Difference between revisions of "Setting up Samba as a Print Server"

(caveot for driver sharing in mixed 32/64 bit Windows client environments)
(Complete re-write of the HowTo (Incl. much more details, examples, screenshots, driver trust GPO, etc.))
Line 1: Line 1:
==Overview==
+
= General =
Samba could no only act in the fileserver role. There is also the possibility to do the job as printserver for the windows clients.
 
  
This seems to be well known, and nobody needs to any instruction because it is working :-)
+
== Introducion ==
  
When we take a closer lool to this role, it consists out of the following parts:
+
Samba can't even serve files and act as a AD DC or PDC, but rather work as a print server.
  
* printer share -> at the printingprocess the client copies the spoolfiles
+
This HowTo will provide you an easy guide to setup Samba to act as a Windows print server including Point'n'Click printer driver installation for users.
* printserver software -> cups, lprng, lpr or something else. He delivers the spoolfiles to the printing devices. Maybe over the network or localy
 
* windows printer driver -> to use the 'point and print' functionality it makes sence to store the windows printer driver in a special share (print$) on the server. Inside of this driver also the default settings of the printer are stored.
 
* printer formular -> Every windows printout depends on the formular with his papersizes and so on. If a formular isn't know to the printserver the client could not use this although the printer was able to do it. Think about large formular or special paper like photos.
 
* something I have forgotten ...
 
  
==Printserver software / Using printers connected to the Samba server==
 
In most of the cases you want to use printers which are directly connected to the samba server. A printer can be connected via various hardware devices (i.e. parallel port, usb, scsi and so forth). But thats not all, you have to take care about the fact that two users can request a print job at the same time. To serve this, you need a software which controls the printer.
 
===CUPS===
 
CUPS is currently the most widely used spool system in Unix environments. Samba has built in support and defaults to CUPS if the develepment package (aka header files and libraries) could be found at compile time. The home of CUPS is [[http://www.cups.org]]. Basically all sorts of files can be printed with CUPS, but using a Postscript printer driver will give you the most benefit and the client can control the settings for the printers. A multi-purpose printer driver for Windows can be found at the Adobe site, see [[http://www.adobe.com/products/printerdrivers/main.html]]. The very big advantage of using Postscript as the printing language is that it doesn't matter whether your job has to be printed on a cheap inkjet or a big laser.
 
  
====Using printers connected to another Samba or Windows server====
 
=====Using a printer connected to another Samba server=====
 
It is most likely that the other server is running CUPS to. So you only have to forward the print jobs to the other CUPS service. This is a simple to do in CUPS.
 
  
=====Using a printer connected to a Windows server=====
+
== Some definitions ==
You also can use CUPS for it. CUPS has the special backend smb://<server>/<printer>. This in turn calls the smbspool program which is part of the samba suite. So if you set up a printer connected to a Windows server, you set up a normal printer with a special PrinterURI.
 
  
Note: the full form of that URI is: smb://[''<username>''[:''<password>'']@][''domain''/]''<server>''/''<printer>''
+
* Printer share: Each printer is shared by a name. During the printing process, the client send the printjob to it.
  
----
+
* Print server backend. Samba can use e. g. CUPS, LPD/Lprng and other as backend. The print server forwards the job to local or network printers.
--[[User:Rcsu|rcsu]] 15:34, 15 April 2006 (CDT)
 
[[Category:Category Configuration]]
 
  
 +
* Windows printer driver: A piece of software, that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values.
  
===LPD===
+
* Point'n'Print: Windows 2000 and later support the abillity to automatically download and install drivers from the server including preconfiguring, when connecting a printer. The installation can be done by ordinary users, without special permissions.
This is the first widely used printing system. It is very simple and doesnt use Postscript. But it is binary clean, so you can print to it directly via client side installed printer drivers.
 
