I'm running two SAMBA4 Active Directory Domain Controllers, they are both members of the domain, however I am strictly working on just the first controller for printing at this time. I've followed the guide at : https://wiki.samba.org/index.php/Samba_as_a_print_server I'm using a Windows 7 64bit system to upload the drivers. On the Windows 7 side I get the error "Unable to install HP Universal Printing PS, Type 3 - User Mode, x86 driver. Operation could not be completed (error 0x0000001f)." On the domain controller end, watching log.smbd I get this output: " [2013/08/15 14:31:12.106701, 0] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:8266(_spoolss_AddPrinterDriverEx) _spoolss_AddPrinterDriverEx: level 8 not yet implemented [2013/08/15 14:31:12.113547, 0] ../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect) samdb_connect failed [2013/08/15 14:31:12.113965, 0] ../source3/smbd/msdfs.c:338(create_conn_struct) VFS connect failed! [2013/08/15 14:31:12.114373, 0] ../source3/printing/nt_printing.c:628(get_correct_cversion) get_correct_cversion: create_conn_struct returned NT_STATUS_UNSUCCESSFUL " I am working with a "Ricoh Aficio 3025" and a "HP Color LaserJet CM1312nfi MFP". I have tried multiple different driver sets, PCL6/5e +/- universal, Post Script, x86 and x64. None seem to work. The folders for the drivers on the domain controller have been enumerated as outlined in the above guide. I also applied 777 permissions strictly for testing purposes.
In order to access files in the member server, it is a must for me to assign UID to administrator and its group Domain Admin with another GID. However, I discover, when adding print driver following the Samba 4 Printing how-to, there is always an error of 0x0000001f error. After digging in the log level 10, the print driver upload involves access to a LDB file situated in /usr/local/samba/private/sam.ldb.d. The user should be Administrator (as I login as administration in windows client). Through mapping uid and gid through rfc2307, the effective uid is 6000 and its gid is 3085. This in turn create problem in access the directory and cannot edit the LDB file. This cause failure in adding print driver. Now, there is no other bug but do a dirty fix: chmod 755 /usr/local/samba/private/sam.ldb.d The relevant log: [2013/11/19 12:00:05.530215, 2, pid=13968, effective(6000, 3085), real(6000, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: ltdb: tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb): tdb_open_ex: could not open file /usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb: Permission denied [2013/11/19 12:00:05.530236, 10, pid=13968, effective(6000, 3085), real(6000, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: ldb_asprintf/set_errstring: Unable to open tdb '/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb' [2013/11/19 12:00:05.530248, 1, pid=13968, effective(6000, 3085), real(6000, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: Unable to open tdb '/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb' [2013/11/19 12:00:05.530260, 1, pid=13968, effective(6000, 3085), real(6000, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: Failed to connect to '/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb' with backend 'tdb': Unable to open tdb '/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb' [2013/11/19 12:00:05.530281, 0, pid=13968, effective(6000, 3085), real(6000, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug) ldb: module partition initialization failed : Operations error
closing, turned out to be a idmap issue on the AD DC (which is also the print server here - the golden rule is: a DC is a DC and nothing else, don't make it a print server or so, not with Windows, not with Samba)