Setting up Samba as a Print Server: Difference between revisions
Mmuehlfeld (talk | contribs) m (Fix link) |
Mmuehlfeld (talk | contribs) (Fixed incorrect location of the "printing" parameter. It must be set in [global], not in [printers].) |
||
(20 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
= |
= Introduction = |
||
If you set up Samba as a print server, clients in your network are able to send print jobs to the Samba host using the server message block (SMB) protocol. The examples shown in this documentation use a raw printer in the back end. This configuration requires that the print job is formatted by a driver on the client and thus can be processed by the printer without further processing or filtering. |
|||
== Introduction == |
|||
This HowTo will provide you with an easy guide to setup Samba, to act as a Windows print server including Point'n'Click printer driver installation for users. |
|||
'''This HowTo is valid for Samba 3 and 4 print server installations.''' |
|||
== Some definitions == |
|||
= Supported Print Server Back Ends = |
|||
; Printer share : Each printer is shared by a name. During the printing process, the client sends the printjob to it. |
|||
Samba supports the multiple print server back ends, such as [https://www.cups.org/ CUPS] and [http://www.lprng.com/ LPRng]. For a complete list, see the <code>printing</code> parameter in the <code>smb.conf(5)</code> man page. |
|||
; Print server backend : Samba can use e. g. CUPS, LPD/Lprng and others as backend. The print server forwards the job to local or network printers. |
|||
{{Imbox |
|||
; Windows printer driver : A piece of software that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values. |
|||
| type = note |
|||
| text = You must set up the printer server back end locally on the Samba host. Samba cannot forward print jobs to a remote host. However, you can configure the local printer server back end to forward the job to a remote print server. |
|||
}} |
|||
For details how to set up the back end, see the print server's documentation. |
|||
; Point'n'Print : Windows 2000 and later support the ability to automatically download, install and preconfigure drivers from the server when connecting a printer. The installation can be carried out by ordinary users without special permissions. |
|||
; Printer forms : Windows is already shipped with an amount of forms, that define the typical paper sizes. If a form isn't known to the print server, the client cannot use this, although the printer is able to do it. |
|||
== Driver models == |
|||
== Samba <code>CUPS</code> or <code>IPRINT</code> Back End Support == |
|||
Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 8) |
|||
When using the <code>CUPS</code> or <code>IPRINT</code> print server back end, Samba must have been built with CUPS support enabled. To verify, enter: |
|||
Currently not supported by Samba: [http://msdn.microsoft.com/en-us/library/windows/hardware/hh706306%28v=vs.85%29.aspx Printer driver version 4] (Windows 8) |
|||
# smbd -b | grep "HAVE_CUPS" |
|||
HAVE_CUPS |
|||
If no output is displayed: |
|||
* Samba was built using the <code>--disable-cups</code> parameter. |
|||
* The Samba <code>configure</code> script was unable to locate the required libraries for CUPS support. For details, see [[Package Dependencies Required to Build Samba]]. |
|||
= Print server backend = |
|||
The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba. |
|||
= Adding a printer to the Print Server Back End = |
|||
The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver. |
|||
== CUPS == |
|||
We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next. |
|||
To add a raw printer to an CUPS print server: |
|||
* Open the CUPS admin web interface in your browser. For example, <nowiki>https://servername:631/admin</nowiki> |
|||
* Select the <code>Administration</code> tab and click <code>Add Printer</code>. |
|||
== CUPS == |
|||
* Select the connection type and enter the corresponding URL to the printer's queue or to the remote print server queue. For example: |
|||
[http://www.cups.org CUPS] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time. |
|||
:* LPD-based printers: <code>lpd://''printer_name''/''queue''</code> |
|||
:* IPP (Internet Printing Protocol)-based printers: <code>ipp://''printer_name''/ipp/port</code> |
|||
:* SMB (Server Message Block)-based printers: <code>smb://''username'':''password''@''domain''/''windows_print_server_host_name''/''printer_name''</code> |
|||
:: Note that forwarding a job to a print server running Windows Vista or newer, or Windows Server 2008 or newer requires authentication. |
|||
* Enter a name for the printer. This name is used in the <code>smb.conf</code> when sharing the printer using Samba. |