  
==Providing Printer Drivers to Windows clients with the [print$] share==
+
* Printer forms: Windows is already shipped with an amount of forms, that define the typical paper sizes. If a formular isn't known to the print server, the client could not use this, altought the printer is able to do it.
to do a upload of the windows printer driver there must be done some steps.
 
# We need a user which is permited to do the job -> a printer admin windows call it 'Printer Operator'
 
# a share have to be prepaired an the printer admin need permission to read and write.
 
  
===how to configure printer admin===
 
  
since samba 3.0.20 the parameter is depricated and in the actuall version it isn't working anymore.
 
  
so what is the commandline to get a printer admin?
+
== Driver models ==
  
do the following command and the user or group will be printer admin:
+
Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 8)
  
  net rpc rights grant "<domain|hostname\<user|group>" SePrintOperatorPrivilege -U <hostname>/root
+
Currently not supported by Samba: [http://msdn.microsoft.com/en-us/library/windows/hardware/hh706306%28v=vs.85%29.aspx Printer driver version 4] (Windows 8)
  
example:
 
  net rpc rights grant "cake\support" SePrintOperatorPrivilege -U cake/root
 
  
this mean the user support on machine is printeradmin by the user root on the hostname "cake"
 
  
===Directory structure in drivers directory===
 
The normal directory structure for your printer drivers looks like
 
<pre>drwxr-xr-x  2 root root  96 Feb 24 20:02 COLOR
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 IA64
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 W32ALPHA
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 W32MIPS
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 W32PPC
 
drwxr-xr-x  3 root root  72 Feb 24 20:02 W32X86
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 WIN40
 
drwxr-xr-x  2 root root  48 Feb 24 20:02 x64
 
</pre>
 
You have to create it yourself. Here is a command line which does it. You only have to change the value of BASEDIR:
 
<pre>BASEDIR=/var/lib/samba/drivers;
 
for X in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86 WIN40 x64; do
 
  mkdir -p $BASEDIR/$X;
 
done</pre>
 
===Create the share===
 
Please have a look at the smb.conf and change only the necessary lines (user,groups), most of the distributions are well prepaired.
 
  
<pre>[print$]
 
comment = Printer Drivers
 
path = /var/lib/samba/drivers
 
browseable = yes
 
guest ok = no
 
read only = yes
 
write list = root, chrisr
 
</pre>
 
  
===Uploading a printer driver (vendor drivers)===
+
= Print server backend =
Do it like:
 
*http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2582657
 
  
Configuring point and print driver sharing in mixed 32/64 bit Windows client environments requires a differing procedure to the regular (32 bit only) add printer wizard usage:
+
The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba.  
* The 64bit driver must be uploaded using the "\\server\printers\ -> server properties" wizard. This wizard allows the uploading of printer drivers that differ in architecture to what is reported by the spoolss server (configurable in 3.6.3).
 
* A 32 bit driver with an identical name must also be uploaded to the server and associated with the printer, the regular add printer wizard can be used for this.
 
  
==Formular / Special settings on printer and faxes==
+
The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers  on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver.
===Enabling new papersizes===
 
Only standardsizes of formulars are known. You have to add the neccessary sizes by hand.
 
  
# connect to the server \\<SambaServer>>
+
We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next.
# printer -> Server Propertes -> Forms
 
# Create new form
 
#:[[Image:SambaFormA0.png]]
 
#: A0 With 84,10 cm Height 118,90 cm
 
#:[[Image:SambaFormA1.png]]
 
#: A1 With 59,40 cm cm Height 84,10 cm
 
# After this steps the large papersizes a shown in the different dialogs
 
  
The Size of the formulars depends on the ppds
+
 
 +
 
 +
== CUPS ==
 +
 
 +
[http://www.cups.org CUPS] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.
 +
 
