Setting up Samba as a Print Server: Difference between revisions

From SambaWiki
m (Small corrections)
m (Add actual directions for fix)
 
(44 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= General =
= Introduction =


If you set up Samba as a print server, clients in your network are able to send print jobs to the Samba host using the server message block (SMB) protocol. The examples shown in this documentation use a raw printer in the back end. This configuration requires that the print job is formatted by a driver on the client and thus can be processed by the printer without further processing or filtering.
== Introduction ==


This HowTo will provide you an easy guide to setup Samba to act as a Windows print server including Point'n'Click printer driver installation for users.


'''This HowTo is valid for Samba 3 and 4 print server installations.'''




= Supported Print Server Back Ends =


Samba supports the multiple print server back ends, such as [https://www.cups.org/ CUPS] and [http://www.lprng.com/ LPRng]. For a complete list, see the <code>printing</code> parameter in the <code>smb.conf(5)</code> man page.
== Some definitions ==


{{Imbox
; Printer share : Each printer is shared by a name. During the printing process, the client sends the printjob to it.
| type = note
| text = You must set up the printer server back end locally on the Samba host. Samba cannot forward print jobs to a remote host. However, you can configure the local printer server back end to forward the job to a remote print server.
}}


For details how to set up the back end, see the print server's documentation.
; Print server backend : Samba can use e. g. CUPS, LPD/Lprng and other as backend. The print server forwards the job to local or network printers.


; Windows printer driver : A piece of software, that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values.

; Point'n'Print : Windows 2000 and later support the abillity to automatically download and install drivers from the server including preconfiguring, when connecting a printer. The installation can be done by ordinary users, without special permissions.

; Printer forms : Windows is already shipped with an amount of forms, that define the typical paper sizes. If a formular isn't known to the print server, the client could not use this, altought the printer is able to do it.



== Driver models ==

Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 8)

Currently not supported by Samba: [http://msdn.microsoft.com/en-us/library/windows/hardware/hh706306%28v=vs.85%29.aspx Printer driver version 4] (Windows 8)




== Samba <code>CUPS</code> or <code>IPRINT</code> Back End Support ==


When using the <code>CUPS</code> or <code>IPRINT</code> print server back end, Samba must have been built with CUPS support enabled. To verify, enter:


# smbd -b | grep "HAVE_CUPS"
HAVE_CUPS


If no output is displayed:
= Print server backend =
* Samba was built using the <code>--disable-cups</code> parameter.
* The Samba <code>configure</code> script was unable to locate the required libraries for CUPS support. For details, see [[Package Dependencies Required to Build Samba]].


The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba.


The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver.


We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next.




= Adding a printer to the Print Server Back End =


== CUPS ==
== CUPS ==


To add a raw printer to an CUPS print server:
[http://www.cups.org CUPS] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.


* Open the CUPS admin web interface in your browser. For example, <nowiki>https://servername:631/admin</nowiki>
Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client.


* Select the <code>Administration</code> tab and click <code>Add Printer</code>.


* Select the connection type and enter the corresponding URL to the printer's queue or to the remote print server queue. For example:
:* LPD-based printers: <code>lpd://''printer_name''/''queue''</code>
:* IPP (Internet Printing Protocol)-based printers: <code>ipp://''printer_name''/ipp/port</code>
:* SMB (Server Message Block)-based printers: <code>smb://''username'':''password''@''domain''/''windows_print_server_host_name''/''printer_name''</code>
:: Note that forwarding a job to a print server running Windows Vista or newer, or Windows Server 2008 or newer requires authentication.


* Enter a name for the printer. This name is used in the <code>smb.conf</code> when sharing the printer using Samba.
=== Adding a new printer ===


* Select the <code>Raw</code> printer vendor and model.
* Open the CUPS admin webfrontend (https://servername:631/admin).


* Save the settings.
* On the „Administration“ tab click the „Add Printer“ button.


* Choose the way, how your printer is connected and enter the appropriate URL. Examples:
# LPD protocol
lpd://hostname/queue
# Internet Printing Protocol
ipp://hostname/ipp/port
# Forwarding the jobs to a Windows print server.
# Hint: Vista and higher, don't allow anonymous connects by default, so you must provide a username and password.
smb://username:password@domain/servername/printername


* Enter a name for the printer


== LPRng ==
* When you reached the step, where to choose the vendor and model, choose „Raw“ for both, because the rendering is already done later by the Windows driver.