|||
Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client. |
|||
* Select the <code>Raw</code> printer vendor and model. |
|||
* Save the settings. |
|||
=== Adding a new printer === |
|||
* Open the CUPS admin webfrontend (https://servername:631/admin). |
|||
== LPRng == |
|||
* On the „Administration“ tab click the „Add Printer“ button. |
|||
To add a raw printer to a LPRng print server: |
|||
* Choose the way that your printer is connected and enter the appropriate URL. |
|||
* Add the following line to the <code>/etc/printcap</code> file: |
|||
Examples: |
|||
''printer_name'':sd=/var/spool/lpd/''printer_name''/:sh:mx=0:mc=0:rm=''Printer_DNS_name_or_IP_address'' |
|||
# LPD protocol |
|||
: The printer name is used in the smb.conf when sharing the printer using Samba. |
|||
lpd://hostname/queue |
|||
: For further details about the options used, see the <code>printcap(5)</code> man page. |
|||
# Internet Printing Protocol |
|||
ipp://hostname/ipp/port |
|||
# Forwarding the jobs to a Windows print server. |
|||
# Hint: Vista and higher, don't allow anonymous connects by default, so you must provide a username and password. |
|||
smb://username:password@domain/servername/printername |
|||
* To create the spool directory, enter: |
|||
* Enter a name for the printer |
|||
# checkpc -f |
|||
* When you reach the step to choose the vendor and model, choose „Raw“ for both, because the rendering will be done later by the Windows driver. |
|||
* |
* Restart the LPRng service. |
||
== LPD == |
|||
This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used [http://www.lprng.org/ LPRng]. |
|||
= Enabling the <code>spoolssd</code> Service = |
|||
=== Adding a new printer === |
|||
The Samba <code>spoolssd</code> is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable <code>spoolssd</code> to: |
|||
* To add a new network printer, you simply need to add the following line to your 'printcap' (typically '/etc/printcap'). For the different options used in the example, see 'man printcap'. |
|||
* Support package-aware Windows drivers. |
|||
* Increase performance on print servers with a high number of jobs or printers. |
|||
: Without <code>spoolssd</code>, Samba forks the <code>smbd</code> process or each print job and initializes the <code>printcap</code> cache. In case of a large number of printers, the <code>smbd</code> service can become unresponsive for multiple seconds when initializing the cache. The <code>spoolssd</code> service enables you to start pre-forked <code>smbd</code> processes that are processing print jobs without any delay. The main <code>spoolssd</code> <code>smbd</code> process uses a low amount of memory, and forks and terminates child processes |
|||
To enable the <code>spoolssd</code> service: |
|||
PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name |
|||
* Edit the <code>[global]</code> section in your <code>smb.conf</code> file: |
|||
* After adding the new printer entry, run the following command to create the LPD spool directory and restart/reload the service, to take the changes affect. |
|||
:* Add the following parameters: |
|||
# checkpc -f |
|||
# service lpd restart |
|||
rpc_server:spoolss = external |
|||
* The following command allows you query the state of the printer: |
|||
rpc_daemon:spoolssd = fork |
|||
:* Optionally, you can set the following parameters: |
|||
# lpq -P PRINTERNAME |
|||
::{| class="wikitable" |
|||
Printer: PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name) |
|||
!Parameter |
|||
Queue: no printable jobs in queue |
|||
!Default |
|||
Ready |
|||
!Description |
|||
|- |
|||
no entries |
|||
|spoolssd:prefork_min_children |
|||
|5 |
|||
|Minimum number of child processes |
|||
|- |
|||
|spoolssd:prefork_max_children |
|||
|25 |
|||
|Maximum number of child processes |
|||
|- |
|||
|spoolssd:prefork_spawn_rate |
|||
|5 |
|||
|Samba forks this number of new child processes, up to the value set in <code>spoolssd:prefork_max_children</code>, if a new connection is established |
|||
|- |
|||
|spoolssd:prefork_max_allowed_clients |
|||
|100 |
|||
|Number of clients, a child process serves |
|||
|- |
|||
|spoolssd:prefork_child_min_life |
|||
|60 |
|||
|Minimum lifetime of a child process in seconds. 60 seconds is the minimum. |
|||
|} |
|||
* Restart Samba. |
|||
After the restart, Samba automatically starts <code>smbd</code> sub-processes: |
|||
# ps axf |
|||
... |
|||
30903 smbd |
|||
30912 \_ smbd |
|||
30913 \_ smbd |
|||
30914 \_ smbd |
|||
30915 \_ smbd |
|||
... |
|||
= Configuring Samba as print server = |
|||
== General == |
|||
= Enabling the Print Server Support in Samba = |
|||
To enable the print server support: |
|||
''Note: Some features of spoolssd were broken before 4.0.17 and 4.1.7. That's why it is recommended to use at least these versions!'' |
|||
* Set the printing back end in the <code>printing</code> parameter of the <code>[global]</code> section in your <code>smb.conf</code> file. For example: |
|||
spoolssd is a feature, introduced in Samba 4.0, that increases printer performance. In the past, when a print job came in, a smbd child process was forked, to initialize the printcap cache, spoolss, etc. If you have a huge printcap cache and it needs to be updated first, the client could hang for several seconds. |
|||
printing = CUPS |
|||
* Add the following section to your <code>smb.conf</code>: |
|||
Since Samba 4, you can configure spoolssd to be started as forked processes. If enabled, you'll see additional smbd processes, which will handle only spoolss requests. The master process is a simple daemon with a small memory footprint, that only forks and kills childs serving the spoolss pipe. When a connection comes in, it can directly start to talk to the daemon and ask for information about the printer without any delay, this gives a performance improvement. |
|||
[printers] |
|||
To enable spoolssd, add the following to the [global] section of your smb.conf: |
|||
path = /var/spool/samba/ |
|||
printable = yes |
|||
* Create the spool directory set in the <code>path</code> parameter: |
|||
rpc_server:spoolss = external |
|||
rpc_daemon:spoolssd = fork |
|||
# mkdir -p /var/spool/samba/ |
|||
After you have restarted Samba, you will discover additional smbd processes that handle spoolss requests: |
|||
# chmod 1777 /var/spool/samba/ |
|||
* Reload Samba: |
|||
With spoolssd enabled after startup: With spoolssd disabled (default): |
|||
30903 smbd 30955 smbd |
|||
30912 \_ smbd 30963 \_ smbd |
|||
30913 \_ smbd |
|||
30914 \_ smbd |
|||
30915 \_ smbd |
|||
30916 \_ smbd |
|||
30917 \_ smbd |
|||
30918 \_ smbd |
|||
30920 \_ smbd |
|||
30921 \_ smbd |
|||
30922 \_ smbd |
|||
30923 \_ smbd |
|||
30924 \_ smbd |
|||
# smbcontrol all reload-config |
|||
You can adjust the daemons behaviour through the following parameters (the values in the examples are the defaults): |
|||
spoolssd:prefork_min_children = 5 # Minimum number of child processes |
|||
spoolssd:prefork_max_children = 25 # Maximum number of child processes |
|||
spoolssd:prefork_spawn_rate = 5 # Start (fork) x new childs if one connection comes in (up to prefork_max_children) |
|||
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child process should be responsible for |
|||
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a child process (60 seconds |
|||
# is the minimum, even a lower value has been configured) |
|||
spoolssd is still a new feature. If you encounter any bug, please report it at [https://bugzilla.samba.org/ https://bugzilla.samba.org/], to get it fixed as soon as possible. |
|||
=== Granting print operator privileges === |
|||
Users or groups, who should be able to administrate printers on your server, have to be granted the „SePrintOperatorPrivilege“ privilege. This is required on member servers, as they have their own, local SAM database. It is recommended to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC. |
|||
= Sharing a Printer = |
|||
The following example grants the privilege to the domain group „Domain Admins“: |
|||
== Automatic Sharing of All Printers Configured in the Print Server Back End == |
|||
# net rpc rights grant 'SAMDOM\Domain Admins' SePrintOperatorPrivilege -Uadministrator |
|||
Using the default setting, all printers configured in the print server back end are automatically shared. |
|||
Existing privileges can be reviewed with |
|||
# net rpc rights list accounts -Uadministrator |
|||
=== Setup the [printers] share === |
|||
=== Disabling the Automatic Printer Sharing === |
|||
This share defines general information about your printing backend. See the „[printers]“ section in the man page for additional information. |
|||
To disable the automatic printer sharing: |
|||
* Add the new section to your smb.conf |
|||
[printers] |
|||
path = /var/spool/samba |
|||
printable = yes |
|||
printing = CUPS|LPRNG|... |
|||
* Add the following parameter to the <code>[global]</code> section of your <code>smb.conf</code> file: |
|||
* If you choose CUPS as backend, make sure that your smbd is compiled with CUPS support: |
|||
# smbd -b | grep CUPS |
|||
HAVE_CUPS_CUPS_H |
|||
HAVE_CUPS_LANGUAGE_H |
|||
HAVE_CUPS |
|||
HAVE_LIBCUPS |
|||
If you don't get any output, make sure that the CUPS header files and libraries are installed and recompile Samba with --with-cups. |
|||
load printers = no |
|||
* The next step is to create the samba spool directory, defined in the „[printer]“ share. Set the appropriate permissions, depending on your needs. |
|||
* Reload Samba: |
