Gerald (Jerry)CarterSamba Teamjerry@samba.org (3 May 2001) Printing Support in Samba 2.2.xIntroductionBeginning with the 2.2.0 release, Samba supports
the native Windows NT printing mechanisms implemented via
MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of
Samba only supported LanMan printing calls.The additional functionality provided by the new
SPOOLSS support includes:Support for downloading printer driver
files to Windows 95/98/NT/2000 clients upon demand.
Uploading of printer drivers via the
Windows NT Add Printer Wizard (APW) or the
Imprints tool set (refer to http://imprints.sourceforge.net).
Support for the native MS-RPC printing
calls such as StartDocPrinter, EnumJobs(), etc... (See
the MSDN documentation at http://msdn.microsoft.com/
for more information on the Win32 printing API)
Support for NT Access Control Lists (ACL)
on printer objectsImproved support for printer queue manipulation
through the use of an internal databases for spooled job
information
There has been some initial confusion about what all this means
and whether or not it is a requirement for printer drivers to be
installed on a Samba host in order to support printing from Windows
clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients
require that the Samba server possess a valid driver for the printer.
This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
can use the local APW for installing drivers to be used with a Samba
served printer. This is the same behavior exhibited by Windows 9x clients.
As a side note, Samba does not use these drivers in any way to process
spooled files. They are utilized entirely by the clients.
The following MS KB article, may be of some help if you are dealing with
Windows 2000 clients: How to Add Printers with No User
Interaction in Windows 2000http://support.microsoft.com/support/kb/articles/Q189/1/05.ASPConfiguration[print$] vs. [printer$]
Previous versions of Samba recommended using a share named [printer$].
This name was taken from the printer$ service created by Windows 9x
clients when a printer was shared. Windows 9x printer servers always have
a printer$ service which provides read-only access via no
password in order to support printer driver downloads.
However, the initial implementation allowed for a
parameter named printer driver location
to be used on a per share basis to specify the location of
the driver files associated with that printer. Another
parameter named printer driver provided
a means of defining the printer driver name to be sent to
the client.
These parameters, including printer driver
file parameter, are being deprecated and should not
be used in new installations. For more information on this change,
you should refer to the Migration section
of this document.
Creating [print$]
In order to support the uploading of printer driver
files, you must first configure a file share named [print$].
The name of this share is hard coded in Samba's internals so
the name is very important (print$ is the service used by
Windows NT print servers to provide support for printer driver
download).
You should modify the server's smb.conf file to add the global
parameters and to create the
following file share (of course, some of the parameter values,
such as 'path' are arbitrary and should be replaced with
appropriate values for your site):
[global]
; members of the ntadmin group should be able
; to add drivers and set printer properties
; root is implicitly a 'printer admin'
printer admin = @ntadmin
[print$]
path = /usr/local/samba/printers
guest ok = yes
browseable = yes
read only = yes
; since this share is configured as read only, then we need
; a 'write list'. Check the file system permissions to make
; sure this account can copy files to the share. If this
; is setup to a non-root account, then it should also exist
; as a 'printer admin'
write list = @ntadmin,root
The
write list is used to allow administrative
level user accounts to have write access in order to update files
on the share. See the smb.conf(5)
man page for more information on configuring file shares.The requirement for guest
ok = yes depends upon how your
site is configured. If users will be guaranteed to have
an account on the Samba host, then this is a non-issue.Author's Note
The non-issue is that if all your Windows NT users are guaranteed to be
authenticated by the Samba server (such as a domain member server and the NT
user has already been validated by the Domain Controller in
order to logon to the Windows NT console), then guest access
is not necessary. Of course, in a workgroup environment where
you just want to be able to print without worrying about
silly accounts and security, then configure the share for
guest access. You'll probably want to add map to guest = Bad User
in the [global] section as well. Make sure
you understand what this parameter does before using it
though. --jerry
In order for a Windows NT print server to support
the downloading of driver files by multiple client architectures,
it must create subdirectories within the [print$] service
which correspond to each of the supported client architectures.
Samba follows this model as well.Next create the directory tree below the [print$] share
for each architecture you wish to support.
[print$]-----
|-W32X86 ; "Windows NT x86"
|-WIN40 ; "Windows 95/98"
|-W32ALPHA ; "Windows NT Alpha_AXP"
|-W32MIPS ; "Windows NT R4000"
|-W32PPC ; "Windows NT PowerPC"
ATTENTION! REQUIRED PERMISSIONS
In order to currently add a new driver to you Samba host,
one of two conditions must hold true:
The account used to connect to the Samba host
must have a uid of 0 (i.e. a root account)The account used to connect to the Samba host
must be a member of the printer
admin list.
Of course, the connected account must still possess access
to add files to the subdirectories beneath [print$]. Remember
that all file shares are set to 'read only' by default.
Once you have created the required [print$] service and
associated subdirectories, simply log onto the Samba server using
a root (or printer admin) account
from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or
"My Network Places" and browse for the Samba host. Once you have located
the server, navigate to the "Printers..." folder.
You should see an initial listing of printers
that matches the printer shares defined on your Samba host.