 +
Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client.
 +
 
 +
 
 +
 
 +
=== Adding a new printer ===
 +
 
 +
* Open the CUPS admin webfrontend (https://servername:631/admin).
 +
 
 +
* On the „Administration“ tab click the „Add Printer“ button.
 +
 
 +
* Choose the way, how your printer is connected and enter the appropriate URL. Examples:
 +
# LPD protocol
 +
lpd://hostname/queue
 +
 +
# Internet Printing Protocol
 +
ipp://hostname/ipp/port
 +
 +
# Forwarding the jobs to a Windows print server.
 +
# Hint: Vista and higher, don't allow anonymous connects by default, so you must provide a username and password.
 +
smb://username:password@domain/servername/printername
 +
 
 +
* Enter a name for the printer
 +
 
 +
* When you reached the step, where to choose the vendor and model, choose „Raw“ for both, because the rendering is already done later by the Windows driver.
 +
 
 +
* Save the new added printer.
 +
 
 +
 
 +
 
 +
== LPD ==
 +
 
 +
This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used [http://www.lprng.org/ LPRng].
 +
 
 +
 
 +
 
 +
=== Adding a new printer ===
 +
 
 +
* To add a new network printer, you simply need to add the following line to your 'printcap' (typically '/etc/printcap'). For the different options used in the example, see 'man printcap'.
 +
 
 +
PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name
 +
 
 +
* After adding the new printer entry, run the following command to create the LPD spool directory and restart/reload the service, to take the changes affect.
 +
 
 +
# checkpc -f
 +
# service lpd restart
 +
 
 +
* The following command allows you query the state of the printer:
 +
 
 +
# lpq -P PRINTERNAME
 +
Printer: PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name)
 +
  Queue: no printable jobs in queue
 +
Ready
 +
 +
no entries
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Configuring Samba as print server =
 +
 
 +
== General ==
 +
 
 +
=== Granting print operator privileges ===
 +
 
 +
Users or groups, who should be able to administrate printers on your server, have to be granted the „SePrintOperatorPrivilege“ privilege. It is recommended, to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC.
 +
 
 +
The following example grants the privilege to the domain group „Domain Admins“:
 +
 
 +
# net rpc rights grant 'SAMDOM\Domain Admins' SePrintOperatorPrivilege -Uadministrator
 +
 
 +
Existing privileges you can reviewed by
 +
 
 +
# net rpc rights list accounts -Uadministrator
 +
 
 +
 
 +
 
 +
=== Setup the [printers] share ===
 +
 
 +
This share defines general information about your printing backend. See the „[printers]“ section in the man page for additional information.
 +
 
 +
* Add the new section to your smb.conf
 +
[printers]
 +
      path = /var/spool/samba
 +
      printable = yes
 +
      printing = CUPS|LPRNG|...
 +
 
 +
* If you choose CUPS as backend, make sure, that your smbd is compiled with CUPS support:
 +
# smbd -b | grep CUPS
 +
    HAVE_CUPS_CUPS_H
 +
    HAVE_CUPS_LANGUAGE_H
 +
    HAVE_CUPS
 +
    HAVE_LIBCUPS
 +
If you don't get any output, make sure, that the CUPS header files and libraries are installed and recompile Samba with --with-cups.
 +
 
 +
* The next step is to create the samba spool directory, defined in the „[printer]“ share. Set the appropriate permissions, depending to your needs.
 +
 
 +
# mkdir -p /var/spool/samba/
 +
# chmod 1777 /var/spool/samba/
 +
 
 +
 
 +
 
 +
=== Setup the [print$] share ===
 +
 
 +
To enable Point'n'Print support, a share named „print$“ must exist. This share name is hardcoded in Windows clients and can't be choosen.
 +
 
 +
* Add the share to your smb.conf
 +
 
 +
[print$]
 +
      path = /srv/samba/Printer_drivers
 +
      comment = Printer Drivers
 +
      writeable = yes
 +
 
 +
* Create the folder, that will contain the drivers later:
 +
 
 +
# mkdir -p /srv/samba/Printer_drivers
 +
 
 +
* Next we create the required directory structure for the print$ share (newer versions of Samba can create it on the fly when uploading):
 +
 
