Setting up Samba as a Print Server: Difference between revisions
Mmuehlfeld (talk | contribs) (Moved section "Granting the SePrintOperatorPrivilege Privilege" to this guide) |
Lukebarone (talk | contribs) m (Add actual directions for fix) |
||
(16 intermediate revisions by 4 users not shown) | |||
Line 28: | Line 28: | ||
If no output is displayed: |
If no output is displayed: |
||
* Samba was built using the <code>--disable-cups</code> parameter. |
* Samba was built using the <code>--disable-cups</code> parameter. |
||
* The Samba <code>configure</code> script was unable to locate the required libraries for CUPS support. For details, see [[ |
* The Samba <code>configure</code> script was unable to locate the required libraries for CUPS support. For details, see [[Package Dependencies Required to Build Samba]]. |
||
Line 78: | Line 78: | ||
= Enabling the <code>spoolssd</code> |
= Enabling the <code>spoolssd</code> Service = |
||
''Optional''. On a Samba print server that processes a high number of print jobs, you can enable the <code>spoolssd</code> daemon to increase the Samba performance. Without <code>spoolssd</code>, Samba forks the <code>smbd</code> process for each print job and initializes the printcap cache. In case of a large number of printers, the <code>smbd</code> process can become unresponsive for multiple seconds when initializing the printcap cache. The <code>spoolssd</code> daemon enables you to start pre-forked <code>smbd</code> processes that are processing print jobs without delay. The main <code>spoolssd</code> <code>smbd</code> process uses a low amount of memory, and forks and terminates child processes. |
|||
{{Imbox |
|||
To enable <code>spoolssd</code>: |
|||
| type = warning |
|||
| text = This only applies to Samba version 4.15 and older versions! |
|||
}} |
|||
* Add the following parameters to the <code>[global]</code> section of your <code>smb.conf</code> file: |
|||
The Samba <code>spoolssd</code> is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable <code>spoolssd</code> to increase performance on print servers with a high number of jobs or printers. |
|||
: Without <code>spoolssd</code>, Samba forks the <code>smbd</code> process or each print job and initializes the <code>printcap</code> cache. In case of a large number of printers, the <code>smbd</code> service can become unresponsive for multiple seconds when initializing the cache. The <code>spoolssd</code> service enables you to start pre-forked <code>smbd</code> processes that are processing print jobs without any delay. The main <code>spoolssd</code> <code>smbd</code> process uses a low amount of memory, and forks and terminates child processes |
|||
To enable the <code>spoolssd</code> service: |
|||
* Edit the <code>[global]</code> section in your <code>smb.conf</code> file: |
|||
:* Add the following parameters: |
|||
rpc_server:spoolss = external |
rpc_server:spoolss = external |
||
rpc_daemon:spoolssd = fork |
rpc_daemon:spoolssd = fork |
||
* Optionally, you can set the following parameters |
:* Optionally, you can set the following parameters: |
||
::{| class="wikitable" |
|||
spoolssd:prefork_min_children = 5 # Minimum number of child processes |
|||
!Parameter |
|||
spoolssd:prefork_max_children = 25 # Maximum number of child processes |
|||
!Default |
|||
spoolssd:prefork_spawn_rate = 5 # Fork this number of new child processes, up to the value set in the <code>spoolssd:prefork_max_children</code> parameter, |
|||
!Description |
|||
# if a new connection is established |
|||
|- |
|||
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child process is responsible for |
|||
|spoolssd:prefork_min_children |
|||
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a child process (60 seconds minimum) |
|||
|5 |
|||
|Minimum number of child processes |
|||
: The values used in the previous example are the defaults. |
|||
|- |
|||
|spoolssd:prefork_max_children |
|||
|25 |
|||