Setting Drivers for Existing PrintersThe initial listing of printers in the Samba host's
Printers folder will have no real printer driver assigned
to them. By default, in Samba 2.2.0 this driver name was set to
NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER.
Later versions changed this to a NULL string to allow the use
tof the local Add Printer Wizard on NT/2000 clients.
Attempting to view the printer properties for a printer
which has this default driver assigned will result in
the error message:Device settings cannot be displayed. The driver
for the specified printer is not installed, only spooler
properties will be displayed. Do you want to install the
driver now?
Click "No" in the error dialog and you will be presented with
the printer properties window. The way to assign a driver to a
printer is to either
Use the "New Driver..." button to install
a new printer driver, orSelect a driver from the popup list of
installed drivers. Initially this list will be empty.If you wish to install printer drivers for client
operating systems other than "Windows NT x86", you will need
to use the "Sharing" tab of the printer properties dialog.Assuming you have connected with a root account, you
will also be able modify other printer properties such as
ACLs and device settings using this dialog box.A few closing comments for this section, it is possible
on a Windows NT print server to have printers
listed in the Printers folder which are not shared. Samba does
not make this distinction. By definition, the only printers of
which Samba is aware are those which are specified as shares in
smb.conf.Another interesting side note is that Windows NT clients do
not use the SMB printer share, but rather can print directly
to any printer on another Windows NT host using MS-RPC. This
of course assumes that the printing client has the necessary
privileges on the remote host serving the printer. The default
permissions assigned by Windows NT to a printer gives the "Print"
permissions to the "Everyone" well-known group.
Support a large number of printersOne issue that has arisen during the development
phase of Samba 2.2 is the need to support driver downloads for
100's of printers. Using the Windows NT APW is somewhat
awkward to say the list. If more than one printer are using the
same driver, the rpcclient's
setdriver command can be used to set the driver
associated with an installed driver. The following is example
of how this could be accomplished:$ rpcclient pogo -U root%secret -c "enumdrivers"
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
[Windows NT x86]
Printer Driver Info 1:
Driver Name: [HP LaserJet 4000 Series PS]
Printer Driver Info 1:
Driver Name: [HP LaserJet 2100 Series PS]
Printer Driver Info 1:
Driver Name: [HP LaserJet 4Si/4SiMX PS]
$ rpcclient pogo -U root%secret -c "enumprinters"
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
flags:[0x800000]
name:[\\POGO\hp-print]
description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
comment:[]
$ rpcclient pogo -U root%secret \
> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
Successfully set hp-print to driver HP LaserJet 4000 Series PS.
Adding New Printers via the Windows NT APW
By default, Samba offers all printer shares defined in smb.conf
in the "Printers..." folder. Also existing in this folder is the Windows NT
Add Printer Wizard icon. The APW will be show only if
The connected user is able to successfully
execute an OpenPrinterEx(\\server) with administrative
privileges (i.e. root or printer admin).
show
add printer wizard = yes (the default).
In order to be able to use the APW to successfully add a printer to a Samba
server, the add
printer command must have a defined value. The program
hook must successfully add the printer to the system (i.e.
/etc/printcap or appropriate files) and
smb.conf if necessary.
When using the APW from a client, if the named printer share does
not exist, smbd will execute the add printer
command and reparse to the smb.conf
to attempt to locate the new printer share. If the share is still not defined,
an error of "Access Denied" is returned to the client. Note that the
add printer program is executed under the context
of the connected user, not necessarily a root account.
There is a complementary delete
printer command for removing entries from the "Printers..."
folder.
The following is an example add printer command script. It adds the appropriate entries to /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.
#!/bin/sh
# Script to insert a new printer entry into printcap.local
#
# $1, printer name, used as the descriptive name
# $2, share name, used as the printer name for Linux
# $3, port name
# $4, driver name
# $5, location, used for the device file of the printer
# $6, win9x location
#
# Make sure we use the location that RedHat uses for local printer defs
PRINTCAP=/etc/printcap.local
DATE=`date +%Y%m%d-%H%M%S`
LP=lp
RESTART="service lpd restart"
# Keep a copy
cp $PRINTCAP $PRINTCAP.$DATE
# Add the printer to $PRINTCAP
echo "" >> $PRINTCAP
echo "$2|$1:\\" >> $PRINTCAP
echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP
echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP
echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP
touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
mkdir /var/spool/lpd/$2
chmod 700 /var/spool/lpd/$2
chown $LP /var/spool/lpd/$2
#echo $1 >> "/usr/local/samba/var/print/$5.prn"
#echo $2 >> "/usr/local/samba/var/print/$5.prn"
#echo $3 >> "/usr/local/samba/var/print/$5.prn"
#echo $4 >> "/usr/local/samba/var/print/$5.prn"
#echo $5 >> "/usr/local/samba/var/print/$5.prn"
#echo $6 >> "/usr/local/samba/var/print/$5.prn"
$RESTART >> "/usr/local/samba/var/print/$5.prn"
# Not sure if this is needed
touch /usr/local/samba/lib/smb.conf
#
# You need to return a value, but I am not sure what it means.
#
echo "Done"
exit 0
Samba and Printer Ports
Windows NT/2000 print servers associate a port with each printer. These normally
take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the
concept of ports associated with a printer. By default, only one printer port,
named "Samba Printer Port", exists on a system. Samba does not really a port in
order to print, rather it is a requirement of Windows clients.
