Setting up Samba as a Print Server: Difference between revisions

From SambaWiki
mNo edit summary
(Major edit with restructuring page. Point'n'print stuff was moved to the point'n'print page.)
Line 1: Line 1:
= General =
= Introduction =


A print server accepts print jobs from network computers, queues them locally and send them to the appropriate printers. Beside domain and file service capabilities, Samba can act as a MS Windows compatible print server as well. While Samba provides the interface to Windows/SMB machines, CUPS or LDP is used by Samba to send print jobs to the devices.
== Introduction ==


In the following, we give an overview about Sambas supported backends, including how to add new network printer to them. The examples setup a RAW printer (content is send unmodified to the device). We don't use filters or drivers on the backend, because a RAW printer allows the rendering of the output to be done on the workstation by the printer vendors specific driver. In the latter the printer will be shared by Samba to provide the service to the network. If you're also interested in automatic printer driver deployment via Point'n'Print, see the corresponding [[Configuring_Point'n'Print_automatic_printer_driver_deployment|documentation]].
This HowTo will provide you with an easy guide to setup Samba, to act as a Windows print server including Point'n'Click printer driver installation for users.


'''This HowTo is valid for Samba 3 and 4 print server installations.'''






== Some definitions ==


= Print server backends =
; Printer share : Each printer is shared by a name. During the printing process, the client sends the printjob to it.


In the following we assume, that the print server backend is already basically configured, running and printers can be added.
; Print server backend : Samba can use e. g. CUPS, LPD/Lprng and others as backend. The print server forwards the job to local or network printers.

; Windows printer driver : A piece of software that converts the printed data to a printer specific form. The driver for each shared printer can be preconfigured with default values.

; Point'n'Print : Windows 2000 and later support the ability to automatically download, install and preconfigure drivers from the server when connecting a printer. The installation can be carried out by ordinary users without special permissions.

; Printer forms : Windows is already shipped with an amount of forms, that define the typical paper sizes. If a form isn't known to the print server, the client cannot use this, although the printer is able to do it.



== Driver models ==

Supported by Samba: Printer driver version 3 (Windows 2000 to Windows 10)

Currently not supported by Samba: [http://msdn.microsoft.com/en-us/library/windows/hardware/hh706306%28v=vs.85%29.aspx Printer driver version 4] (Windows 8 to Windows 10)





= Print server backend =

The following sub-chapters will give you a short overview on possible backends, including adding a new network printer, we'll use in our later examples for sharing it by Samba.

The examples setup a RAW printer (content is send directly to the device). We don't use filters or drivers on the backend, because a RAW printer allows us to render the output on the workstation and use the printer specific driver.

We assume here, that you have the print server backend already basically configured and it's running, so printers can be added next.




Line 45: Line 17:
== CUPS ==
== CUPS ==


[http://www.cups.org CUPS] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.
[http://www.cups.org CUPS] is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS, if the development package (header files and libraries) are found at compile time.


* Open the CUPS admin web frontend (<nowiki>https://servername:631/admin</nowiki>)
Basically all sorts of files can be printed with CUPS, but using a Postscript or a RAW printer driver will give you the most benefit in combination with the Windows printer driver, because then all settings can be controlled on the Windows client.


* Click "Add Printer" on the "Administration" tab


* Choose the way that your printer is connected and enter the appropriate URL. Examples:


:* LPD protocol:
=== Adding a new printer ===
lpd://hostname/queue


:* Internet Printing Protocol
* Open the CUPS admin webfrontend (https://servername:631/admin).
ipp://hostname/ipp/port


* Forwarding the jobs to a Windows print server (''Note: Vista and higher don't allow anonymous connects by default. You have to provide a username and password for the connection'')
* On the „Administration“ tab click the „Add Printer“ button.

* Choose the way that your printer is connected and enter the appropriate URL.

Examples:

# LPD protocol
lpd://hostname/queue
# Internet Printing Protocol
ipp://hostname/ipp/port
# Forwarding the jobs to a Windows print server.
# Hint: Vista and higher, don't allow anonymous connects by default, so you must provide a username and password.
smb://username:password@domain/servername/printername
smb://username:password@domain/servername/printername


* Enter a name for the printer
* Enter a name for the printer


* Choose "Raw" for the printer vendor and model
* When you reach the step to choose the vendor and model, choose „Raw“ for both, because the rendering will be done later by the Windows driver.


* Save the newly added printer.
* Save the the settings




Line 81: Line 44:
== LPD ==
== LPD ==


This was the first widely used printing system and still runs on many servers. It is very simple to install and configure. There are different implementations of LPD servers, like the often used [http://www.lprng.org/ LPRng].
This was the first widely used printing system and is still used on many servers. It is very simple to install and to configure. There are different implementations of LPD servers, like the often used [http://www.lprng.org/ LPRng].


* Add the following line to your "printcap" file (typically located in /etc/)


PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name


:For the used options in above example check out the printcap man page.
=== Adding a new printer ===


* Create the printers spool directory
* To add a new network printer, you simply need to add the following line to your 'printcap' (typically '/etc/printcap'). For the different options used in the example, see 'man printcap'.


