Michael Mol
2014-Feb-11 23:41 UTC
[Samba] Samba 3.9 + AD: Print share permissions difficulties
Trying to print to a printer share on a Samba 3.9 printer server. When I print a test page from a domain administrator account, I get:> The document Print Document, owned by Administrator, failed to print > on printer \\printer-server\SAVIN_SECONDARY. Try to print the document > again, or restart the print spooler. > Data type: RAW. Size of the spool file in bytes: 191277. Number of > bytes printed: 0. Total number of pages in the document: 1. Number of > pages printed: 0. Client computer: \\WINDOWS-SERVER-2. Win32 error > code returned by the print processor: 5. Access is denied.in the event log. For the life of me, I can't figure out why, and I've been working on this, one way or another, for over a week. It's driving me mad... Complete smb.conf follows (minor substitution in workgroup and realm names): [global] workgroup = WINDOWS realm = WINDOWS.EXAMPLE.COM server string = Samba Server Version %v # load printers = yes security = ads local master = no domain master = no preferred master = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true wins server = 10.161.1.32 dns proxy = no idmap config * : backend = autorid idmap config * : range = 16777216-33554431 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind expand groups = 2 winbind refresh tickets = yes winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 template homedir = /home/%D/%U template shell = /bin/bash interfaces = eth0 lo log file = /var/log/samba/log.%m max log size = 50 invalid users = root valid users = administrator write list = administrator client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 [SAVIN_MAIN] print ok = yes writeable = yes printing = cups path = /var/spool/samba comment = SAVIN MAIN (C9135) [SAVIN_SECONDARY] print ok = yes writeable = yes printing = cups path = /var/spool/samba valid users = administrator write list = administrator admin users = administrator comment = SAVIN SECONDARY (C3535) [SAVIN_LARGEFORMAT] print ok = yes writeable = yes printing = cups path = /var/spool/samba comment = SAVIN LARGEFORMAT (2406WD) [homes] comment = Home Directories browseable = no writable = yes force create mode = 0004 force directory mode = 0005 root preexec = /var/lib/samba/scripts/mkuserdir %u valid users = %S ... For the curious, yes, the homes shares work fine. net rpc rights list accounts -Uadministrator : BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemtimePrivilege SeShutdownPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeSystemProfilePrivilege SeProfileSingleProcessPrivilege SeIncreaseBasePriorityPrivilege SeLoadDriverPrivilege SeCreatePagefilePrivilege SeIncreaseQuotaPrivilege SeChangeNotifyPrivilege SeUndockPrivilege SeManageVolumePrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege Everyone No privileges assigned WINDOWS\Domain Admins SePrintOperatorPrivilege net sam rights list SePrintOperatorPrivilege -Uadministrator: BUILTIN\Administrators WINDOWS\Domain Admins -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20140211/7c8bbf98/attachment.pgp>
Possibly Parallel Threads
Wisdom of the Ancients