* Save the new added printer.
To add a raw printer to a LPRng print server:


* Add the following line to the <code>/etc/printcap</code> file:


''printer_name'':sd=/var/spool/lpd/''printer_name''/:sh:mx=0:mc=0:rm=''Printer_DNS_name_or_IP_address''
: The printer name is used in the smb.conf when sharing the printer using Samba.
: For further details about the options used, see the <code>printcap(5)</code> man page.


* To create the spool directory, enter:
== LPD ==

This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used [http://www.lprng.org/ LPRng].



=== Adding a new printer ===

* To add a new network printer, you simply need to add the following line to your 'printcap' (typically '/etc/printcap'). For the different options used in the example, see 'man printcap'.

PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name

* After adding the new printer entry, run the following command to create the LPD spool directory and restart/reload the service, to take the changes affect.


# checkpc -f
# checkpc -f
# service lpd restart


* Restart the LPRng service.
* The following command allows you query the state of the printer:


# lpq -P PRINTERNAME
Printer: PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name)
Queue: no printable jobs in queue
Ready
no entries








= Enabling the <code>spoolssd</code> Service =


= Configuring Samba as print server =


{{Imbox
== General ==
| type = warning
| text = This only applies to Samba version 4.15 and older versions!
}}


=== Enabling spoolssd (optional) ===


The Samba <code>spoolssd</code> is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable <code>spoolssd</code> to increase performance on print servers with a high number of jobs or printers.
''Note: Some features of spoolssd were broken before 4.0.17 and 4.1.7. That's why it is recommended to use at least this versions!''
: Without <code>spoolssd</code>, Samba forks the <code>smbd</code> process or each print job and initializes the <code>printcap</code> cache. In case of a large number of printers, the <code>smbd</code> service can become unresponsive for multiple seconds when initializing the cache. The <code>spoolssd</code> service enables you to start pre-forked <code>smbd</code> processes that are processing print jobs without any delay. The main <code>spoolssd</code> <code>smbd</code> process uses a low amount of memory, and forks and terminates child processes


To enable the <code>spoolssd</code> service:
spoolssd is a feature, introduced in Samba 4.0, that increases the performance in printing affairs. In the past, when a print job came in, a smbd child process was forked, that initializes the printcap cache, spoolss, etc. If you are having a huge printcap cache and it needs to be updated first, the client could hang for several seconds.


* Edit the <code>[global]</code> section in your <code>smb.conf</code> file:
Since Samba 4, you can configure, that spoolssd is started as forked processes. If enabled, you'll see additional smbd processes, which will handle only spoolss requests. The master process is a simple daemon with a small memory footprint, that only forks and kills childs serving the spoolss pipe. When a connection comes in, it can directly start to talk to the daemon and e. g. ask any information about the printer without any delay, what causes a performance improvement.


To enable spoolssd, add the following to the [global] section of your smb.conf:
:* Add the following parameters:


rpc_server:spoolss = external
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
rpc_daemon:spoolssd = fork


:* Optionally, you can set the following parameters:
After you have restarted Samba, you will discover additional smbd processes, that handle spoolss requests:
::{| class="wikitable"
!Parameter
!Default
!Description
|-
|spoolssd:prefork_min_children
|5
|Minimum number of child processes
|-
|spoolssd:prefork_max_children
|25
|Maximum number of child processes
|-
|spoolssd:prefork_spawn_rate
|5
|Samba forks this number of new child processes, up to the value set in <code>spoolssd:prefork_max_children</code>, if a new connection is established
|-
|spoolssd:prefork_max_allowed_clients
|100
|Number of clients, a child process serves
|-
|spoolssd:prefork_child_min_life
|60
|Minimum lifetime of a child process in seconds. 60 seconds is the minimum.
|}


* Restart Samba.
With spoolssd enabled after startup: With spoolssd disabled (default):

30903 smbd 30955 smbd
After the restart, Samba automatically starts <code>smbd</code> sub-processes:
30912 \_ smbd 30963 \_ smbd
# ps axf
...
30903 smbd
30912 \_ smbd
30913 \_ smbd
30913 \_ smbd
30914 \_ smbd
30914 \_ smbd
30915 \_ smbd
30915 \_ smbd
...
30916 \_ smbd
30917 \_ smbd
30918 \_ smbd
30920 \_ smbd
30921 \_ smbd
30922 \_ smbd
30923 \_ smbd
30924 \_ smbd


= Tuning rpcd-spoolss =
You can adjust the daemons behavior through the following parameters (the values in the examples are the defaults):


{{Imbox
spoolssd:prefork_min_children = 5 # Minimum number of child processes
| type = note
spoolssd:prefork_max_children = 25 # Maximum number of child processes
| text = This applies to Samba 4.16 and newer versions!
spoolssd:prefork_spawn_rate = 5 # Start (fork) x new childs if one connection comes in (up to prefork_max_children)
}}
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child process should be responsible for
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a child process (60 seconds
# is the minimum, even a lower value has been configured)


spoolssd is still a new feature. If you may encounter any bug, please report it at [https://bugzilla.samba.org/ https://bugzilla.samba.org/], to get it fixed soon.


By default there is no dcerpc service running at all. You need to connect to a service in order to spawn the process.


If you connect the very first time, then the printers list is not filled up and you need some time till it collects all the information.


This can be time consuming as we need ~1s to get information for a printer from CUPS. If you have more than 50 printers you need to tune it.
=== Granting print operator privileges ===


Make sure that the idle seconds are bigger than the number of printers connected to CUPS!
Users or groups, who should be able to administrate printers on your server, have to be granted the „SePrintOperatorPrivilege“ privilege. This is required on member servers, as they have their own, local SAM database. It is recommended, to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC.


[global]
The following example grants the privilege to the domain group „Domain Admins“:
rpcd_spoolss:idle_seconds=300


If it doesn't scale you can increase the number of workers (default=5):
# net rpc rights grant 'SAMDOM\Domain Admins' SePrintOperatorPrivilege -Uadministrator


[global]
Existing privileges you can reviewed by
rpcd_spoolss:num_workers = 10


= Enabling the Print Server Support in Samba =
# net rpc rights list accounts -Uadministrator


To enable the print server support:


* Set the printing back end in the <code>printing</code> parameter of the <code>[global]</code> section in your <code>smb.conf</code> file. For example:
printing = CUPS


* Add the following section to your <code>smb.conf</code>:
=== Setup the [printers] share ===


This share defines general information about your printing backend. See the „[printers]“ section in the man page for additional information.

* Add the new section to your smb.conf
[printers]
[printers]
path = /var/spool/samba
path = /var/tmp/
printable = yes
printable = yes
printing = CUPS|LPRNG|...


* Reload Samba:
* If you choose CUPS as backend, make sure, that your smbd is compiled with CUPS support:
# smbd -b | grep CUPS
HAVE_CUPS_CUPS_H
HAVE_CUPS_LANGUAGE_H
HAVE_CUPS
HAVE_LIBCUPS
If you don't get any output, make sure, that the CUPS header files and libraries are installed and recompile Samba with --with-cups.


# smbcontrol all reload-config
* The next step is to create the samba spool directory, defined in the „[printer]“ share. Set the appropriate permissions, depending to your needs.


= Sharing a Printer =
# mkdir -p /var/spool/samba/
# chmod 1777 /var/spool/samba/


== Automatic Sharing of All Printers Configured in the Print Server Back End ==


Using the default setting, all printers configured in the print server back end are automatically shared.


=== Setup the [print$] share ===


To enable Point'n'Print support, a share named „print$“ must exist. This share name is hardcoded in Windows clients and can't be choosen.


=== Disabling the Automatic Printer Sharing ===
* Add the share to your smb.conf


To disable the automatic printer sharing:
[print$]
path = /srv/samba/Printer_drivers
comment = Printer Drivers
writeable = yes


* Add the following parameter to the <code>[global]</code> section of your <code>smb.conf</code> file:
* Create the folder, that will contain the drivers later:


load printers = no
# mkdir -p /srv/samba/Printer_drivers/


* Reload Samba:
* Next we create the required directory structure for the print$ share (newer versions of Samba will create it on the fly):


# smbcontrol all reload-config
BASEDIR=/srv/samba/Printer_drivers
for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/{2,3} WIN40 x64; do
mkdir -p $BASEDIR/$i;
done


* At last, set the permissions. It is recommended that normal users have just read-only access to the share, while the group you have [[Samba_as_a_print_server#Granting_print_operator_privileges|granted print operator privileges]] to, has write permissions to upload printer drivers. The following examples are granting write permissions to the „Domain Admins“ group.


: Example for Samba 3.x:
# chgrp -R „SAMDOM\Domain Admins“ /srv/samba/Printer_drivers/
# chmod -R 2755 /srv/samba/Printer_drivers/


== Manual Sharing of Printers ==
:If you're running Samba 4.x, you can set the ACLs on the print$ share, throught Windows. Your benefit would be, that you can use the full Windows ACLs. Have a look at the [[Setup_and_configure_file_shares#Change_permissions_on_folder_of_a_share|Setup and configure file shares]] HowTo. It describes detailed the process, how to set permissions. The suggested filesystem permissions for the print$ share are:
:* Creator Owner: Full control (Subfolders and files only)
:* Authenticated Users: Read & execute, List folder contents, Read (This folder, subfolders and files)
:* System: Full control (This folder, subfolders and files)
:* Domain Admins: Full control (This folder, subfolders and files)


To manually share a printer:


* Verify that the automatic printer sharing is disabled. See [[#Disabling_the_Automatic_Printer_Sharing|Disabling the Automatic Printer Sharing]].
== Sharing a printer with Samba ==


* Add the share for the printer to your <code>smb.conf</code> file:
* For each printer you want to share via Samba, you have to create a separate share (unless you have "load printers = yes" defined in your smb.conf). The following is an example:


[''Samba_printer_name'']
[MyDemoPrinter]
path = /var/spool/samba/
path = /var/tmp/
browseable = yes
printable = yes
printer name = ''printer_name_in_the_back_end''
printable = yes
printer name = Printername_in_backend


* Set the „printer name“ parameter to the name of your corresponding CUPS/LPD/... queue.
: Set the <code>printer name</code> parameter to the name of the printer used in the local print server back end.


* Reload Samba:
* To bring the changes live, reload the Samba configuration:


# smbcontrol all reload-config
# smbcontrol all reload-config
Line 246: Line 222:




== Uploading printer drivers for Point'n'Print driver installation==

If you have already uploaded the driver for your printer in the past, you can skip this section.

<u>Important notes:</u>

* If you want to provide Point'n'Print support for drivers, used on different architectures (typically 32-bit and 64-Bit Windows), you have to upload a driver with the same name for all that architectures! This is the only way to define the default printer settings just once on a platform of your choice. And when the driver is sent to a host with a different architecture, these default values are used as well. But this requires, that the driver name is exactly the same for each platform. E. g. „HP Universal Printing PS“ for x86 and „HP Universal Printing PS (v5.5.0)“ for x64 would't match, as they are different! Choose exactly the same driver for all platforms, you want to support.

* Drivers for x64, can only be uploaded from a x64 Windows! Drivers for the x86 architecture can be uploaded from 32- and 64-bit Windows.


The following steps are done on Windows7 64-bit, because 64-bit Windows allows uploading drivers for x86 and x64:

* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.

* Go to \\YourPrintserver and click the „View remote printers“ button
:[[Image:Server_Share_List.png]]

* You will see a list of all printers you have shared.
: [[Image:View_remote_printers.png]]

* Right-click somewhere in the empty part of the window and choose „Server Properties...“ from the appearing context menu.

* Next go to the „Drivers“ tab and click the „Add...“ button. The „Add Printer wizzard will appear.

* Select the driver architecture you want to upload (upload one by one) and click „Next“.

* Click the „Have Disk...“ button and browse to the directory containing the driver you want to upload.

* The wizzard will show you a list of all drivers, the directory you pointed to, contains. Select the appropriate driver for your printer and click „Next“.
:Remember: If you upload drivers for additional architectures for one printer, they need all to have exactly the same name! Otherwise the driver can't be associated and used with different platforms!
:[[Image:Printer_driver_selection.png]]

* In the end, the wizzard will copy all required files to the print$ share of your print server.

* If you want to upload drivers for a different plattform or other devices, repeat the steps.



== Associating a shared printer with a driver and preconfiguring==

* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.

* Go to \\YourPrintserver and click the „View remote printers“ button.
:[[Image:Server_Share_List.png]]

* You will see a list of all printers you have shared.
:[[Image:View_remote_printers.png]]

* You could do the association of the driver with the printer share on Windows or on *nix side:

:* On Windows:

::* Right-click to the shared printer, you would associate a driver with and choose „Properties“.

::* If there's no driver associated with an printer yet, you'll been asked if you want to install the driver now. Answer this question with „No“!
:::[[Image:Question_install_driver.png]]

::* A default printer properties window will appear. Go to the „Advanved“ tab and choose the already uploaded driver from the list, that is suitable for the printer.
:::[[Samba_as_a_print_server#An_uploaded_driver_is_not_shown_in_the_list.2C_when_trying_to_associate_it_with_a_printer|FAQ: An uploaded driver is not shown in the list, when trying to associate it with a printer]].
:::[[Image:Choose_driver.png]]

::* Close the windows with „OK“ to associate the driver with the printer.

::* If you do this step on Vista or higher, Windows will ask you, if you trust the server (This can be suppressed by a GPO. See [[#Setting_up_a_GPO_for_trusting_printer_drivers|Setting up a GPO for trusting printer drivers]]). Choose „Install driver“, if you are seeing this window.
:::[[Image:Question_trust_printer.png]]

::* After associating the driver, Windows renames the printer to the driver name. You can leave that or rename it again. For more clearness, it's better to set the name on Windows side to the one you used in your smb.conf.

:* On *nix:

::* Retrieve a list of all drivers, that are on the print$ share <pre># rpcclient localhost -U administrator -c 'enumdrivers'</pre>

::* Associate the driver with the printer (The driver name, must be exactly the same, like in the output of the above „enumdrivers“ output): <pre># rpcclient localhost -U administrator -c 'setdriver "MyDemoPrinter" "HP Universal Printing PS"'</pre>

::* You can review the associations with <pre># rpcclient localhost -U administrator -c 'enumprinters'</pre>

* On Windows, now right-click and choose „Properties“ again, to preconfigure the printer.

* First you should take a look on the tabs on the properties windows. Typically there's a tab called „Device Settings“, „Settings“, „Configuration“ or something like that (depending on the driver). This usually allows you to configure the main printer settings (number of trays, duplex on/off, etc.). Set the values fitting to your device and click the „Apply“ button.
:[[Image:Device_Settings.png]]

* On the „Sharing“ tab, you can check „List in the directory“, to publish the printer in your Active Directory, what makes it easier for users to find.

* To preconfigure the printers default settings, go to the „Advanced“ tab and click the „Printing defaults...“ button. A new window will appear. It's layout and possibilities differ and depent on the driver. Here you can set the default values, the user will receive, when connecting the printer.
:[[Image:Printing_defaults.png]]

* If you have finished configuring your printer, save all changes with „OK“.

If you had uploaded drivers for multiple architectures to that printer, the settings will be retrieved connecting on the different plattforms - regardless on which they have been set. But as mentioned earlier, this requires, that all drivers for each plattform have the same name (versions can differ).

Now it's time to connect to the printer and print a test page.





= Setting up a GPO for trusting printer drivers =

To keep the following guide simple, we setup the policy in the „Default Domain Policy“. If you have different requirements, adapt it to your needs.

* Open the Group Policy Management console.

* Go to „Forest: your.domain“ / „Domains“ / „your.domain“

* Right-click „Default Domain Policy“ and choose „Edit“ to open the Group Policy Management Editor.
:[[Image:Edit_group_policy.png]]

* Navigate to „Computer Configuration“ / „Policies“ / „Administrative Templates“ / „Printers“ and double-click to the „Point and Print Restrictions“ Policy (if you want to setup the policy on a per-user base instead of machine-base, go to the same path, but just in the „User Configuration“ branch).

* Enable the policy and set „When installing driver for a new connection“ and „When updating drivers for an existing connection“ each to „Do not show warning or elevation prompt“. You can restrict the policy in that window to prevent the warning just for defined hosts, too, if required..
:[[Image:Point_and_print_restrictions.png]]

* Save the changed policy by clicking „OK“ and closing the windows.

After the clients have refreshed their policies (per default every 90 minutes, with a random offset of 0 to 30 minutes), the warning won't be shown up any more. The policy refresh can be forced by

> gpupdate /force /target:computer





= Enabling new paper sizes (Forms) =

Only standard sizes of formulars are included by default. If you require other forms, you have to add them.