|||
# mkdir -p /var/spool/samba/ |
|||
# chmod 1777 /var/spool/samba/ |
|||
# smbcontrol all reload-config |
|||
=== Setup the [print$] share === |
|||
To enable Point'n'Print support, a share named „print$“ must exist. This share name is hardcoded in Windows clients and can't be altered. |
|||
* Add the share to your smb.conf |
|||
== Manual Sharing of Printers == |
|||
[print$] |
|||
path = /srv/samba/Printer_drivers |
|||
comment = Printer Drivers |
|||
writeable = yes |
|||
To manually share a printer: |
|||
* Create the folder that will later contain the drivers: |
|||
* Verify that the automatic printer sharing is disabled. See [[#Disabling_the_Automatic_Printer_Sharing|Disabling the Automatic Printer Sharing]]. |
|||
# mkdir -p /srv/samba/Printer_drivers/ |
|||
* Add the share for the printer to your <code>smb.conf</code> file: |
|||
* Next we create the required directory structure for the print$ share (newer versions of Samba will create it on the fly): |
|||
[''Samba_printer_name''] |
|||
BASEDIR=/srv/samba/Printer_drivers |
|||
path = /var/spool/samba/ |
|||
for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/{2,3} WIN40 x64; do |
|||
printable = yes |
|||
printer name = ''printer_name_in_the_back_end'' |
|||
done |
|||
: Set the <code>printer name</code> parameter to the name of the printer used in the local print server back end. |
|||
* Finally, set the permissions. It is recommended that normal users just have read-only access to the share, while the group you have [[#Granting_print_operator_privileges|granted print operator privileges]] to, has write permissions to upload printer drivers. The following examples are granting write permissions to the „Domain Admins“ group. |
|||
* Reload Samba: |
|||
:* If you're running Samba 4 and later, you are having the choice to use [[Shares_with_POSIX_ACLs#Change_permissions_on_folders_of_a_share|POSIX]] or [[Shares_with_Windows_ACLs#Change_permissions_on_folder_of_a_share|Windows ACLs]] on the print$ share. The benefit of Windows ACLs are, that you can use the full Windows ACLs set. Have a look at the [[Shares_with_Windows_ACLs#Change_permissions_on_folder_of_a_share|Setup and configure file shares]] documentation for further details. The suggested filesystem permissions for Windows ACLs on the print$ share are: |
|||
::* Creator Owner: Full control (Subfolders and files only) |
|||
::* Authenticated Users: Read & execute, List folder contents, Read (This folder, subfolders and files) |
|||
::* System: Full control (This folder, subfolders and files) |
|||
::* Domain Admins: Full control (This folder, subfolders and files) |
|||
# smbcontrol all reload-config |
|||
:* ACL example for POSIX ACLs on the print$ share (e. g. for Samba 3.x) |
|||
# chgrp -R „SAMDOM\Domain Admins“ /srv/samba/Printer_drivers/ |
|||
# chmod -R 2755 /srv/samba/Printer_drivers/ |
|||
== Sharing a printer with Samba == |
|||
* For each printer you want to share via Samba, you have to create a separate share (unless you have "load printers = yes" defined in your smb.conf). The following is an example: |
|||
[MyDemoPrinter] |
|||
path = /var/spool/samba/ |
|||
browseable = yes |
|||
printable = yes |
|||
printer name = Printername_in_backend |
|||
* Set the „printer name“ parameter to the name of your corresponding CUPS/LPD/... queue. |
|||
= Setting up Automatic Printer Driver Download for Windows Clients = |
|||
* To bring the changes live, reload the Samba configuration: |
|||
See [[Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients|Setting up Automatic Printer Driver Downloads for Windows Clients]]. |
|||
# smbcontrol all reload-config |
|||
---- |
|||
[[Category:Active Directory]] |
|||
[[Category:Domain Members]] |
|||
[[Category:NT4 Domains]] |
|||
[[Category:Printing]] |
|||
[[Category:Standalone Server]] |
Revision as of 12:03, 18 October 2017
Introduction
If you set up Samba as a print server, clients in your network are able to send print jobs to the Samba host using the server message block (SMB) protocol. The examples shown in this documentation use a raw printer in the back end. This configuration requires that the print job is formatted by a driver on the client and thus can be processed by the printer without further processing or filtering.
Supported Print Server Back Ends
Samba supports the multiple print server back ends, such as CUPS and LPRng. For a complete list, see the printing
parameter in the smb.conf(5)
man page.
You must set up the printer server back end locally on the Samba host. Samba cannot forward print jobs to a remote host. However, you can configure the local printer server back end to forward the job to a remote print server. |
For details how to set up the back end, see the print server's documentation.