Note that Samba does not support the concept of "Printer Pooling" internally
either. This is when a logical printer is assigned to multiple ports as
a form of load balancing or fail over.
If you require that multiple ports be defined for some reason,
smb.conf possesses a enumports
command which can be used to define an external program
that generates a listing of ports on a system.
The Imprints ToolsetThe Imprints tool set provides a UNIX equivalent of the
Windows NT Add Printer Wizard. For complete information, please
refer to the Imprints web site at
http://imprints.sourceforge.net/ as well as the documentation
included with the imprints source distribution. This section will
only provide a brief introduction to the features of Imprints.What is Imprints?Imprints is a collection of tools for supporting the goals
ofProviding a central repository information
regarding Windows NT and 95/98 printer driver packagesProviding the tools necessary for creating
the Imprints printer driver packages.Providing an installation client which
will obtain and install printer drivers on remote Samba
and Windows NT 4 print servers.Creating Printer Driver PackagesThe process of creating printer driver packages is beyond
the scope of this document (refer to Imprints.txt also included
with the Samba distribution for more information). In short,
an Imprints driver package is a gzipped tarball containing the
driver files, related INF files, and a control file needed by the
installation client.The Imprints serverThe Imprints server is really a database server that
may be queried via standard HTTP mechanisms. Each printer
entry in the database has an associated URL for the actual
downloading of the package. Each package is digitally signed
via GnuPG which can be used to verify that package downloaded
is actually the one referred in the Imprints database. It is
not recommended that this security check
be disabled.The Installation ClientMore information regarding the Imprints installation client
is available in the Imprints-Client-HOWTO.ps
file included with the imprints source package.The Imprints installation client comes in two forms.a set of command line Perl scriptsa GTK+ based graphical interface to
the command line perl scriptsThe installation client (in both forms) provides a means
of querying the Imprints database server for a matching
list of known printer model names as well as a means to
download and install the drivers on remote Samba and Windows
NT print servers.The basic installation process is in four steps and
perl code is wrapped around smbclient
and rpcclient.
foreach (supported architecture for a given driver)
{
1. rpcclient: Get the appropriate upload directory
on the remote server
2. smbclient: Upload the driver files
3. rpcclient: Issues an AddPrinterDriver() MS-RPC
}
4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually
create the printer
One of the problems encountered when implementing
the Imprints tool set was the name space issues between
various supported client architectures. For example, Windows
NT includes a driver named "Apple LaserWriter II NTX v51.8"
and Windows 95 calls its version of this driver "Apple
LaserWriter II NTX"The problem is how to know what client drivers have
been uploaded for a printer. As astute reader will remember
that the Windows NT Printer Properties dialog only includes
space for one printer driver name. A quick look in the
Windows NT 4.0 system registry atHKLM\System\CurrentControlSet\Control\Print\Environment
will reveal that Windows NT always uses the NT driver
name. This is ok as Windows NT always requires that at least
the Windows NT version of the printer driver is present.
However, Samba does not have the requirement internally.
Therefore, how can you use the NT driver name if is has not
already been installed?The way of sidestepping this limitation is to require
that all Imprints printer driver packages include both the Intel
Windows NT and 95/98 printer drivers and that NT driver is
installed first.Migration to from Samba 2.0.x to 2.2.x
Given that printer driver management has changed (we hope improved) in
2.2 over prior releases, migration from an existing setup to 2.2 can
follow several paths. Here are the possible scenarios for
migration:
If you do not desire the new Windows NT
print driver support, nothing needs to be done.
All existing parameters work the same.If you want to take advantage of NT printer
driver support but do not want to migrate the
9x drivers to the new setup, the leave the existing
printers.def file. When smbd attempts
to locate a
9x driver for the printer in the TDB and fails it
will drop down to using the printers.def (and all
associated parameters). The make_printerdef
tool will also remain for backwards compatibility but will
be removed in the next major release.If you install a Windows 9x driver for a printer
on your Samba host (in the printing TDB), this information will
take precedence and the three old printing parameters
will be ignored (including print driver location).If you want to migrate an existing printers.def
file into the new setup, the current only solution is to use the Windows
NT APW to install the NT drivers and the 9x drivers. This can be scripted
using smbclient and rpcclient. See the
Imprints installation client at http://imprints.sourceforge.net/
for an example.
Achtung!
The following smb.conf parameters are considered to
be deprecated and will be removed soon. Do not use them in new
installations
printer driver file (G)printer driver (S)printer driver location (S)
The have been two new parameters add in Samba 2.2.2 to for
better support of Samba 2.0.x backwards capability (disable
spoolss) and for using local printers drivers on Windows
NT/2000 clients (use client driver). Both of
these options are described in the smb.coinf(5) man page and are
disabled by default.