* Logon with an account, that has [[#Granting_print_operator_privileges|granted print operator privileges]] to.

* Go to \\YourPrintserver and click the „View remote printers“ button
:[[Image:Server_Share_List.png]]

* You will see a list of all printers you have shared.
:[[Image:View_remote_printers.png]]

* Right-click somewhere in the empty part of the window and choose „Server Properties...“ from the appearing context menu. The print server forms tab appears.

* Check „Create a new form“, and fill the values. In the end click „Save Form“, to save your changes.
:[[Image:Create_new_form.png]]

The new added paper sizes will be selectable from all printer dialogs now.





= FAQ =

== An uploaded driver is not shown in the list, when trying to associate it with a printer ==

Windows clients only permit associating a driver with a printer, when the uploaded driver matches the architecture reported by the spoolss server. Samba reports "Windows NT x86" by default.


This causes, that when you had uploaded just a 64-bit driver, you won't see it in the list, when you try to associate it with the printer it's „advanced“ tab.


= Setting up Automatic Printer Driver Download for Windows Clients =
There are three ways to workaround:


See [[Setting_up_Automatic_Printer_Driver_Downloads_for_Windows_Clients|Setting up Automatic Printer Driver Downloads for Windows Clients]].
* Set the following (undocumented) parameter in your <tt>[global]</tt> section of your smb.conf, to make spoolss announce itself as x64 architecture:
spoolss: architecture = Windows x64


= Known issues =
* Assign the driver with <tt>rpcclient</tt>.


There seems to be an issue with printing after updating Windows 11 to 22H2. Please see [https://winaero.com/windows-11-22h2-users-suffer-from-printing-issues/ this] website for more info.
* Additionally upload a x86 version of the driver with exactly the same name.


The solution is to edit a Group Policy Object at the computer level under Administrative Templates \ Printers \ Configure RPC connection settings.


* Set this to "Enabled"
* Protocol to use for outgoing RPC connections: `RPC over named pipes`
* Use authentication for outgoing RPC connections: `Default`


If you do not see the settings here, then make sure you either download the Windows 22H2 or later Group Policy Objects from Microsoft's website, or launch the Group Policy Management Console from a computer running Windows 11 22H2 or later.
== Point'n' Print doesn't deliver the drivers on all architectures ==


----
Make sure that you have uploaded exactly the same driver for that printer for all architectures. E. g. „HP Universal Printing PS“ for x86 and „HP Universal Printing PS (v5.5.0)“ for x64 wouldn't match, even if they are shipped in the same driver package!
[[Category:Active Directory]]
[[Category:Domain Members]]
[[Category:NT4 Domains]]
[[Category:Printing]]
[[Category:Standalone Server]]

Latest revision as of 21:30, 25 July 2023

Introduction

If you set up Samba as a print server, clients in your network are able to send print jobs to the Samba host using the server message block (SMB) protocol. The examples shown in this documentation use a raw printer in the back end. This configuration requires that the print job is formatted by a driver on the client and thus can be processed by the printer without further processing or filtering.



Supported Print Server Back Ends

Samba supports the multiple print server back ends, such as CUPS and LPRng. For a complete list, see the printing parameter in the smb.conf(5) man page.

For details how to set up the back end, see the print server's documentation.


Samba CUPS or IPRINT Back End Support

When using the CUPS or IPRINT print server back end, Samba must have been built with CUPS support enabled. To verify, enter:

# smbd -b | grep "HAVE_CUPS"
   HAVE_CUPS

If no output is displayed:



Adding a printer to the Print Server Back End

CUPS

To add a raw printer to an CUPS print server:

  • Open the CUPS admin web interface in your browser. For example, https://servername:631/admin
  • Select the Administration tab and click Add Printer.
  • Select the connection type and enter the corresponding URL to the printer's queue or to the remote print server queue. For example:
  • LPD-based printers: lpd://printer_name/queue
  • IPP (Internet Printing Protocol)-based printers: ipp://printer_name/ipp/port
  • SMB (Server Message Block)-based printers: smb://username:password@domain/windows_print_server_host_name/printer_name
Note that forwarding a job to a print server running Windows Vista or newer, or Windows Server 2008 or newer requires authentication.
  • Enter a name for the printer. This name is used in the smb.conf when sharing the printer using Samba.
  • Select the Raw printer vendor and model.
  • Save the settings.


LPRng

To add a raw printer to a LPRng print server:

  • Add the following line to the /etc/printcap file:
printer_name:sd=/var/spool/lpd/printer_name/:sh:mx=0:mc=0:rm=Printer_DNS_name_or_IP_address
The printer name is used in the smb.conf when sharing the printer using Samba.
For further details about the options used, see the printcap(5) man page.
  • To create the spool directory, enter:
# checkpc -f
  • Restart the LPRng service.



Enabling the spoolssd Service


The Samba spoolssd is a service that is integrated into the smbd service. If you configured Samba as a print server, you can additionally enable spoolssd to increase performance on print servers with a high number of jobs or printers.

Without spoolssd, Samba forks the smbd process or each print job and initializes the printcap cache. In case of a large number of printers, the smbd service can become unresponsive for multiple seconds when initializing the cache. The spoolssd service enables you to start pre-forked smbd processes that are processing print jobs without any delay. The main spoolssd smbd process uses a low amount of memory, and forks and terminates child processes

To enable the spoolssd service:

  • Edit the [global] section in your smb.conf file:
  • Add the following parameters:
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
  • Optionally, you can set the following parameters:
Parameter Default Description
spoolssd:prefork_min_children 5 Minimum number of child processes
spoolssd:prefork_max_children 25 Maximum number of child processes
spoolssd:prefork_spawn_rate 5 Samba forks this number of new child processes, up to the value set in spoolssd:prefork_max_children, if a new connection is established
spoolssd:prefork_max_allowed_clients 100 Number of clients, a child process serves
spoolssd:prefork_child_min_life 60 Minimum lifetime of a child process in seconds. 60 seconds is the minimum.
  • Restart Samba.

After the restart, Samba automatically starts smbd sub-processes:

# ps axf
...
30903 smbd
30912  \_ smbd
30913      \_ smbd
30914      \_ smbd
30915      \_ smbd
...

Tuning rpcd-spoolss


By default there is no dcerpc service running at all. You need to connect to a service in order to spawn the process.

If you connect the very first time, then the printers list is not filled up and you need some time till it collects all the information.

This can be time consuming as we need ~1s to get information for a printer from CUPS. If you have more than 50 printers you need to tune it.

Make sure that the idle seconds are bigger than the number of printers connected to CUPS!

 [global]
   rpcd_spoolss:idle_seconds=300

If it doesn't scale you can increase the number of workers (default=5):

 [global]
   rpcd_spoolss:num_workers = 10

Enabling the Print Server Support in Samba

To enable the print server support:

  • Set the printing back end in the printing parameter of the [global] section in your smb.conf file. For example:
printing = CUPS
  • Add the following section to your smb.conf:
[printers]
       path = /var/tmp/
       printable = yes
  • Reload Samba:
# smbcontrol all reload-config

Sharing a Printer

Automatic Sharing of All Printers Configured in the Print Server Back End

Using the default setting, all printers configured in the print server back end are automatically shared.


Disabling the Automatic Printer Sharing

To disable the automatic printer sharing:

  • Add the following parameter to the [global] section of your smb.conf file:
load printers = no
  • Reload Samba:
# smbcontrol all reload-config


Manual Sharing of Printers

To manually share a printer:

  • Add the share for the printer to your smb.conf file:
[Samba_printer_name]
       path = /var/tmp/
       printable = yes
       printer name = printer_name_in_the_back_end
Set the printer name parameter to the name of the printer used in the local print server back end.
  • Reload Samba:
# smbcontrol all reload-config



Setting up Automatic Printer Driver Download for Windows Clients

See Setting up Automatic Printer Driver Downloads for Windows Clients.

Known issues

There seems to be an issue with printing after updating Windows 11 to 22H2. Please see this website for more info.

The solution is to edit a Group Policy Object at the computer level under Administrative Templates \ Printers \ Configure RPC connection settings.

  • Set this to "Enabled"
  • Protocol to use for outgoing RPC connections: `RPC over named pipes`
  • Use authentication for outgoing RPC connections: `Default`

If you do not see the settings here, then make sure you either download the Windows 22H2 or later Group Policy Objects from Microsoft's website, or launch the Group Policy Management Console from a computer running Windows 11 22H2 or later.