[Samba] net rpc rights list SePrintOperatorPrivilege empty

lperoma at icloud.com lperoma at icloud.com
Fri Nov 4 11:52:39 UTC 2022

Dear all,

My member server hosts about 12 printers, have been working flawlessly for a long time, sharing CUPS printers. This machine is also the main file server.

After a couple of days of pain, I managed to reconstruct the server (fileserver) after stupidly changing from AD to RID idmapping.

The server hosts about 12 printers, have been working flawlessly for a long time. Now some users are printing as usual, som others can not print.

\\server displays all printers like if nothing had happened. If a domain Admin (or a user) clicks on one of the printers, you get a “Windows can not connect to printer” error.

Checking with Print Management, and printers show like this:

peromarta.org/downloads/printers.png <http://peromarta.org/downloads/printers.png>

Printers are not displaying names, and when I try right click properties, I get a “You do not hace access to this printer, some of the tabs will be missing”. However, I can display the properties, and even add Domains Admins to security tab and apply. Still I can’t see names.

Divers folder look like this:

peromarta.org/downloads/drivers.png <http://peromarta.org/downloads/drivers.png>

Where as before there were populated with the drivers. (/var/lib/samba/printer_drivers/ is showing the usual driver tree, with drivers actually there in the x64 folder.)

Relevant part of smb.conf is:

	# Printing 

	rpc_server:spoolss = external
	rpc_daemon:spoolssd = fork
	printing = CUPS
	spoolss: architecture = Windows x64
	load printers = yes
       path = /var/spool/samba/
       printable = yes

       path = /var/lib/samba/printer_drivers/
       read only = no

smb.conf has not been tangled with. /var/spool/samba is empty 

As I was writing this email, I notice 

net rpc rights list SePrintOperatorPrivilege

Shows empty.

If on the server I try 

net rpc rights grant "MAD\Domain Admins" SePrintOperatorPrivilege 
Enter password:
Successfully granted rights.

It looks okay, but then:

net rpc rights list SePrintOperatorPrivilege

Shows empty again. Assigning privileges from a DC yields the same result - empty list. This may be the problem? If so I have no idea how to fix it. 

Any help much appreciated. All the best, LP

More information about the samba mailing list