Univention Bugzilla – Bug 37864
Members of group "printer-admins" cannot upload printer drivers
Last modified: 2019-06-11 21:49:22 CEST
Ticket #2015010921000254 reports an access problem for members of the printer-admins" group when uploading printer drivers from a windows client. Looks like something tries to access files below /var/lib/samba/private/sam.ldb.d/, maybe that's triggered automatically, unspecific of the driver upload: ======================================================================== - Next, the driver files are being copied to the Univention server, but the installation fails with the following error: Operation could not be completed (error 0x0000001f). See the attached screenshot - In /var/log/samba/log.smbd I find the following errors: log.smbd: ldb: ltdb: tdb(/var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb: Permission denied log.smbd: ldb: Unable to open tdb '/var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb' log.smbd: ldb: Failed to connect to '/var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb' log.smbd: ldb: Unable to load modules for /var/lib/samba/private/sam.ldb: Unable to open tdb '/var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb' - When I log in as user DOMAIN\Administrator I am able to install printer drivers. - Changing the access rights to /var/lib/samba/private/sam.ldb.d (0777) and /var/lib/samba/private/sam.ldb.d/DC=FOO,DC=TEST.ldb (0666) also allows me to install the driver. ======================================================================== Note that "printer-admins" is a special UCS-only group name which is mapped to the Windows group "Print Operators". This might play into this when looking for a solution.
Changing the access rights to the directory /var/lib/samba/private/sam.ldb.d or files inside this directory is NOT a solution. I merely tried this to see whether it would allow me to install the drivers. Either change the documentation for UCS to specify that only DOMAIN\Administrator can upload printer drivers, or change the access rights/group of the directory /var/lib/samba/private/sam.ldb.d and files inside it.
*** This bug has been marked as a duplicate of bug 41849 ***