Hi List,
I'm working on setting up a print server using Samba 4.13.13 for Debian. I
have the DC running in another VM, and the print server (PS1) is joined as
a member server. I have the printers loaded in CUPS, and followed the
config guide from the Wiki. I have set the Group Policy to trust the FQDN
of this print server, and to allow the printer to install without UAC
prompts.
When I browse to \\PS1.example.com, I can see all the printers listed.
Good! I move on to the Print Management step.
I load up the FQDN of the server, add the driver (a Type 3 x64 Windows 10
driver, matching my machine), all good. When I go to Properties of the
Printer, I choose No, go to Advanced, choose the driver, and hit OK.
Normally, it'd install the driver and I could start configuring it.
What's
happening now is I get a message "The 'KONICA MINOLTA 368SeriesPCL
SP'
printer driver is nto installed on this computer. Some printer properties
will not be accessible unless you install the printer driver. Do you want
to install the driver now?". If I choose No, I don't get to configure
much
on the printer - the name and a few other things. If I click Yes, I go
through the Add Driver wizard, selecting the same driver, installing it,
then I get the same basic printer properties dialog as if I said No.
I tried the rpcclient commands listed at the bottom of the Print Server
wiki, and confirmed the driver does show up:
flags:[0x800000]
name:[\\LOCALHOST\DUCH-Counselling]
description:[\\LOCALHOST\DUCH-Counselling,KONICA MINOLTA
368SeriesPCL SP,Konica Minolta bizhub 308]
comment:[Konica Minolta bizhub 308]
I am a member of the Domain Admins group while doing this, and verified I
have the SeDiskOperatorPrivilege and SePrintOperatorPrivilege on the print
server. What am I missing? (Yes, I rebooted both client and server)
Here is my smb.conf:
# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
bind interfaces only = Yes
client signing = required
disable netbios = Yes
interfaces = lo enp1s0
log file = /var/log/samba/%m.log
realm = DUCH.EXAMPLE.COM
security = ADS
server role = member server
server signing = required
template homedir = /home/duch/%U
winbind separator = /
workgroup = DUCH
spoolss: architecture = Windows x64
rpc_daemon:spoolssd = fork
rpc_server:spoolss = external
idmap config duch : range = 100000-199999
idmap config duch : backend = rid
idmap config * : range = 70000-99999
idmap config * : backend = tdb
map acl inherit = Yes
vfs objects = acl_xattr
[printers]
browseable = No
path = /var/spool/samba/
printable = Yes
[print$]
path = /usr/local/share/printer_drivers/
read only = No
As an update: I updated to 4.15.7-Debian with Louis' repo, same issue as
before.
On the Samba side, I now see the following errors:
smbd[878]: [2022/07/12 16:05:10.695929, 0]
../../source3/printing/nt_printing.c:1466(move_driver_file_to_download_area)
smbd[878]: move_driver_file_to_download_area: Unable to rename
[x64/{CD3870D5-31DF-48AF-A911-E815D8AF7DD4}/KOAXOA_D.PPD.NTamd64] to
[x64/3/KOAXOA_D.PPD.NTamd64]: NT_STATUS_OBJECT_NAME_NOT_FOUND
smbd[878]: [2022/07/12 16:05:10.699872, 0]
../../source3/rpc_server/spoolss/srv_spoolss_nt.c:8664(_spoolss_AddPrinterDriverEx)
smbd[878]: _spoolss_AddPrinterDriverEx: move_driver_to_download_area
failed - WERR_APP_INIT_FAILURE
# ls -lah /usr/local/share/printer_drivers/x64/
drwxrwsr-x+ 5 root TEST/domain admins 4.0K Jul 12 16:05 .
drwxrwsr-x+ 11 TEST/domain admins TEST/domain admins 4.0K Jul 7 14:44 ..
drwxrws---+ 2 TEST/lbarone TEST/domain users 4.0K Jul 12 15:40 3
drwxrws---+ 2 TEST/lbarone TEST/domain users 4.0K Jul 12 16:05
{CD3870D5-31DF-48AF-A911-E815D8AF7DD4}
drwxrwsr-x+ 2 root TEST/domain admins 4.0K Jul 7 14:44 PCC
# net rpc rights list privileges SePrintOperatorPrivilege -UAdministrator
Password for [TEST\Administrator]:
SePrintOperatorPrivilege:
BUILTIN\Administrators
TEST\Domain Admins
I re-applied the `chmod -R 2775 /usr/local/share/printer_drivers/`
permissions, and was able to get the driver to copy into the `3` folder,
but I still get the popup to install locally, and failing.