 +
BASEDIR=/srv/samba/Printer_drivers
 +
for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/{2,3} WIN40 x64; do
 +
      mkdir -p $BASEDIR/$i;
 +
done
 +
 
 +
* At last, set the appropriate permissions, depending to your needs. Example:
 +
 
 +
# chmod -R 755 /srv/samba/Printer_drivers
 +
 
 +
 
 +
 
 +
== Sharing a printer with Samba ==
 +
 
 +
* For each printer you want to share via Samba, you have to create a separate share. The following is an example:
 +
 
 +
[MyDemoPrinter]
 +
      path = /var/spool/samba/
 +
      browseable = yes
 +
      printable = yes
 +
      printer name = Printername_in_backend
 +
 
 +
* Set the „printer name“ parameter to the name of your corresponding CUPS/LPD/... queue.
 +
 
 +
* To bring the changes live, reload the Samba configuration:
 +
 
 +
# smbcontrol all reload-config
 +
 
 +
 
 +
 
 +
== Uploading printer drivers for Point'n'Print driver installation==
 +
 
 +
If you have already uploaded the driver for your printer in the past, you can skip this section.
 +
 
 +
If you have to provide a printer driver for x86 and x64 plattforms, you have to upload them from a x64 machine. A x86 client can only upload x86 drivers, while a x64 client can do both.
 +
 
 +
It's important, that if you want to provide printing support for multiple plattforms on one printer, that you upload drivers for both, that have exactly the same driver name! Otherwise, the driver for the different plattforms can't be associated.
 +
 
 +
The following steps are done on Windows7 64-Bit, to allow uploading x86 and x64 bit drivers, which should work for Windows 2000 to Windows 8.
 +
 
 +
* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.
 +
 
 +
* Go to \\YourPrintserver and click the „View remote printers“ button
 +
:[[Image:Server_Share_List.png]]
 +
 
 +
* You will see a list of all printers you have shared.
 +
: [[Image:View_remote_printers.png]]
 +
 
 +
* Right-click somewhere in the empty part of the window and choose „Server Properties...“ from  the appearing context menu.
 +
 
 +
* Next go to the „Drivers“ tab and click the „Add...“ button. The „Add Printer wizzard will appear.
 +
 
 +
* Select the driver architecture you want to upload (upload one by one) and click „Next“.
 +
 
 +
* Click the „Have Disk...“ button and browse to the directory containing the driver you want to upload.
 +
 
 +
* The wizzard will show you a list of all drivers, the directory you pointed to, contains. Select the appropriate driver for your printer and click „Next“.
 +
:[[Image:Printer_driver_selection.png]]
 +
 
 +
* In the end, the wizzard will copy all required files to the print$ share of your print server.
 +
 
 +
* If you want to upload drivers for a different plattform or other devices, repeat the steps.
 +
 
 +
 
 +
 
 +
== Associating a shared printer with a driver and preconfiguring==
 +
 
 +
* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.
 +
 
 +
* Go to \\YourPrintserver and click the „View remote printers“ button.
 +
:[[Image:Server_Share_List.png]]
 +
 
 +
* You will see a list of all printers you have shared.
 +
:[[Image:View_remote_printers.png]]
 +
 
 +
* You could do the association of the driver with the printer share on Windows or on *nix side:
 +
 
 +
:* On Windows:
 +
 
 +
::* Right-click to the shared printer, you would associate a driver with and choose „Properties“.
 +
 
 +
::* If there's no driver associated with an printer yet, you'll been asked if you want to install the driver now. Answer this question with „No“!
 +
:::[[Image:Question_install_driver.png]]
 +
 
 +
::* A default printer properties window will appear. Go to the „Advanved“ tab and choose the already uploaded driver from the list, that is suitable for the printer.
 +
:::[[Image:Choose_driver.png]]
 +
 
