Hi Marc,
Am 24.09.2013 23:46, schrieb Marc Muehlfeld:
Am 24.09.2013 09:13, schrieb Thomas Besser:
> Like described here
> (http://geekyprojects.com/ubuntu/getting-windows-printer-drivers-
> from-cups/)
> I enabled 'root' for short and granted the 'SePrintOperator' right
> to a normal account and switched back to security = ads
I'm not sure if I understand this. Did you took the server out of the
domain and temporary downgrade it to a standalone server for granting
the privilege?
Yes.
Can you make sure, that the privilege was granted to a _domain account_?
# net rpc rights list accounts -Uadministrator
Okay, yes and no ;-)
It's a little bit difficult to describe...
We have a special setup in our large institution: we have an ldap and AD
filled from an identity management with all employees separated by OU's.
Thats the reason why I don't have an 'Domain Admin' account, because I
administrate only a small part of it. For our OU my personal account is
getting delegated rights (domain join, GPO, creating AD accounts).
Our samba4 server uses AD for authentication (User & Password exists),
the underlaying linux (NSS & PAM) uses LDAP. Found this here:
https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP
The privileged account 'Admin' is only known in AD (created manually),
not in LDAP. Therefore I created it locally in /etc/passwd on the samba4
server.
That should be the reason, why the process of privileging in standalone
mode worked!?
> Now the next problem arises:
>
> I can now upload the win drivers as described in your howto section
> "Uploading printer drivers for Point'n'Print driver installation"
> successfully. I can also see the files in the samba drivers share.
>
> But I can not associate it with a printer! The dropdown on
> https://wiki.samba.org/index.php/File:Choose_driver.png is empty!
I haven't had this case yet. Just some questions that may help us to
find the cause of your problem:
- Do you connect to to the server as the user you granted the
SePrintOperator permissions to?
Yes
- Is the user you granted the permission to is a domain account?
Yes (and locally created too on linux server). In samba it is shown like
this:
net rpc rights list accounts -U Admin
[...]
Unix User\Admin
SePrintOperatorPrivilege
[...]
- The account you use to associate the driver with a printer is the same
than the one you used for uploading the drivers?
Yes
- Did the driver upload wizzard runs fine? Or any errors or untypical
messages?
Yes, no errors. After that I can see it over 'server properties'. I can
also delete it. Only if I switch to the 'printer properties' the
dropdown is empty. So I can not associate over windows.
- Can you associate the driver on *nix side by using 'rpcclient'? (see
https://wiki.samba.org/index.php/Samba_as_a_print_server#Associating_a_shared_printer_with_a_driver_and_preconfiguring)
Yes.
rpcclient localhost -U Admin -c 'setdriver "printername" "name of
printer driver"'
After that I can see also in windows that the dropdown is not empty any
more.
I uploaded a second driver to test, if I can then switch to the second
one. Result: no, I only see the orginally associated driver.
With 'rpcclient localhost -U Admin -c "enumdrivers" I see both drivers.
- Is the combobox still empty, if you use a domain admin account (grant
the privilege to first)?
I don't have a domain admin account (see our special environment above)
Regards
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba