&author.jerry; PatrickPowell

papowell@lprng.org

(3 May 2001) Beginning with the 2.2.0 release, Samba supports the native Windows NT printing mechanisms implemented via MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of Samba only supported LanMan printing calls. The additional functionality provided by the new SPOOLSS support includes: Support for downloading printer driver files to Windows 95/98/NT/2000 clients upon demand. Uploading of printer drivers via the Windows NT Add Printer Wizard (APW) or the Imprints tool set (refer to http://imprints.sourceforge.net). Support for the native MS-RPC printing calls such as StartDocPrinter, EnumJobs(), etc... (See the MSDN documentation at http://msdn.microsoft.com/ for more information on the Win32 printing API) Support for NT Access Control Lists (ACL) on printer objects Improved support for printer queue manipulation through the use of an internal databases for spooled job information There has been some initial confusion about what all this means and whether or not it is a requirement for printer drivers to be installed on a Samba host in order to support printing from Windows clients. As a side note, Samba does not use these drivers in any way to process spooled files. They are utilized entirely by the clients. The following MS KB article, may be of some help if you are dealing with Windows 2000 clients: How to Add Printers with No User Interaction in Windows 2000 http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP Previous versions of Samba recommended using a share named [printer$]. This name was taken from the printer$ service created by Windows 9x clients when a printer was shared. Windows 9x printer servers always have a printer$ service which provides read-only access via no password in order to support printer driver downloads. However, the initial implementation allowed for a parameter named printer driver location to be used on a per share basis to specify the location of the driver files associated with that printer. Another parameter named printer driver provided a means of defining the printer driver name to be sent to the client. In order to support the uploading of printer driver files, you must first configure a file share named [print$]. The name of this share is hard coded in Samba's internals so the name is very important (print$ is the service used by Windows NT print servers to provide support for printer driver download). You should modify the server's smb.conf file to add the global parameters and to create the following file share (of course, some of the parameter values, such as 'path' are arbitrary and should be replaced with appropriate values for your site): [global] ; members of the ntadmin group should be able ; to add drivers and set printer properties ; root is implicitly a 'printer admin' printer admin = @ntadmin [print$] path = /usr/local/samba/printers guest ok = yes browseable = yes read only = yes ; since this share is configured as read only, then we need ; a 'write list'. Check the file system permissions to make ; sure this account can copy files to the share. If this ; is setup to a non-root account, then it should also exist ; as a 'printer admin' write list = @ntadmin,root The write list is used to allow administrative level user accounts to have write access in order to update files on the share. See the smb.conf(5) man page for more information on configuring file shares. The requirement for guest ok = yes depends upon how your site is configured. If users will be guaranteed to have an account on the Samba host, then this is a non-issue. The non-issue is that if all your Windows NT users are guaranteed to be authenticated by the Samba server (such as a domain member server and the NT user has already been validated by the Domain Controller in order to logon to the Windows NT console), then guest access is not necessary. Of course, in a workgroup environment where you just want to be able to print without worrying about silly accounts and security, then configure the share for guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure you understand what this parameter does before using it though. --jerry In order for a Windows NT print server to support the downloading of driver files by multiple client architectures, it must create subdirectories within the [print$] service which correspond to each of the supported client architectures. Samba follows this model as well. Next create the directory tree below the [print$] share for each architecture you wish to support. [print$]----- |-W32X86 ; "Windows NT x86" |-WIN40 ; "Windows 95/98" |-W32ALPHA ; "Windows NT Alpha_AXP" |-W32MIPS ; "Windows NT R4000" |-W32PPC ; "Windows NT PowerPC" In order to currently add a new driver to you Samba host, one of two conditions must hold true: The account used to connect to the Samba host must have a uid of 0 (i.e. a root account) The account used to connect to the Samba host must be a member of the printer admin list. Of course, the connected account must still possess access to add files to the subdirectories beneath [print$]. Remember that all file shares are set to 'read only' by default. Once you have created the required [print$] service and associated subdirectories, simply log onto the Samba server using a root (or printer admin) account from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or "My Network Places" and browse for the Samba host. Once you have located the server, navigate to the "Printers..." folder. You should see an initial listing of printers that matches the printer shares defined on your Samba host. The initial listing of printers in the Samba host's Printers folder will have no real printer driver assigned to them. This defaults to a NULL string to allow the use of the local Add Printer Wizard on NT/2000 clients. Attempting to view the printer properties for a printer which has this default driver assigned will result in the error message: Device settings cannot be displayed. The driver for the specified printer is not installed, only spooler properties will be displayed. Do you want to install the driver now? Click "No" in the error dialog and you will be presented with the printer properties window. The way to assign a driver to a printer is to either Use the "New Driver..." button to install a new printer driver, or Select a driver from the popup list of installed drivers. Initially this list will be empty. If you wish to install printer drivers for client operating systems other than "Windows NT x86", you will need to use the "Sharing" tab of the printer properties dialog. Assuming you have connected with a root account, you will also be able modify other printer properties such as ACLs and device settings using this dialog box. A few closing comments for this section, it is possible on a Windows NT print server to have printers listed in the Printers folder which are not shared. Samba does not make this distinction. By definition, the only printers of which Samba is aware are those which are specified as shares in smb.conf. Another interesting side note is that Windows NT clients do not use the SMB printer share, but rather can print directly to any printer on another Windows NT host using MS-RPC. This of course assumes that the printing client has the necessary privileges on the remote host serving the printer. The default permissions assigned by Windows NT to a printer gives the "Print" permissions to the "Everyone" well-known group. One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for 100's of printers. Using the Windows NT APW is somewhat awkward to say the list. If more than one printer are using the same driver, the rpcclient's setdriver command can be used to set the driver associated with an installed driver. The following is example of how this could be accomplished: $ rpcclient pogo -U root%secret -c "enumdrivers" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] [Windows NT x86] Printer Driver Info 1: Driver Name: [HP LaserJet 4000 Series PS] Printer Driver Info 1: Driver Name: [HP LaserJet 2100 Series PS] Printer Driver Info 1: Driver Name: [HP LaserJet 4Si/4SiMX PS] $ rpcclient pogo -U root%secret -c "enumprinters" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] flags:[0x800000] name:[\\POGO\hp-print] description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] comment:[] $ rpcclient pogo -U root%secret -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] Successfully set hp-print to driver HP LaserJet 4000 Series PS. By default, Samba offers all printer shares defined in smb.conf in the "Printers..." folder. Also existing in this folder is the Windows NT Add Printer Wizard icon. The APW will be show only if The connected user is able to successfully execute an OpenPrinterEx(\\server) with administrative privileges (i.e. root or printer admin). show add printer wizard = yes (the default). In order to be able to use the APW to successfully add a printer to a Samba server, the add printer command must have a defined value. The program hook must successfully add the printer to the system (i.e. /etc/printcap or appropriate files) and smb.conf if necessary. When using the APW from a client, if the named printer share does not exist, smbd will execute the add printer command and reparse to the smb.conf to attempt to locate the new printer share. If the share is still not defined, an error of "Access Denied" is returned to the client. Note that the add printer program is executed under the context of the connected user, not necessarily a root account. There is a complementary delete printer command for removing entries from the "Printers..." folder. The following is an example add printer command script. It adds the appropriate entries to /etc/printcap.local (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work. #!/bin/sh # Script to insert a new printer entry into printcap.local # # $1, printer name, used as the descriptive name # $2, share name, used as the printer name for Linux # $3, port name # $4, driver name # $5, location, used for the device file of the printer # $6, win9x location # # Make sure we use the location that RedHat uses for local printer defs PRINTCAP=/etc/printcap.local DATE=`date +%Y%m%d-%H%M%S` LP=lp RESTART="service lpd restart" # Keep a copy cp $PRINTCAP $PRINTCAP.$DATE # Add the printer to $PRINTCAP echo "" >> $PRINTCAP echo "$2|$1:\\" >> $PRINTCAP echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 mkdir /var/spool/lpd/$2 chmod 700 /var/spool/lpd/$2 chown $LP /var/spool/lpd/$2 #echo $1 >> "/usr/local/samba/var/print/$5.prn" #echo $2 >> "/usr/local/samba/var/print/$5.prn" #echo $3 >> "/usr/local/samba/var/print/$5.prn" #echo $4 >> "/usr/local/samba/var/print/$5.prn" #echo $5 >> "/usr/local/samba/var/print/$5.prn" #echo $6 >> "/usr/local/samba/var/print/$5.prn" $RESTART >> "/usr/local/samba/var/print/$5.prn" # Not sure if this is needed touch /usr/local/samba/lib/smb.conf # # You need to return a value, but I am not sure what it means. # echo "Done" exit 0 Windows NT/2000 print servers associate a port with each printer. These normally take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the concept of ports associated with a printer. By default, only one printer port, named "Samba Printer Port", exists on a system. Samba does not really a port in order to print, rather it is a requirement of Windows clients. Note that Samba does not support the concept of "Printer Pooling" internally either. This is when a logical printer is assigned to multiple ports as a form of load balancing or fail over. If you require that multiple ports be defined for some reason, smb.conf possesses a enumports command which can be used to define an external program that generates a listing of ports on a system. The Imprints tool set provides a UNIX equivalent of the Windows NT Add Printer Wizard. For complete information, please refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation included with the imprints source distribution. This section will only provide a brief introduction to the features of Imprints. Imprints is a collection of tools for supporting the goals of Providing a central repository information regarding Windows NT and 95/98 printer driver packages Providing the tools necessary for creating the Imprints printer driver packages. Providing an installation client which will obtain and install printer drivers on remote Samba and Windows NT 4 print servers. The process of creating printer driver packages is beyond the scope of this document (refer to Imprints.txt also included with the Samba distribution for more information). In short, an Imprints driver package is a gzipped tarball containing the driver files, related INF files, and a control file needed by the installation client. The Imprints server is really a database server that may be queried via standard HTTP mechanisms. Each printer entry in the database has an associated URL for the actual downloading of the package. Each package is digitally signed via GnuPG which can be used to verify that package downloaded is actually the one referred in the Imprints database. It is not recommended that this security check be disabled. More information regarding the Imprints installation client is available in the Imprints-Client-HOWTO.ps file included with the imprints source package. The Imprints installation client comes in two forms. a set of command line Perl scripts a GTK+ based graphical interface to the command line perl scripts The installation client (in both forms) provides a means of querying the Imprints database server for a matching list of known printer model names as well as a means to download and install the drivers on remote Samba and Windows NT print servers. The basic installation process is in four steps and perl code is wrapped around smbclient and rpcclient. foreach (supported architecture for a given driver) { 1. rpcclient: Get the appropriate upload directory on the remote server 2. smbclient: Upload the driver files 3. rpcclient: Issues an AddPrinterDriver() MS-RPC } 4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually create the printer One of the problems encountered when implementing the Imprints tool set was the name space issues between various supported client architectures. For example, Windows NT includes a driver named "Apple LaserWriter II NTX v51.8" and Windows 95 calls its version of this driver "Apple LaserWriter II NTX" The problem is how to know what client drivers have been uploaded for a printer. As astute reader will remember that the Windows NT Printer Properties dialog only includes space for one printer driver name. A quick look in the Windows NT 4.0 system registry at HKLM\System\CurrentControlSet\Control\Print\Environment will reveal that Windows NT always uses the NT driver name. This is ok as Windows NT always requires that at least the Windows NT version of the printer driver is present. However, Samba does not have the requirement internally. Therefore, how can you use the NT driver name if is has not already been installed? The way of sidestepping this limitation is to require that all Imprints printer driver packages include both the Intel Windows NT and 95/98 printer drivers and that NT driver is installed first. This is a short description of how to debug printing problems with Samba. This describes how to debug problems with printing from a SMB client to a Samba server, not the other way around. For the reverse see the examples/printing directory. Ok, so you want to print to a Samba server from your PC. The first thing you need to understand is that Samba does not actually do any printing itself, it just acts as a middleman between your PC client and your Unix printing subsystem. Samba receives the file from the PC then passes the file to a external "print command". What print command you use is up to you. The whole things is controlled using options in smb.conf. The most relevant options (which you should look up in the smb.conf man page) are: [global] print command - send a file to a spooler lpq command - get spool queue status lprm command - remove a job [printers] path = /var/spool/lpd/samba The following are nice to know about: queuepause command - stop a printer or print queue queueresume command - start a printer or print queue Example: print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq -P%p %s lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc -P%p stop queuepause command = /usr/sbin/lpc -P%p start Samba should set reasonable defaults for these depending on your system type, but it isn't clairvoyant. It is not uncommon that you have to tweak these for local conditions. The commands should always have fully specified pathnames, as the smdb may not have the correct PATH values. When you send a job to Samba to be printed, it will make a temporary copy of it in the directory specified in the [printers] section. and it should be periodically cleaned out. The lpr -r option requests that the temporary copy be removed after printing; If printing fails then you might find leftover files in this directory, and it should be periodically cleaned out. Samba used the lpq command to determine the "job number" assigned to your print job by the spooler. The %>letter< are "macros" that get dynamically replaced with appropriate values when they are used. The %s gets replaced with the name of the spool file that Samba creates and the %p gets replaced with the name of the printer. The %j gets replaced with the "job number" which comes from the lpq output. One way to debug printing problems is to start by replacing these command with shell scripts that record the arguments and the contents of the print file. A simple example of this kind of things might be: print command = /tmp/saveprint %p %s #!