|Maximum number of child processes |
|||
|- |
|||
|spoolssd:prefork_spawn_rate |
|||
|5 |
|||
|Samba forks this number of new child processes, up to the value set in <code>spoolssd:prefork_max_children</code>, if a new connection is established |
|||
|- |
|||
|spoolssd:prefork_max_allowed_clients |
|||
|100 |
|||
|Number of clients, a child process serves |
|||
|- |
|||
|spoolssd:prefork_child_min_life |
|||
|60 |
|||
|Minimum lifetime of a child process in seconds. 60 seconds is the minimum. |
|||
|} |
|||
* Restart Samba. |
* Restart Samba. |
||
After the restart, Samba automatically |
After the restart, Samba automatically starts <code>smbd</code> sub-processes: |
||
# ps axf |
# ps axf |
||
... |
... |
||
Line 111: | Line 138: | ||
... |
... |
||
= Tuning rpcd-spoolss = |
|||
{{Imbox |
|||
| type = note |
|||
| text = This applies to Samba 4.16 and newer versions! |
|||
}} |
|||
By default there is no dcerpc service running at all. You need to connect to a service in order to spawn the process. |
|||
If you connect the very first time, then the printers list is not filled up and you need some time till it collects all the information. |
|||
This can be time consuming as we need ~1s to get information for a printer from CUPS. If you have more than 50 printers you need to tune it. |
|||
Make sure that the idle seconds are bigger than the number of printers connected to CUPS! |
|||
[global] |
|||
rpcd_spoolss:idle_seconds=300 |
|||
If it doesn't scale you can increase the number of workers (default=5): |
|||
[global] |
|||
rpcd_spoolss:num_workers = 10 |
|||
= Enabling the Print Server Support in Samba = |
= Enabling the Print Server Support in Samba = |
||
Line 119: | Line 166: | ||
To enable the print server support: |
To enable the print server support: |
||
* |
* Set the printing back end in the <code>printing</code> parameter of the <code>[global]</code> section in your <code>smb.conf</code> file. For example: |
||
printing = CUPS |
|||
* Add the following section to your <code>smb.conf</code>: |
|||
[printers] |
[printers] |
||
path = /var/ |
path = /var/tmp/ |
||
printable = yes |
printable = yes |
||
printing = ''print_server_back_end'' |
|||
* Create the spool directory set in the <code>path</code> parameter: |
|||
# mkdir -p /var/spool/samba/ |
|||
# chmod 1777 /var/spool/samba/ |
|||
* Reload Samba: |
* Reload Samba: |
||
# smbcontrol all reload-config |
# smbcontrol all reload-config |
||
= Sharing a Printer = |
= Sharing a Printer = |
||
Line 170: | Line 210: | ||
[''Samba_printer_name''] |
[''Samba_printer_name''] |
||
path = /var/ |
path = /var/tmp/ |
||
printable = yes |
printable = yes |
||
printer name = ''printer_name_in_the_back_end'' |
printer name = ''printer_name_in_the_back_end'' |
||
Line 179: | Line 219: | ||
# smbcontrol all reload-config |
# smbcontrol all reload-config |
||
= Granting the <code>SePrintOperatorPrivilege</code> Privilege = |
|||
Only users and groups having the <code>SePrintOperatorPrivilege</code> privilege granted can upload and preconfigure printer drivers. |
|||
To grant the privilege to the <code>Domain Admins</code> group, enter: |
|||
# net rpc rights grant "SAMDOM\Domain Admins" SePrintOperatorPrivilege -U "SAMDOM\administrator" |
|||
Enter SAMDOM\administrator's password: |
|||
Successfully granted rights. |
|||
{{Imbox |
|||
| type = note |
|||
| text = It is recommended to grant the privilege to a group instead of individual accounts. This enables you to add and revoke the privilege by updating the group membership. |
|||
}} |
|||
To list all users and groups having the <code>SePrintOperatorPrivilege</code> privilege granted, enter: |
|||
# net rpc rights list privileges SePrintOperatorPrivilege -U "SAMDOM\administrator" |
|||
SePrintOperatorPrivilege: |
|||
BUILTIN\Administrators |
|||
SAMDOM\Domain Admins |
|||
Line 214: | Line 228: | ||
See [[Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients|Setting up Automatic Printer Driver Downloads for Windows Clients]]. |