On Thu, Jul 7, 2022 at 11:21 AM Luke Barone <lukebarone at gmail.com>
wrote:
> Hi List,
>
> I'm working on setting up a print server using Samba 4.13.13 for
Debian. I
> have the DC running in another VM, and the print server (PS1) is joined as
> a member server. I have the printers loaded in CUPS, and followed the
> config guide from the Wiki. I have set the Group Policy to trust the FQDN
> of this print server, and to allow the printer to install without UAC
> prompts.
>
> When I browse to \\PS1.example.com, I can see all the printers listed.
> Good! I move on to the Print Management step.
>
> I load up the FQDN of the server, add the driver (a Type 3 x64 Windows 10
> driver, matching my machine), all good. When I go to Properties of the
> Printer, I choose No, go to Advanced, choose the driver, and hit OK.
> Normally, it'd install the driver and I could start configuring it.
What's
> happening now is I get a message "The 'KONICA MINOLTA 368SeriesPCL
SP'
> printer driver is nto installed on this computer. Some printer properties
> will not be accessible unless you install the printer driver. Do you want
> to install the driver now?". If I choose No, I don't get to
configure much
> on the printer - the name and a few other things. If I click Yes, I go
> through the Add Driver wizard, selecting the same driver, installing it,
> then I get the same basic printer properties dialog as if I said No.
>
> I tried the rpcclient commands listed at the bottom of the Print Server
> wiki, and confirmed the driver does show up:
>
> flags:[0x800000]
> name:[\\LOCALHOST\DUCH-Counselling]
> description:[\\LOCALHOST\DUCH-Counselling,KONICA MINOLTA
> 368SeriesPCL SP,Konica Minolta bizhub 308]
> comment:[Konica Minolta bizhub 308]
>
> I am a member of the Domain Admins group while doing this, and verified I
> have the SeDiskOperatorPrivilege and SePrintOperatorPrivilege on the print
> server. What am I missing? (Yes, I rebooted both client and server)
>
> Here is my smb.conf:
>
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
> Server role: ROLE_DOMAIN_MEMBER
>
> # Global parameters
> [global]
> bind interfaces only = Yes
> client signing = required
> disable netbios = Yes
> interfaces = lo enp1s0
> log file = /var/log/samba/%m.log
> realm = DUCH.EXAMPLE.COM
> security = ADS
> server role = member server
> server signing = required
> template homedir = /home/duch/%U
> winbind separator = /
> workgroup = DUCH
> spoolss: architecture = Windows x64
> rpc_daemon:spoolssd = fork
> rpc_server:spoolss = external
> idmap config duch : range = 100000-199999
> idmap config duch : backend = rid
> idmap config * : range = 70000-99999
> idmap config * : backend = tdb
> map acl inherit = Yes
> vfs objects = acl_xattr
>
>
> [printers]
> browseable = No
> path = /var/spool/samba/
> printable = Yes
>
>
> [print$]
> path = /usr/local/share/printer_drivers/
> read only = No
>
Mandi! Luke Barone via samba In chel di` si favelave...> I load up the FQDN of the server, add the driver (a Type 3 x64 Windows 10 > driver, matching my machine), all good. When I go to Properties of the > Printer, I choose No, go to Advanced, choose the driver, and hit OK. > Normally, it'd install the driver and I could start configuring it. What's > happening now is I get a message "The 'KONICA MINOLTA 368SeriesPCL SP' > printer driver is nto installed on this computer. Some printer properties > will not be accessible unless you install the printer driver. Do you want > to install the driver now?". If I choose No, I don't get to configure much > on the printer - the name and a few other things. If I click Yes, I go > through the Add Driver wizard, selecting the same driver, installing it, > then I get the same basic printer properties dialog as if I said No.Afer fighting for years on Konica Minolra drivers, i've simply givenup. Now i've setup some recipe with WPKG that pre-install drivers on local machine; WPKG is a configuration and management system, a sort of ansible for windows. Speaking generally, now i can setup a little horror museum: 1) driver that does not work, apart if you unpack some .CAB inside the driver package 2) driver that load, but enable some 'lockdown' (some brother driver load, but lock down number of copies and color print) 3) driver that does not load directly, but load if you RPCCLIENT-it from a windows box. If i've understand well, some drivers simply expect that ''other'' software is installed server or client side, and so implicitly suppose a windows server. Sometimes it suffices to change driver type; have you tried postscript?! -- Sicuramente non ? necessario essere laureati in economia e commercio per scrivere cazzate, ma aiuta. (MdI)