User Tools

Site Tools


print_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

print_server [2015/06/29 12:10] (current)
Line 1: Line 1:
 +** Samba as a Print Server **
  
 +====== Introduction ======
 +
 +This HowTo will provide you an easy guide to setup Samba to act as a Windows print server including Point'​n'​Click printer driver installation for users.
 +
 +**// This HowTo is valid for Samba 3 and 4 print server installations //**.
 +
 +
 +====== Some definitions ======
 +
 +  * ** Printer share **: Each printer is shared by a name. During the printing process, the client sends the printjob to it.
 +  * ** Print server backend **: Samba can use e. g. CUPS, LPD/Lprng and other as backend. The print server forwards the job to local or network printers.
 +  * ** Windows printer driver **: A piece of software, that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values.
 +
 +  * ** Point'​n'​Print **: Windows 2000 and later support the abillity to automatically download and install drivers from the server including preconfiguring,​ when connecting a printer. The installation can be done by ordinary users, without special permissions.
 +
 +  * ** Printer forms **: Windows is already shipped with an amount of forms, that define the typical paper sizes. If a formular isn't known to the print server, the client could not use this, altought the printer is able to do it.
 +
 +
 +====== Driver models ======
 +----
 +
 +Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 8).
 +
 +Currently not supported by Samba: [[http://​msdn.microsoft.com/​en-us/​library/​windows/​hardware/​hh706306%28v=vs.85%29.aspx|Printer driver version 4]] (Windows 8).
 +
 +
 +====== Print server backend ======
 +----
 +
 +The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba.
 +
 +The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver.
 +
 +We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next.
 +
 +===== CUPS =====
 +----
 +
 +[[http://​www.cups.org/​|CUPS]] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.
 +
 +Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client.
 +
 +==== Adding a new printer ====
 +
 +  * Open the CUPS admin webfrontend (https://​servername:​631/​admin).
 +  * On the "​Administration"​ tab click the "Add Printer"​ button.
 +  * Choose the way, how your printer is connected and enter the appropriate URL. Examples:
 +
 +<​code>​
 + # LPD protocol
 + ​lpd://​hostname/​queue
 +
 + # Internet Printing Protocol
 + ​ipp://​hostname/​ipp/​port
 +
 + # Forwarding the jobs to a Windows print server.
 + # Hint: Vista and higher, don't allow anonymous connects by default,
 + # so you must provide a username and  password.
 + ​smb://​username:​password@domain/​servername/​printername
 +</​code>​
 +
 +  * Enter a name for the printer.
 +  * When you reached the step, where to choose the vendor and model, choose "​Raw"​ for both, because the rendering is already done later by the Windows driver.
 +  * Save the new added printer.
 +
 +===== LPD =====
 +----
 +
 +This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used [[http://​www.lprng.org/​|LPRng]].
 +
 +==== Adding a new printer ====
 +
 +  * To add a new network printer, you simply need to add the following line to your '​printcap'​ (typically '/​etc/​printcap'​). For the different options used in the example, see 'man printcap'​.
 +
 +<​code>​
 + ​PRINTERNAME:​sd=/​path/​to/​spool/​directory:​sh:​mx=0:​mc=0:​rm=IP_or_DNS_Name
 +</​code>​
 +
 +  * After adding the new printer entry, run the following command to create the LPD spool directory and restart/​reload the service, to take the changes affect.
 +
 +<​code>​
 + # checkpc -f
 + # service lpd restart
 +</​code>​
 +
 +  * The following command allows you query the state of the printer:
 +
 +<​code>​
 + # lpq -P PRINTERNAME
 + ​Printer:​ PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name)
 +  Queue: no printable jobs in queue
 + Ready
 +
 + no entries
 +</​code>​
 +
 +
 +====== Configuring Samba as print server ======
 +----
 +
 +===== General =====
 +----
 +
 +==== Granting print operator privileges ====
 +
 +Users or groups, who should be able to administrate printers on your server, have to be granted the "​SePrintOperatorPrivilege"​ privilege. This is required on member servers, as they have their own, local SAM database. It is recommended,​ to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC.
 +
 +The following example grants the privilege to the domain group "​Domain Admins":​
 +
 +<​code>​
 + # net rpc rights grant '​SAMDOM\Domain Admins'​ SePrintOperatorPrivilege -Uadministrator
 +</​code>​
 +
 +Existing privileges you can reviewed by:
 +
 +<​code>​
 + # net rpc rights list accounts -Uadministrator
 +</​code>​
 +
 +==== Setup the [printers] share ====
 +