 +
::* Close the windows with „OK“ to associate the driver with the printer.
 +
 
 +
::* If you do this step on Vista or higher, Windows will ask you, if you trust the server (This can' be suppressed by a GPO. See [[#Setting_up_a_GPO_for_trusting_printer_drivers|Setting up a GPO for trusting printer drivers]]). Choose „Install driver“, if you are seeing this window.
 +
:::[[Image:Question_trust_printer.png]]
 +
 
 +
::* After associating the driver, Windows renames the printer to the driver name. You can leave that or rename it again. For more clearness, it's better to set the name on Windows side to the one you used in your smb.conf.
 +
 
 +
:* On *nix:
 +
 
 +
::* Retrieve a list of all drivers, that are on the print$ share <pre># rpcclient localhost -U administrator -c 'enumdrivers'</pre>
 +
 
 +
::* Associate the driver with the printer (The driver name, must be exactly the same, like in the output of the above „enumdrivers“ output): <pre># rpcclient localhost -U administrator -c 'setdriver "MyDemoPrinter" "HP Universal Printing PS"'</pre>
 +
 
 +
::* You can review the associations with <pre># rpcclient localhost -U administrator -c 'enumprinters'</pre>
 +
 
 +
* On Windows, now right-click and choose „Properties“ again, to preconfigure the printer.
 +
 
 +
* First you should take a look on the tabs on the properties windows. Typically there's a tab called „Device Settings“, „Settings“, „Configuration“ or something like that (depending on the driver). This usually allows you to configure the main printer settings (number of trays, duplex on/off, etc.). Set the values fitting to your device and click the „Apply“ button.
 +
:[[Image:Device_Settings.png]]
 +
 
 +
* On the „Sharing“ tab, you can check „List in the directory“, to publish the printer in your Active Directory, what makes it easier for users to find.
 +
 
 +
* To preconfigure the printers default settings, go to the „Advanced“ tab and click the „Printing defaults...“ button. A new window will appear. It's layout and possibilities differ and depent on the driver. Here you can set the default values, the user will receive, when connecting the printer.
 +
:[[Image:Printing_defaults.png]]
 +
 
 +
* If you have finished configuring your printer, save all changes with „OK“.
 +
 
 +
If you had uploaded drivers for multiple architectures to that printer, the settings will be retrieved connecting on the different plattforms - regardless on which they have been set. But as mentioned earlier, this requires, that all drivers for each plattform have the same name (versions can differ).
 +
 
 +
Now it's time to connect to the printer and print a test page.
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Setting up a GPO for trusting printer drivers =
 +
 
 +
To keep the following guide simple, we setup the policy in the „Default Domain Policy“. If you have different requirements, adapt it to your needs.
 +
 
 +
* Open the Group Policy Management console.
 +
 
 +
* Go to „Forest: your.domain“ / „Domains“ / „your.domain“
 +
 
 +
* Right-click „Default Domain Policy“ and choose „Edit“ to open the Group Policy Management Editor.
 +
:[[Image:Edit_group_policy.png]]
 +
 
 +
* Navigate to „Computer Configuration“ / „Policies“ / „Administrative Templates“ / „Printers“ and double-click to the „Point and Print Restrictions“ Policy (if you want to setup the policy on a per-user base instead of machine-base, go to the same path, but just in the „User Configuration“ branch).
 +
 
 +
* Enable the policy and set „When installing driver for a new connection“ and „When updating drivers for an existing connection“ each to „Do not show warning or elevation prompt“. You can restrict the policy in that window to prevent the warning just for defined hosts, too, if required..
 +
:[[Image:Point_and_print_restrictions.png]]
 +
 
 +
* Save the changed policy by clicking „OK“ and closing the windows.
 +
 
 +
After the clients have refreshed their policies (per default every 90 minutes, with a random offset of 0 to 30 minutes), the warning won't be shown up any more. The policy refresh can be forced by
 +
 