Samba CUPS
or IPRINT
Back End Support
When using the CUPS
or IPRINT
print server back end, Samba must have been built with CUPS support enabled. To verify, enter:
# smbd -b | grep "HAVE_CUPS" HAVE_CUPS
If no output is displayed:
- Samba was built using the
--disable-cups
parameter. - The Samba
configure
script was unable to locate the required libraries for CUPS support. For details, see Package Dependencies Required to Build Samba.
Adding a printer to the Print Server Back End
CUPS
To add a raw printer to an CUPS print server:
- Open the CUPS admin web interface in your browser. For example, https://servername:631/admin
- Select the
Administration
tab and clickAdd Printer
.
- Select the connection type and enter the corresponding URL to the printer's queue or to the remote print server queue. For example:
- LPD-based printers:
lpd://printer_name/queue
- IPP (Internet Printing Protocol)-based printers:
ipp://printer_name/ipp/port
- SMB (Server Message Block)-based printers:
smb://username:password@domain/windows_print_server_host_name/printer_name
- Note that forwarding a job to a print server running Windows Vista or newer, or Windows Server 2008 or newer requires authentication.
- LPD-based printers:
- Enter a name for the printer. This name is used in the
smb.conf
when sharing the printer using Samba.
- Select the
Raw
printer vendor and model.
- Save the settings.
LPRng
To add a raw printer to a LPRng print server:
- Add the following line to the
/etc/printcap
file:
printer_name:sd=/var/spool/lpd/printer_name/:sh:mx=0:mc=0:rm=Printer_DNS_name_or_IP_address
- The printer name is used in the smb.conf when sharing the printer using Samba.
- For further details about the options used, see the
printcap(5)
man page.
- To create the spool directory, enter:
# checkpc -f
- Restart the LPRng service.
Enabling the spoolssd
Service
The Samba spoolssd
is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable spoolssd
to:
- Support package-aware Windows drivers.
- Increase performance on print servers with a high number of jobs or printers.
- Without
spoolssd
, Samba forks thesmbd
process or each print job and initializes theprintcap
cache. In case of a large number of printers, thesmbd
service can become unresponsive for multiple seconds when initializing the cache. Thespoolssd
service enables you to start pre-forkedsmbd
processes that are processing print jobs without any delay. The mainspoolssd
smbd
process uses a low amount of memory, and forks and terminates child processes
To enable the spoolssd
service:
- Edit the
[global]
section in yoursmb.conf
file:
- Add the following parameters:
rpc_server:spoolss = external rpc_daemon:spoolssd = fork
- Optionally, you can set the following parameters:
Parameter Default Description spoolssd:prefork_min_children 5 Minimum number of child processes spoolssd:prefork_max_children 25 Maximum number of child processes spoolssd:prefork_spawn_rate 5 Samba forks this number of new child processes, up to the value set in spoolssd:prefork_max_children
, if a new connection is establishedspoolssd:prefork_max_allowed_clients 100 Number of clients, a child process serves spoolssd:prefork_child_min_life 60 Minimum lifetime of a child process in seconds. 60 seconds is the minimum.
- Restart Samba.
After the restart, Samba automatically starts smbd
sub-processes:
# ps axf ... 30903 smbd 30912 \_ smbd 30913 \_ smbd 30914 \_ smbd 30915 \_ smbd ...
Enabling the Print Server Support in Samba
To enable the print server support:
- Set the printing back end in the
printing
parameter of the[global]
section in yoursmb.conf
file. For example:
printing = CUPS
- Add the following section to your
smb.conf
:
[printers] path = /var/spool/samba/ printable = yes
- Create the spool directory set in the
path
parameter:
# mkdir -p /var/spool/samba/ # chmod 1777 /var/spool/samba/
- Reload Samba:
# smbcontrol all reload-config
Sharing a Printer
Automatic Sharing of All Printers Configured in the Print Server Back End
Using the default setting, all printers configured in the print server back end are automatically shared.
Disabling the Automatic Printer Sharing
To disable the automatic printer sharing:
- Add the following parameter to the
[global]
section of yoursmb.conf
file:
load printers = no
- Reload Samba:
# smbcontrol all reload-config
Manual Sharing of Printers
To manually share a printer:
- Verify that the automatic printer sharing is disabled. See Disabling the Automatic Printer Sharing.
- Add the share for the printer to your
smb.conf
file:
[Samba_printer_name] path = /var/spool/samba/ printable = yes printer name = printer_name_in_the_back_end
- Set the
printer name
parameter to the name of the printer used in the local print server back end.
- Reload Samba:
# smbcontrol all reload-config
Setting up Automatic Printer Driver Download for Windows Clients
See Setting up Automatic Printer Driver Downloads for Windows Clients.