/bin/saveprint # we make sure that we are the right user /usr/bin/id -p >/tmp/tmp.print # we run the command and save the error messages # replace the command with the one appropriate for your system /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print Then you print a file and try removing it. You may find that the print queue needs to be stopped in order to see the queue status and remove the job: h4: {42} % echo hi >/tmp/hi h4: {43} % smbclient //localhost/lw4 added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 Password: Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] smb: \> print /tmp/hi putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) smb: \> queue 1049 3 hi-17534 smb: \> cancel 1049 Error cancelling job 1049 : code 0 smb: \> cancel 1049 Job 1049 cancelled smb: \> queue smb: \> exit The 'code 0' indicates that the job was removed. The comment by the smbclient is a bit misleading on this. You can observe the command output and then and look at the /tmp/tmp.print file to see what the results are. You can quickly find out if the problem is with your printing system. Often people have problems with their /etc/printcap file or permissions on various print queues. You can use the 'testprns' program to check to see if the printer name you are using is recognized by Samba. For example, you can use: testprns printer /etc/printcap Samba can get its printcap information from a file or from a program. You can try the following to see the format of the extracted information: testprns -a printer /etc/printcap testprns -a printer '|/bin/cat printcap' You may need to set up some printcaps for your Samba system to use. It is strongly recommended that you use the facilities provided by the print spooler to set up queues and printcap information. Samba requires either a printcap or program to deliver printcap information. This printcap information has the format: name|alias1|alias2...:option=value:... For almost all printing systems, the printer 'name' must be composed only of alphanumeric or underscore '_' characters. Some systems also allow hyphens ('-') as well. An alias is an alternative name for the printer, and an alias with a space in it is used as a 'comment' about the printer. The printcap format optionally uses a \ at the end of lines to extend the printcap to multiple lines. Here are some examples of printcap files: pr just printer name pr|alias printer name and alias pr|My Printer printer name, alias used as comment pr:sh:\ Same as pr:sh:cm= testing :cm= \ testing pr:sh Same as pr:sh:cm= testing :cm= testing Samba reads the printcap information when first started. If you make changes in the printcap information, then you must do the following: make sure that the print spooler is aware of these changes. The LPRng system uses the 'lpc reread' command to do this. make sure that the spool queues, etc., exist and have the correct permissions. The LPRng system uses the 'checkpc -f' command to do this. You now should send a SIGHUP signal to the smbd server to have it reread the printcap information. This is the most frustrating part of printing. You may have sent the job, verified that the job was forwarded, set up a wrapper around the command to send the file, but there was no output from the printer. First, check to make sure that the job REALLY is getting to the right print queue. If you are using a BSD or LPRng print spooler, you can temporarily stop the printing of jobs. Jobs can still be submitted, but they will not be printed. Use: lpc -Pprinter stop Now submit a print job and then use 'lpq -Pprinter' to see if the job is in the print queue. If it is not in the print queue then you will have to find out why it is not being accepted for printing. Next, you may want to check to see what the format of the job really was. With the assistance of the system administrator you can view the submitted jobs files. You may be surprised to find that these are not in what you would expect to call a printable format. You can use the UNIX 'file' utitily to determine what the job format actually is: cd /var/spool/lpd/printer # spool directory of print jobs ls # find job files file dfA001myhost You should make sure that your printer supports this format OR that your system administrator has installed a 'print filter' that will convert the file to a format appropriate for your printer. Once you have the job printing, you can then start worrying about making it print nicely. The most common problem is extra pages of output: banner pages OR blank pages at the end. If you are getting banner pages, check and make sure that the printcap option or printer option is configured for no banners. If you have a printcap, this is the :sh (suppress header or banner page) option. You should have the following in your printer. printer: ... :sh If you have this option and are still getting banner pages, there is a strong chance that your printer is generating them for you automatically. You should make sure that banner printing is disabled for the printer. This usually requires using the printer setup software or procedures supplied by the printer manufacturer. If you get an extra page of output, this could be due to problems with your job format, or if you are generating PostScript jobs, incorrect setting on your printer driver on the MicroSoft client. For example, under Win95 there is a option: Printers|Printer Name|(Right Click)Properties|Postscript|Advanced| that allows you to choose if a Ctrl-D is appended to all jobs. This is a very bad thing to do, as most spooling systems will automatically add a ^D to the end of the job if it is detected as PostScript. The multiple ^D may cause an additional page of output. This is a problem that is usually caused by either the print spooling system putting information at the start of the print job that makes the printer think the job is a text file, or your printer simply does not support PostScript. You may need to enable 'Automatic Format Detection' on your printer. Note that you can do some pretty magic things by using your imagination with the "print command" option and some shell scripts. Doing print accounting is easy by passing the %U option to a print command shell script. You could even make the print command detect the type of output and its size and send it to an appropriate printer. If the above debug tips don't help, then maybe you need to bring in the bug guns, system tracing. See Tracing.txt in this directory.