Web lists-archives.com

Re: [Samba] access DENIED for non-printserver bits


The "Access denied" happens before the installation would

have started.

Ok so a mis configuration somewere.

Probably. Question is where?

( tested with samba 4.4.x 4.5.x 4.6.x on debian jessie with cups and point and print setup.)

I'm now running 4.6.x on Solaris with SYSV printing (with some modifications).

Like :

Share rights

Looks ok to me. If I connect to the share I have full access (read/write)

File/folder rights

On the Solaris side the whole directory structure, for the print$ share,
is owned byt the domain admin user.

SePrivilege rights

Looks like this (changed usernames and IP-numbers):

user@server% net rpc rights list -U "MY-DOM\domainadmin"
Enter MY-DOM\domainadmin's password:
    SeMachineAccountPrivilege  Add machines to domain
     SeTakeOwnershipPrivilege  Take ownership of files or other objects
            SeBackupPrivilege  Back up files and directories
           SeRestorePrivilege  Restore files and directories
    SeRemoteShutdownPrivilege  Force shutdown from a remote system
     SePrintOperatorPrivilege  Manage printers
          SeAddUsersPrivilege  Add users and groups to the domain
      SeDiskOperatorPrivilege  Manage disk shares
          SeSecurityPrivilege  System security

My smb.conf printer parts:

       printing = sysv
       printcap name = /var/conf/Samba/printcap
#       printer admin = domainadmin

       comment = Skrivardrivrutiner
       path = /var/conf/Samba/print
       browseable = yes
       read only = no             # tested different combinations yes/no
#       write list = domainadmin   # with/without write list
       acl_xattr:ignore system acl = yes # made no difference

       comment = Skrivare
       allow hosts =
       path = /var/spool/Samba
       printable = yes
       read only = yes
       browsable = no
       acl_xattr:ignore system acl = yes  # made no difference
       lpq command = /usr/bin/lpstat %p
       print command = /opt/sbin/smbprint %p %s %J


Done that (see above)



goto : Setting up the [print$] Share

Using Windows ACLs:

Apply that part.

I'm unable to check this right now. Since I have updated W10 to 1607
and Samba from 4.4.x to 4.6.x I have run into some other problems. Time
has run out today so I will have to take a look at that on monday.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba