Le 21/11/2019 ? 15:46, Rowland penny via samba a ?crit?:> On 21/11/2019 14:33, Julien TEHERY via samba wrote: >> Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?: >>> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>>>> Not entirely sure, but why does 'Administrator' own something on a >>>>> Unix machine, it should be 'root'. >>>>> >>>>> Rowland >>>>> >>>>> >>>> Even with root as owner or chmod777 on target directory result in >>>> the same error. >>>> >>>> I also tried to upload it from windows7 64 bits or win10 64 bits >>>> workstation, same result. >>>> >>>> >>>> So i tried with another user account which is domain administrator >>>> and has SePrintOperatorPrivileg. Same result. >>>> >>>> It's becoming very annoying as printing is at the heart of a very >>>> important project for us. >>>> >>>> >>>> >>>> >>> OK, I will try this a different way, what have you done to make >>> Administrator into a normal Unix user ? >>> >>> Is this on a DC or a Unix domain member ? >>> >>> Have you given Administrator a uidNumber attribute ? >>> >>> If it is a Unix domain member, are you using a username map in smb.conf >>> >>> Rowland >> >> It 's on a samb4/cups domain member (not a DC) >> >> The administrator user is the one of the domain, not a local user: >> >> >> id administrator >> >> uid=10500(administrator) gid=10513(domain users) groups=10513(domain >> users),10500(administrator),10518(schema admins),10572(denied rodc >> password replication group),10519(enterprise admins),10520(group >> policy creator owners),10512(domain >> admins),70002(BUILTIN+users),70001(BUILTIN+administrators),744000513(Unix >> Group+domain users),744000520(Unix Group+group policy creator >> owners),744000572(Unix Group+denied rodc password replication >> group),744000518(Unix Group+schema admins),744000519(Unix >> Group+enterprise admins),744000512(Unix Group+domain admins) >> >> >> And in my smb.conf I have no username map, i only have idmapping like: >> >> >> ?? idmap config *:backend = tdb >> ?? idmap config *:range = 70001-80000 >> ?? idmap config MYDOMAIN:backend? = rid >> ?? idmap config MYDOMAIN:range? = 10000-70000 >> >> >> >> > OK, add this line to smb.conf: > > username map = /etc/samba/user.map > > Then create /etc/samba/user.map containing just this: > > !root = MYDOMAIN\Administrator > > Restart Samba > > This will map 'Administrator' to 'root', just like it is on a Samba AD > DC. > > RowlandSame thing with username map.
Le 21/11/2019 ? 16:49, Julien TEHERY via samba a ?crit?:> Le 21/11/2019 ? 15:46, Rowland penny via samba a ?crit?: >> On 21/11/2019 14:33, Julien TEHERY via samba wrote: >>> Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?: >>>> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>>>>> Not entirely sure, but why does 'Administrator' own something on >>>>>> a Unix machine, it should be 'root'. >>>>>> >>>>>> Rowland >>>>>> >>>>>> >>>>> Even with root as owner or chmod777 on target directory result in >>>>> the same error. >>>>> >>>>> I also tried to upload it from windows7 64 bits or win10 64 bits >>>>> workstation, same result. >>>>> >>>>> >>>>> So i tried with another user account which is domain administrator >>>>> and has SePrintOperatorPrivileg. Same result. >>>>> >>>>> It's becoming very annoying as printing is at the heart of a very >>>>> important project for us. >>>>> >>>>> >>>>> >>>>> >>>> OK, I will try this a different way, what have you done to make >>>> Administrator into a normal Unix user ? >>>> >>>> Is this on a DC or a Unix domain member ? >>>> >>>> Have you given Administrator a uidNumber attribute ? >>>> >>>> If it is a Unix domain member, are you using a username map in >>>> smb.conf >>>> >>>> Rowland >>> >>> It 's on a samb4/cups domain member (not a DC) >>> >>> The administrator user is the one of the domain, not a local user: >>> >>> >>> id administrator >>> >>> uid=10500(administrator) gid=10513(domain users) groups=10513(domain >>> users),10500(administrator),10518(schema admins),10572(denied rodc >>> password replication group),10519(enterprise admins),10520(group >>> policy creator owners),10512(domain >>> admins),70002(BUILTIN+users),70001(BUILTIN+administrators),744000513(Unix >>> Group+domain users),744000520(Unix Group+group policy creator >>> owners),744000572(Unix Group+denied rodc password replication >>> group),744000518(Unix Group+schema admins),744000519(Unix >>> Group+enterprise admins),744000512(Unix Group+domain admins) >>> >>> >>> And in my smb.conf I have no username map, i only have idmapping like: >>> >>> >>> ?? idmap config *:backend = tdb >>> ?? idmap config *:range = 70001-80000 >>> ?? idmap config MYDOMAIN:backend? = rid >>> ?? idmap config MYDOMAIN:range? = 10000-70000 >>> >>> >>> >>> >> OK, add this line to smb.conf: >> >> username map = /etc/samba/user.map >> >> Then create /etc/samba/user.map containing just this: >> >> !root = MYDOMAIN\Administrator >> >> Restart Samba >> >> This will map 'Administrator' to 'root', just like it is on a Samba >> AD DC. >> >> Rowland > > Same thing with username map.FYI, I finally succeeded too upload one of the 3 drivers that had problems. I didi it with another user (not? with administrator) which is member of domain admins. I deleted it and tried so many times again to upload it anf it failed with the same error. So we're in a process where sometimes it's working sometimes not and you won't know why. I'm still investigating, upgraded loglevel and saw this : 2019/11/22 14:31:04.146325,? 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) ? Failed to fetch record! [2019/11/22 14:31:25.108720,? 2] ../source3/printing/spoolssd.c:459(spoolss_handle_client) ? Spoolss preforked child 11201 got client connection! [2019/11/22 14:31:25.112839,? 3] ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) ? api_pipe_bind_req: spoolss -> spoolss rpc service [2019/11/22 14:31:25.112897,? 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) ? check_bind_req for spoolss context_id=0 [2019/11/22 14:31:25.112936,? 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) ? check_bind_req: spoolss -> spoolss rpc service [2019/11/22 14:31:25.114898,? 3] ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) ? api_rpcTNP: rpc command: SPOOLSS_ADDPRINTERDRIVEREX [2019/11/22 14:31:25.115252,? 3] ../source3/smbd/vfs.c:113(vfs_init_default) ? Initialising default vfs hooks [2019/11/22 14:31:25.115302,? 3] ../source3/smbd/vfs.c:139(vfs_init_custom) ? Initialising custom vfs hooks from [/[Default VFS]/] [2019/11/22 14:31:25.115329,? 3] ../source3/smbd/vfs.c:139(vfs_init_custom) ? Initialising custom vfs hooks from [acl_xattr] [2019/11/22 14:31:25.121499,? 3] ../lib/util/modules.c:167(load_module_absolute_path) ? load_module_absolute_path: Module '/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded [2019/11/22 14:31:25.121567,? 2] ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) ? connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service print$ [2019/11/22 14:31:25.121861,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/3] [2019/11/22 14:31:25.121920,? 2] ../source3/smbd/open.c:3987(open_directory) ? open_directory: unable to create x64/3. Error was NT_STATUS_OBJECT_NAME_COLLISION [2019/11/22 14:31:25.121995,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/3/DriverInstall_Pre_Vista_1] [2019/11/22 14:31:25.122250,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/{B764A331-6585-4FE6-8C6E-965E027AC30C}/DriverInstall_Pre_Vista_1] [2019/11/22 14:31:25.122414,? 0] ../source3/printing/nt_printing.c:1145(move_driver_file_to_download_area) ? move_driver_file_to_download_area: Unable to rename [x64/{B764A331-6585-4FE6-8C6E-965E027AC30C}/driverinstall_pre_vista_1] to [x64/3/DriverInstall_Pre_Vista_1]: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/11/22 14:31:25.124344,? 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:8612(_spoolss_AddPrinterDriverEx) ? _spoolss_AddPrinterDriverEx: move_driver_to_download_area failed - WERR_ACCESS_DENIED [2019/11/22 14:31:25.126246,? 2] ../source3/rpc_server/rpc_server.c:534(named_pipe_packet_process) ? Fatal error(NT_STATUS_CONNECTION_DISCONNECTED). Terminating client(172.17.172.10) connection! It seems that it tries to recreate /var/lib/samba/printers/x64/3 although it allready exists
> FYI, > > I finally succeeded too upload one of the 3 drivers that had problems. > > I didi it with another user (not? with administrator) which is member > of domain admins. > > I deleted it and tried so many times again to upload it anf it failed > with the same error. > > So we're in a process where sometimes it's working sometimes not and > you won't know why. > > > I'm still investigating, upgraded loglevel and saw this : > > > 2019/11/22 14:31:04.146325,? 1] > ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) > ? Failed to fetch record! > [2019/11/22 14:31:25.108720,? 2] > ../source3/printing/spoolssd.c:459(spoolss_handle_client) > ? Spoolss preforked child 11201 got client connection! > [2019/11/22 14:31:25.112839,? 3] > ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) > ? api_pipe_bind_req: spoolss -> spoolss rpc service > [2019/11/22 14:31:25.112897,? 3] > ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > ? check_bind_req for spoolss context_id=0 > [2019/11/22 14:31:25.112936,? 3] > ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > ? check_bind_req: spoolss -> spoolss rpc service > [2019/11/22 14:31:25.114898,? 3] > ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) > ? api_rpcTNP: rpc command: SPOOLSS_ADDPRINTERDRIVEREX > [2019/11/22 14:31:25.115252,? 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > ? Initialising default vfs hooks > [2019/11/22 14:31:25.115302,? 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > ? Initialising custom vfs hooks from [/[Default VFS]/] > [2019/11/22 14:31:25.115329,? 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > ? Initialising custom vfs hooks from [acl_xattr] > [2019/11/22 14:31:25.121499,? 3] > ../lib/util/modules.c:167(load_module_absolute_path) > ? load_module_absolute_path: Module > '/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded > [2019/11/22 14:31:25.121567,? 2] > ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) > ? connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = > true' and 'force unknown acl user = true' for service print$ > [2019/11/22 14:31:25.121861,? 3] > ../source3/lib/util.c:313(unix_clean_name) > ? unix_clean_name [x64/3] > [2019/11/22 14:31:25.121920,? 2] > ../source3/smbd/open.c:3987(open_directory) > ? open_directory: unable to create x64/3. Error was > NT_STATUS_OBJECT_NAME_COLLISION > [2019/11/22 14:31:25.121995,? 3] > ../source3/lib/util.c:313(unix_clean_name) > ? unix_clean_name [x64/3/DriverInstall_Pre_Vista_1] > [2019/11/22 14:31:25.122250,? 3] > ../source3/lib/util.c:313(unix_clean_name) > ? unix_clean_name > [x64/{B764A331-6585-4FE6-8C6E-965E027AC30C}/DriverInstall_Pre_Vista_1] > [2019/11/22 14:31:25.122414,? 0] > ../source3/printing/nt_printing.c:1145(move_driver_file_to_download_area) > ? move_driver_file_to_download_area: Unable to rename > [x64/{B764A331-6585-4FE6-8C6E-965E027AC30C}/driverinstall_pre_vista_1] > to [x64/3/DriverInstall_Pre_Vista_1]: NT_STATUS_OBJECT_NAME_NOT_FOUND > [2019/11/22 14:31:25.124344,? 0] > ../source3/rpc_server/spoolss/srv_spoolss_nt.c:8612(_spoolss_AddPrinterDriverEx) > ? _spoolss_AddPrinterDriverEx: move_driver_to_download_area failed - > WERR_ACCESS_DENIED > [2019/11/22 14:31:25.126246,? 2] > ../source3/rpc_server/rpc_server.c:534(named_pipe_packet_process) > ? Fatal error(NT_STATUS_CONNECTION_DISCONNECTED). Terminating > client(172.17.172.10) connection! > > > > It seems that it tries to recreate /var/lib/samba/printers/x64/3 > although it allready existsDoing this in CLI via rpclient does exactly the same thing: rpcclient $>? adddriver "Windows x64" xrxC8030:cupsdrvr.dll:xrxC8030.ppd:cupsui.dll:cups.hlp:NULL:RAW:NULL" result was WERR_ACCESS_DENIED ==> log.spoolssd.9 <=[2019/11/22 15:00:55.917157,? 3] ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) ? api_rpcTNP: rpc command: SPOOLSS_ADDPRINTERDRIVER [2019/11/22 15:00:55.917634,? 3] ../source3/smbd/vfs.c:113(vfs_init_default) ? Initialising default vfs hooks [2019/11/22 15:00:55.917776,? 3] ../source3/smbd/vfs.c:139(vfs_init_custom) ? Initialising custom vfs hooks from [/[Default VFS]/] [2019/11/22 15:00:55.917960,? 3] ../source3/smbd/vfs.c:139(vfs_init_custom) ? Initialising custom vfs hooks from [acl_xattr] [2019/11/22 15:00:55.918310,? 2] ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr) ? connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service print$ [2019/11/22 15:00:55.918743,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/3] [2019/11/22 15:00:55.918971,? 2] ../source3/smbd/open.c:3987(open_directory) ? open_directory: unable to create x64/3. Error was NT_STATUS_OBJECT_NAME_COLLISION [2019/11/22 15:00:55.919133,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/3/cupsdrvr.dll] [2019/11/22 15:00:55.919462,? 3] ../source3/lib/util.c:313(unix_clean_name) ? unix_clean_name [x64/cupsdrvr.dll] [2019/11/22 15:00:55.919717,? 0] ../source3/printing/nt_printing.c:1145(move_driver_file_to_download_area) ? move_driver_file_to_download_area: Unable to rename [x64/cupsdrvr.dll] to [x64/3/cupsdrvr.dll]: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/11/22 15:00:55.920019,? 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:8612(_spoolss_AddPrinterDriverEx) ? _spoolss_AddPrinterDriverEx: move_driver_to_download_area failed - WERR_ACCESS_DENIED It seems you allready? had exactly this problem: https://lists.samba.org/archive/samba/2019-April/222366.html I thought it would be possible to do it direclyt from CLI/rpcclient Do you know if there is any other way to make those drivers work even if we can't upload them through MMC ?