattr
>
>
> [printers]
>         browseable = No
>         path = /var/spool/samba/
>         printable = Yes
>
>
> [print$]
>         path = /usr/local/share/printer_drivers/
>         read only = No
>

More information about the samba mailing list