 +
> gpupdate /force /target:computer
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Enabling new paper sizes (Forms) =
 +
 
 +
Only standard sizes of formulars are included by default. If you require other forms, you have to add them.
 +
 
 +
* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.
 +
 
 +
* Go to \\YourPrintserver and click the „View remote printers“ button
 +
:[[Image:Server_Share_List.png]]
 +
 
 +
* You will see a list of all printers you have shared.
 +
:[[Image:View_remote_printers.png]]
 +
 
 +
* Right-click somewhere in the empty part of the window and choose „Server Properties...“ from  the appearing context menu. The print server forms tab appears.
 +
 
 +
* Check „Create a new form“, and fill the values. In the end click „Save Form“, to save your changes.
 +
:[[Image:Create_new_form.png]]
 +
 
 +
The new added paper sizes will be selectable from all printer dialogs now.

Revision as of 14:40, 2 June 2013

General

Introducion

Samba can't even serve files and act as a AD DC or PDC, but rather work as a print server.

This HowTo will provide you an easy guide to setup Samba to act as a Windows print server including Point'n'Click printer driver installation for users.


Some definitions

  • Printer share: Each printer is shared by a name. During the printing process, the client send the printjob to it.
  • Print server backend. Samba can use e. g. CUPS, LPD/Lprng and other as backend. The print server forwards the job to local or network printers.
  • Windows printer driver: A piece of software, that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values.
  • Point'n'Print: Windows 2000 and later support the abillity to automatically download and install drivers from the server including preconfiguring, when connecting a printer. The installation can be done by ordinary users, without special permissions.
  • Printer forms: Windows is already shipped with an amount of forms, that define the typical paper sizes. If a formular isn't known to the print server, the client could not use this, altought the printer is able to do it.


Driver models

Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 8)

Currently not supported by Samba: Printer driver version 4 (Windows 8)



Print server backend

The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba.

The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver.

We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next.


CUPS

CUPS is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.

Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client.


Adding a new printer

  • On the „Administration“ tab click the „Add Printer“ button.
  • Choose the way, how your printer is connected and enter the appropriate URL. Examples:
# LPD protocol
lpd://hostname/queue

# Internet Printing Protocol
ipp://hostname/ipp/port

# Forwarding the jobs to a Windows print server.
  1. Hint: Vista and higher, don't allow anonymous connects by default, so you must provide a username and password.
smb://username:password@domain/servername/printername 
  • Enter a name for the printer
  • When you reached the step, where to choose the vendor and model, choose „Raw“ for both, because the rendering is already done later by the Windows driver.
  • Save the new added printer.


LPD

This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used LPRng.


Adding a new printer

  • To add a new network printer, you simply need to add the following line to your 'printcap' (typically '/etc/printcap'). For the different options used in the example, see 'man printcap'.
PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name
  • After adding the new printer entry, run the following command to create the LPD spool directory and restart/reload the service, to take the changes affect.
# checkpc -f
# service lpd restart
  • The following command allows you query the state of the printer:
# lpq -P PRINTERNAME
Printer: PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name)
 Queue: no printable jobs in queue
Ready

no entries



Configuring Samba as print server

General

Granting print operator privileges

Users or groups, who should be able to administrate printers on your server, have to be granted the „SePrintOperatorPrivilege“ privilege. It is recommended, to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC.

The following example grants the privilege to the domain group „Domain Admins“:

# net rpc rights grant 'SAMDOM\Domain Admins' SePrintOperatorPrivilege -Uadministrator

Existing privileges you can reviewed by

# net rpc rights list accounts -Uadministrator


Setup the [printers] share

This share defines general information about your printing backend. See the „[printers]“ section in the man page for additional information.

