lperoma at icloud.com
2022-Nov-04 11:52 UTC
[Samba] net rpc rights list SePrintOperatorPrivilege empty
Dear all,
My member server hosts about 12 printers, have been working flawlessly for a
long time, sharing CUPS printers. This machine is also the main file server.
After a couple of days of pain, I managed to reconstruct the server (fileserver)
after stupidly changing from AD to RID idmapping.
The server hosts about 12 printers, have been working flawlessly for a long
time. Now some users are printing as usual, som others can not print.
\\server displays all printers like if nothing had happened. If a domain Admin
(or a user) clicks on one of the printers, you get a ?Windows can not connect to
printer? error.
Checking with Print Management, and printers show like this:
peromarta.org/downloads/printers.png
<http://peromarta.org/downloads/printers.png>
Printers are not displaying names, and when I try right click properties, I get
a ?You do not hace access to this printer, some of the tabs will be missing?.
However, I can display the properties, and even add Domains Admins to security
tab and apply. Still I can?t see names.
Divers folder look like this:
peromarta.org/downloads/drivers.png
<http://peromarta.org/downloads/drivers.png>
Where as before there were populated with the drivers.
(/var/lib/samba/printer_drivers/ is showing the usual driver tree, with drivers
actually there in the x64 folder.)
Relevant part of smb.conf is:
# Printing
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
printing = CUPS
spoolss: architecture = Windows x64
rpcd_spoolss:idle_seconds=30
load printers = yes
[printers]
path = /var/spool/samba/
printable = yes
[print$]
path = /var/lib/samba/printer_drivers/
read only = no
smb.conf has not been tangled with. /var/spool/samba is empty
As I was writing this email, I notice
net rpc rights list SePrintOperatorPrivilege
Shows empty.
If on the server I try
net rpc rights grant "MAD\Domain Admins" SePrintOperatorPrivilege
Enter password:
Successfully granted rights.
It looks okay, but then:
net rpc rights list SePrintOperatorPrivilege
Shows empty again. Assigning privileges from a DC yields the same result - empty
list. This may be the problem? If so I have no idea how to fix it.
Any help much appreciated. All the best, LP