See [[Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients|Setting up Automatic Printer Driver Downloads for Windows Clients]]. |
||
= Known issues = |
|||
There seems to be an issue with printing after updating Windows 11 to 22H2. Please see [https://winaero.com/windows-11-22h2-users-suffer-from-printing-issues/ this] website for more info. |
|||
The solution is to edit a Group Policy Object at the computer level under Administrative Templates \ Printers \ Configure RPC connection settings. |
|||
* Set this to "Enabled" |
|||
* Protocol to use for outgoing RPC connections: `RPC over named pipes` |
|||
* Use authentication for outgoing RPC connections: `Default` |
|||
If you do not see the settings here, then make sure you either download the Windows 22H2 or later Group Policy Objects from Microsoft's website, or launch the Group Policy Management Console from a computer running Windows 11 22H2 or later. |
|||
---- |
---- |
||
[[Category: |
[[Category:Active Directory]] |
||
[[Category:Domain Members]] |
|||
[[Category:NT4 Domains]] |
|||
[[Category:Printing]] |
[[Category:Printing]] |
||
[[Category:Standalone Server]] |
Latest revision as of 21:30, 25 July 2023
Introduction
If you set up Samba as a print server, clients in your network are able to send print jobs to the Samba host using the server message block (SMB) protocol. The examples shown in this documentation use a raw printer in the back end. This configuration requires that the print job is formatted by a driver on the client and thus can be processed by the printer without further processing or filtering.
Supported Print Server Back Ends
Samba supports the multiple print server back ends, such as CUPS and LPRng. For a complete list, see the printing
parameter in the smb.conf(5)
man page.
You must set up the printer server back end locally on the Samba host. Samba cannot forward print jobs to a remote host. However, you can configure the local printer server back end to forward the job to a remote print server. |
For details how to set up the back end, see the print server's documentation.
Samba CUPS
or IPRINT
Back End Support
When using the CUPS
or IPRINT
print server back end, Samba must have been built with CUPS support enabled. To verify, enter:
# smbd -b | grep "HAVE_CUPS" HAVE_CUPS
If no output is displayed:
- Samba was built using the
--disable-cups
parameter. - The Samba
configure
script was unable to locate the required libraries for CUPS support. For details, see Package Dependencies Required to Build Samba.
Adding a printer to the Print Server Back End
CUPS
To add a raw printer to an CUPS print server:
- Open the CUPS admin web interface in your browser. For example, https://servername:631/admin
- Select the
Administration
tab and clickAdd Printer
.
- Select the connection type and enter the corresponding URL to the printer's queue or to the remote print server queue. For example:
- LPD-based printers:
lpd://printer_name/queue
- IPP (Internet Printing Protocol)-based printers:
ipp://printer_name/ipp/port
- SMB (Server Message Block)-based printers:
smb://username:password@domain/windows_print_server_host_name/printer_name
- Note that forwarding a job to a print server running Windows Vista or newer, or Windows Server 2008 or newer requires authentication.
- LPD-based printers:
- Enter a name for the printer. This name is used in the
smb.conf
when sharing the printer using Samba.
- Select the
Raw
printer vendor and model.
- Save the settings.
LPRng
To add a raw printer to a LPRng print server:
- Add the following line to the
/etc/printcap
file:
printer_name:sd=/var/spool/lpd/printer_name/:sh:mx=0:mc=0:rm=Printer_DNS_name_or_IP_address
- The printer name is used in the smb.conf when sharing the printer using Samba.
- For further details about the options used, see the
printcap(5)
man page.
- To create the spool directory, enter:
# checkpc -f
- Restart the LPRng service.