  • Add the new section to your smb.conf
[printers]
     path = /var/spool/samba
     printable = yes
     printing = CUPS|LPRNG|...
  • If you choose CUPS as backend, make sure, that your smbd is compiled with CUPS support:
# smbd -b | grep CUPS
   HAVE_CUPS_CUPS_H
   HAVE_CUPS_LANGUAGE_H
   HAVE_CUPS
   HAVE_LIBCUPS

If you don't get any output, make sure, that the CUPS header files and libraries are installed and recompile Samba with --with-cups.

  • The next step is to create the samba spool directory, defined in the „[printer]“ share. Set the appropriate permissions, depending to your needs.
# mkdir -p /var/spool/samba/
# chmod 1777 /var/spool/samba/


Setup the [print$] share

To enable Point'n'Print support, a share named „print$“ must exist. This share name is hardcoded in Windows clients and can't be choosen.

  • Add the share to your smb.conf
[print$]
     path = /srv/samba/Printer_drivers
     comment = Printer Drivers
     writeable = yes
  • Create the folder, that will contain the drivers later:
# mkdir -p /srv/samba/Printer_drivers
  • Next we create the required directory structure for the print$ share (newer versions of Samba can create it on the fly when uploading):
BASEDIR=/srv/samba/Printer_drivers
for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/{2,3} WIN40 x64; do 
     mkdir -p $BASEDIR/$i;
done
  • At last, set the appropriate permissions, depending to your needs. Example:
# chmod -R 755 /srv/samba/Printer_drivers


Sharing a printer with Samba

  • For each printer you want to share via Samba, you have to create a separate share. The following is an example:
[MyDemoPrinter]
     path = /var/spool/samba/
     browseable = yes
     printable = yes
     printer name = Printername_in_backend
  • Set the „printer name“ parameter to the name of your corresponding CUPS/LPD/... queue.
  • To bring the changes live, reload the Samba configuration:
# smbcontrol all reload-config


Uploading printer drivers for Point'n'Print driver installation

If you have already uploaded the driver for your printer in the past, you can skip this section.

If you have to provide a printer driver for x86 and x64 plattforms, you have to upload them from a x64 machine. A x86 client can only upload x86 drivers, while a x64 client can do both.

It's important, that if you want to provide printing support for multiple plattforms on one printer, that you upload drivers for both, that have exactly the same driver name! Otherwise, the driver for the different plattforms can't be associated.

The following steps are done on Windows7 64-Bit, to allow uploading x86 and x64 bit drivers, which should work for Windows 2000 to Windows 8.

  • Go to \\YourPrintserver and click the „View remote printers“ button
Server Share List.png
  • You will see a list of all printers you have shared.
File:View remote printers.png
  • Right-click somewhere in the empty part of the window and choose „Server Properties...“ from the appearing context menu.
  • Next go to the „Drivers“ tab and click the „Add...“ button. The „Add Printer wizzard will appear.
  • Select the driver architecture you want to upload (upload one by one) and click „Next“.
  • Click the „Have Disk...“ button and browse to the directory containing the driver you want to upload.
  • The wizzard will show you a list of all drivers, the directory you pointed to, contains. Select the appropriate driver for your printer and click „Next“.
File:Printer driver selection.png
  • In the end, the wizzard will copy all required files to the print$ share of your print server.
  • If you want to upload drivers for a different plattform or other devices, repeat the steps.