 +This share defines general information about your printing backend. See the "​[printers]"​ section in the man page for additional information.
 +
 +  * Add the new section to your smb.conf:
 +
 +<​code>​
 + ​[printers]
 +     path = /​var/​spool/​samba
 +     ​printable = yes
 +     ​printing = CUPS|LPRNG|...
 +</​code>​
 +
 +  * If you choose CUPS as backend, make sure, that your smbd is compiled with CUPS support:
 +
 +<​code>​
 + # smbd -b | grep CUPS
 +    HAVE_CUPS_CUPS_H
 +    HAVE_CUPS_LANGUAGE_H
 +    HAVE_CUPS
 +    HAVE_LIBCUPS
 +</​code>​
 +
 +If you don't get any output, make sure, that the CUPS header files and libraries are installed and recompile Samba with --with-cups.
 +
 +  * The next step is to create the samba spool directory, defined in the "​[printer]"​ share. Set the appropriate permissions,​ depending to your needs.
 +
 +<​code>​
 + # mkdir -p /​var/​spool/​samba/​
 + # chmod 1777 /​var/​spool/​samba/​
 +</​code>​
 +
 +
 +==== Setup the [print$] share ====
 +
 +To enable Point'​n'​Print support, a share named "​print$"​ must exist. This share name is hardcoded in Windows clients and can't be choosen.
 +
 +  * Add the share to your smb.conf
 +
 +<​code>​
 + ​[print$]
 +     path = /​srv/​samba/​Printer_drivers
 +     ​comment = Printer Drivers
 +     ​writeable = yes
 +</​code>​
 +
 +  *  Create the folder, that will contain the drivers later:
 +
 +<​code>​
 + # mkdir -p /​srv/​samba/​Printer_drivers/​
 +</​code>​
 +
 +  * Next we create the required directory structure for the print$ share (newer versions of Samba will create it on the fly):
 +
 +<​code>​
 + ​BASEDIR=/​srv/​samba/​Printer_drivers
 + for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/​{2,​3} WIN40 x64; do
 +     mkdir -p $BASEDIR/​$i;​
 + done
 +</​code>​
 +
 +  * At last, set the permissions. It is recommended that normal users have just read-only access to the share, while the group you have granted print operator privileges to, has write permissions to upload printer drivers. The following examples are granting write permissions to the "​Domain Admins"​ group. Example for Samba 3.x:
 +
 +<​code>​
 + # chgrp -R "​SAMDOM\Domain Admins"​ /​srv/​samba/​Printer_drivers/​
 + # chmod -R 2755 /​srv/​samba/​Printer_drivers/​
 +</​code>​
 +
 +If you're running Samba 4.x, you can set the ACLs on the print$ share, throught Windows. Your benefit would be, that you can use the full Windows ACLs. Have a look at the [[setup_config_file_shares|Setup and configure file shares]] HowTo. It describes detailed the process, how to set permissions. The suggested filesystem permissions for the print$ share are:
 +
 +  * Creator Owner: Full control (Subfolders and files only).
 +  * Authenticated Users: Read & execute, List folder contents, Read (This folder, subfolders and files).
 +  * System: Full control (This folder, subfolders and files).
 +  * Domain Admins: Full control (This folder, subfolders and files).
 +
 +===== Sharing a printer with Samba =====
 +----
 +
 +  * For each printer you want to share via Samba, you have to create a separate share (unless you have "load printers = yes" defined in your smb.conf). The following is an example:
 +
 +<​code>​
 + ​[MyDemoPrinter]
 +     path = /​var/​spool/​samba/​
 +     ​browseable = yes
 +     ​printable = yes
 +     ​printer name = Printername_in_backend
 +</​code>​
 +
 +  * Set the "​printer name" parameter to the name of your corresponding CUPS/​LPD/​... queue.
 +  * To bring the changes live, reload the Samba configuration:​
 +
 +<​code>​
 + # smbcontrol all reload-config
 +</​code>​
 +
 +
 +====== FAQ ======
 +----
 +
 +===== An uploaded driver is not shown in the list, when trying to associate it with a printer =====
 +----
 +
 +Windows clients only permit associating a driver with a printer, when the uploaded driver matches the architecture reported by the spoolss server. Samba reports "​Windows NT x86" by default.
 +
 +This causes, that when you had uploaded just a 64-bit driver, you won't see it in the list, when you try to associate it with the printer it's "​advanced"​ tab.
 +
 +There are three ways to workaround:
 +
 +  * Set the following (undocumented) parameter in your [global] section of your smb.conf, to make spoolss announce itself as x64 architecture:​
 +
 +<​code>​
 + ​spoolss:​ architecture = Windows x64
 +</​code>​
 +
 +  * Assign the driver with rpcclient.
 +  * Additionally upload a x86 version of the driver with exactly the same name.
 +
 +=====  Point'​n'​ Print doesn'​t deliver the drivers on all architectures =====
 +----
 +
 +Make sure that you have uploaded exactly the same driver for that printer for all architectures. E. g. "HP Universal Printing PS" for x86 and "HP Universal Printing PS (v5.5.0)"​ for x64 wouldn'​t match, even if they are shipped in the same driver package!
print_server.txt ยท Last modified: 2015/06/29 12:10 (external edit)