Enabling the spoolssd
Service
This only applies to Samba version 4.15 and older versions! |
The Samba spoolssd
is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable spoolssd
to increase performance on print servers with a high number of jobs or printers.
- Without
spoolssd
, Samba forks thesmbd
process or each print job and initializes theprintcap
cache. In case of a large number of printers, thesmbd
service can become unresponsive for multiple seconds when initializing the cache. Thespoolssd
service enables you to start pre-forkedsmbd
processes that are processing print jobs without any delay. The mainspoolssd
smbd
process uses a low amount of memory, and forks and terminates child processes
To enable the spoolssd
service:
- Edit the
[global]
section in yoursmb.conf
file:
- Add the following parameters:
rpc_server:spoolss = external rpc_daemon:spoolssd = fork
- Optionally, you can set the following parameters:
Parameter Default Description spoolssd:prefork_min_children 5 Minimum number of child processes spoolssd:prefork_max_children 25 Maximum number of child processes spoolssd:prefork_spawn_rate 5 Samba forks this number of new child processes, up to the value set in spoolssd:prefork_max_children
, if a new connection is establishedspoolssd:prefork_max_allowed_clients 100 Number of clients, a child process serves spoolssd:prefork_child_min_life 60 Minimum lifetime of a child process in seconds. 60 seconds is the minimum.
- Restart Samba.
After the restart, Samba automatically starts smbd
sub-processes:
# ps axf ... 30903 smbd 30912 \_ smbd 30913 \_ smbd 30914 \_ smbd 30915 \_ smbd ...
Tuning rpcd-spoolss
This applies to Samba 4.16 and newer versions! |
By default there is no dcerpc service running at all. You need to connect to a service in order to spawn the process.
If you connect the very first time, then the printers list is not filled up and you need some time till it collects all the information.
This can be time consuming as we need ~1s to get information for a printer from CUPS. If you have more than 50 printers you need to tune it.
Make sure that the idle seconds are bigger than the number of printers connected to CUPS!
[global] rpcd_spoolss:idle_seconds=300
If it doesn't scale you can increase the number of workers (default=5):
[global] rpcd_spoolss:num_workers = 10
Enabling the Print Server Support in Samba
To enable the print server support:
- Set the printing back end in the
printing
parameter of the[global]
section in yoursmb.conf
file. For example:
printing = CUPS
- Add the following section to your
smb.conf
:
[printers] path = /var/tmp/ printable = yes
- Reload Samba:
# smbcontrol all reload-config
Sharing a Printer
Automatic Sharing of All Printers Configured in the Print Server Back End
Using the default setting, all printers configured in the print server back end are automatically shared.
Disabling the Automatic Printer Sharing
To disable the automatic printer sharing:
- Add the following parameter to the
[global]
section of yoursmb.conf
file:
load printers = no
- Reload Samba:
# smbcontrol all reload-config
Manual Sharing of Printers
To manually share a printer:
- Verify that the automatic printer sharing is disabled. See Disabling the Automatic Printer Sharing.
- Add the share for the printer to your
smb.conf
file:
[Samba_printer_name] path = /var/tmp/ printable = yes printer name = printer_name_in_the_back_end
- Set the
printer name
parameter to the name of the printer used in the local print server back end.
- Reload Samba:
# smbcontrol all reload-config
Setting up Automatic Printer Driver Download for Windows Clients
See Setting up Automatic Printer Driver Downloads for Windows Clients.
Known issues
There seems to be an issue with printing after updating Windows 11 to 22H2. Please see this website for more info.
The solution is to edit a Group Policy Object at the computer level under Administrative Templates \ Printers \ Configure RPC connection settings.
- Set this to "Enabled"
- Protocol to use for outgoing RPC connections: `RPC over named pipes`
- Use authentication for outgoing RPC connections: `Default`
If you do not see the settings here, then make sure you either download the Windows 22H2 or later Group Policy Objects from Microsoft's website, or launch the Group Policy Management Console from a computer running Windows 11 22H2 or later.