Associating a shared printer with a driver and preconfiguring

  • Go to \\YourPrintserver and click the „View remote printers“ button.
Server Share List.png
  • You will see a list of all printers you have shared.
File:View remote printers.png
  • You could do the association of the driver with the printer share on Windows or on *nix side:
  • On Windows:
  • Right-click to the shared printer, you would associate a driver with and choose „Properties“.
  • If there's no driver associated with an printer yet, you'll been asked if you want to install the driver now. Answer this question with „No“!
File:Question install driver.png
  • A default printer properties window will appear. Go to the „Advanved“ tab and choose the already uploaded driver from the list, that is suitable for the printer.
File:Choose driver.png
  • Close the windows with „OK“ to associate the driver with the printer.
  • If you do this step on Vista or higher, Windows will ask you, if you trust the server (This can' be suppressed by a GPO. See Setting up a GPO for trusting printer drivers). Choose „Install driver“, if you are seeing this window.
File:Question trust printer.png
  • After associating the driver, Windows renames the printer to the driver name. You can leave that or rename it again. For more clearness, it's better to set the name on Windows side to the one you used in your smb.conf.
  • On *nix:
  • Retrieve a list of all drivers, that are on the print$ share
    # rpcclient localhost -U administrator -c 'enumdrivers'
  • Associate the driver with the printer (The driver name, must be exactly the same, like in the output of the above „enumdrivers“ output):
    # rpcclient localhost -U administrator -c 'setdriver "MyDemoPrinter" "HP Universal Printing PS"'
  • You can review the associations with
    # rpcclient localhost -U administrator -c 'enumprinters'
  • On Windows, now right-click and choose „Properties“ again, to preconfigure the printer.
  • First you should take a look on the tabs on the properties windows. Typically there's a tab called „Device Settings“, „Settings“, „Configuration“ or something like that (depending on the driver). This usually allows you to configure the main printer settings (number of trays, duplex on/off, etc.). Set the values fitting to your device and click the „Apply“ button.
File:Device Settings.png
  • On the „Sharing“ tab, you can check „List in the directory“, to publish the printer in your Active Directory, what makes it easier for users to find.
  • To preconfigure the printers default settings, go to the „Advanced“ tab and click the „Printing defaults...“ button. A new window will appear. It's layout and possibilities differ and depent on the driver. Here you can set the default values, the user will receive, when connecting the printer.
File:Printing defaults.png
  • If you have finished configuring your printer, save all changes with „OK“.

If you had uploaded drivers for multiple architectures to that printer, the settings will be retrieved connecting on the different plattforms - regardless on which they have been set. But as mentioned earlier, this requires, that all drivers for each plattform have the same name (versions can differ).

Now it's time to connect to the printer and print a test page.



Setting up a GPO for trusting printer drivers

To keep the following guide simple, we setup the policy in the „Default Domain Policy“. If you have different requirements, adapt it to your needs.

  • Open the Group Policy Management console.
  • Go to „Forest: your.domain“ / „Domains“ / „your.domain“
  • Right-click „Default Domain Policy“ and choose „Edit“ to open the Group Policy Management Editor.
File:Edit group policy.png
  • Navigate to „Computer Configuration“ / „Policies“ / „Administrative Templates“ / „Printers“ and double-click to the „Point and Print Restrictions“ Policy (if you want to setup the policy on a per-user base instead of machine-base, go to the same path, but just in the „User Configuration“ branch).
  • Enable the policy and set „When installing driver for a new connection“ and „When updating drivers for an existing connection“ each to „Do not show warning or elevation prompt“. You can restrict the policy in that window to prevent the warning just for defined hosts, too, if required..
File:Point and print restrictions.png
  • Save the changed policy by clicking „OK“ and closing the windows.

After the clients have refreshed their policies (per default every 90 minutes, with a random offset of 0 to 30 minutes), the warning won't be shown up any more. The policy refresh can be forced by

> gpupdate /force /target:computer



Enabling new paper sizes (Forms)

Only standard sizes of formulars are included by default. If you require other forms, you have to add them.

  • Go to \\YourPrintserver and click the „View remote printers“ button
Server Share List.png
  • You will see a list of all printers you have shared.
File:View remote printers.png
  • Right-click somewhere in the empty part of the window and choose „Server Properties...“ from the appearing context menu. The print server forms tab appears.
  • Check „Create a new form“, and fill the values. In the end click „Save Form“, to save your changes.
File:Create new form.png

The new added paper sizes will be selectable from all printer dialogs now.