First Last Prev Next    This bug is not in your last search results.
Bug 54156 - 96univention-samba4.inst grant SePrintOperatorPrivilege
96univention-samba4.inst grant SePrintOperatorPrivilege
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Arvid Requate
Julia Bremer
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-26 12:21 CET by Andreas Peichert
Modified: 2023-01-18 18:46 CET (History)
10 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2022020321000277, 2022012621000315, 2021112421000221, 2022021521000398
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Peichert univentionstaff 2021-11-26 12:21:14 CET 
We should consider granting the privilege for printer drivers so that users can upload and preconfigure printer drivers for samba4/role=DC.

While univention-samba/26univention-samba.inst does that in L342-243 for older versions of Samba, but for current Samba installations univention-samba4/96univention-samba4.inst does not grant SePrintOperatorPrivilege

	# set default printer permissions
	net rpc rights -U"$samba_account"%"$samba_pwd" grant Printer-Admins SePrintOperatorPrivilege
	net rpc rights -U"$samba_account"%"$samba_pwd" grant Administrator SePrintOperatorPrivilege

A customer reported that adding these rights for UCS4, successfully resolved the problem described in the forum:
https://help.univention.com/t/problem-with-my-newest-windows-client-i-cant-upload-printerdrivers/18889

See also:
https://docs.software-univention.de/handbuch-4.4.html#print-services:winclients
https://wiki.samba.org/index.php/Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients
Comment 1 Andreas Peichert univentionstaff 2022-02-10 12:47:22 CET 
Workaround for Administrator user:

Check current situation about the SePrintOperatorPrivilege flag

# net rpc rights -U"$(hostname -d)\Administrator" list privileges SePrintOperatorPrivilege

Manually set SePrintOperatorPrivilege

# net rpc rights -U"$(hostname -d)\Administrator" grant "$(hostname -d)\Administrator" SePrintOperatorPrivilege
Comment 6 Lukas Rettler univentionstaff 2022-11-21 09:57:42 CET 
Gilt für UCS 4.4 und UCS 5.0
Comment 8 Arvid Requate univentionstaff 2023-01-16 17:48:07 CET 
232f5a9185 | Grant SePrintOperatorPrivilege to Administrator and Printer-Admins

Package: univention-samba4                                                                                                                                                     
Version: 9.0.8-10A~5.0.0.202301161733                                                                                                 
Branch: ucs_5.0-0                                                                                                                                       
Scope: errata5.0-2
Comment 9 Julia Bremer univentionstaff 2023-01-18 15:39:53 CET 
OK: Administrator gets printer privilege
OK: Domain Admins get printer privilege
OK: YAML
OK: Package update/install
Verified
First Last Prev Next    This bug is not in your last search results.