# checkpc -f
PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name


* Restart LPD
* After adding the new printer entry, run the following command to create the LPD spool directory and restart/reload the service, to take the changes affect.


# checkpc -f
# service lpd restart
# service lpd restart


Line 109: Line 73:




= Configuring Samba as print server =
= Configure Samba as print server =


== Enable spoolssd (optional) ==
== General ==


''Note: Some features of spoolssd were broken before 4.0.17 and 4.1.7. If you consider using spoolssd, please use a later version!''
=== Enabling spoolssd (optional) ===


spoolssd, a feature introduced in Samba 4.0, increases printer performance. In the past, when a print job came in, a smbd child process was forked, to initialize the printcap cache, spoolss, etc. If you have a huge printcap cache and it needs to be updated first, the client could hang for several seconds. Since Samba 4.0, you can configure spoolssd to be started as forked processes. If enabled, you'll see additional smbd processes, which will handle only spoolss requests. The master process is a simple daemon with a small memory footprint, that only forks and kills childrens serving the spoolss pipe. When a connection comes in, it can directly start to talk to the daemon and ask for information about the printer without any delay, this gives a performance improvement.
''Note: Some features of spoolssd were broken before 4.0.17 and 4.1.7. That's why it is recommended to use at least these versions!''

spoolssd is a feature, introduced in Samba 4.0, that increases printer performance. In the past, when a print job came in, a smbd child process was forked, to initialize the printcap cache, spoolss, etc. If you have a huge printcap cache and it needs to be updated first, the client could hang for several seconds.

Since Samba 4, you can configure spoolssd to be started as forked processes. If enabled, you'll see additional smbd processes, which will handle only spoolss requests. The master process is a simple daemon with a small memory footprint, that only forks and kills childs serving the spoolss pipe. When a connection comes in, it can directly start to talk to the daemon and ask for information about the printer without any delay, this gives a performance improvement.


To enable spoolssd, add the following to the [global] section of your smb.conf:
To enable spoolssd, add the following to the [global] section of your smb.conf:
Line 126: Line 86:
rpc_daemon:spoolssd = fork
rpc_daemon:spoolssd = fork


After you have restarted Samba, you will discover additional smbd processes that handle spoolss requests:
After the next restart of Samba, you will discover additional smbd processes that handle spoolss requests:


With spoolssd enabled after startup: With spoolssd disabled (default):
<u>With spoolssd enabled:</u> <u>With spoolssd disabled (default):</u>
30903 smbd 30955 smbd
30903 smbd 30903 smbd
30912 \_ smbd 30963 \_ smbd
30912 \_ smbd 30912 \_ smbd
30913 \_ smbd
30913 \_ smbd
30914 \_ smbd
30914 \_ smbd
Line 147: Line 107:
spoolssd:prefork_min_children = 5 # Minimum number of child processes
spoolssd:prefork_min_children = 5 # Minimum number of child processes
spoolssd:prefork_max_children = 25 # Maximum number of child processes
spoolssd:prefork_max_children = 25 # Maximum number of child processes
spoolssd:prefork_spawn_rate = 5 # Start (fork) x new childs if one connection comes in (up to prefork_max_children)
spoolssd:prefork_spawn_rate = 5 # Start (fork) x new children if one connection comes in (up to prefork_max_children)
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child process should be responsible for
spoolssd:prefork_max_allowed_clients = 100 # Number of clients, a child process should be responsible for
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a child process (60 seconds
spoolssd:prefork_child_min_life = 60 # Minimum lifetime of a child process (60 seconds
# is the minimum, even a lower value has been configured)
# is the minimum, even a lower value has been configured)


spoolssd is still a new feature. If you encounter any bug, please report it at [https://bugzilla.samba.org/ https://bugzilla.samba.org/], to get it fixed as soon as possible.
spoolssd is still a new feature. If you encounter any bug, please report it at https://bugzilla.samba.org/, to get it fixed as soon as possible.






=== Granting print operator privileges ===
== Setup the [printers] share ==


This share defines general information about your printing backend. See the "[printers]" section in the smb.conf man page for further information.
Users or groups, who should be able to administrate printers on your server, have to be granted the „SePrintOperatorPrivilege“ privilege. This is required on member servers, as they have their own, local SAM database. It is recommended to grant it to a domain group, because changes can be done quick and easily with the typical user management tools like ADUC.


* Add the [printers] section to your smb.conf
The following example grants the privilege to the domain group „Domain Admins“:

# net rpc rights grant 'SAMDOM\Domain Admins' SePrintOperatorPrivilege -Uadministrator

Existing privileges can be reviewed with

# net rpc rights list accounts -Uadministrator



=== Setup the [printers] share ===

This share defines general information about your printing backend. See the „[printers]“ section in the man page for additional information.

* Add the new section to your smb.conf
[printers]
[printers]
path = /var/spool/samba
path = /var/spool/samba/
printable = yes
printable = yes
printing = CUPS|LPRNG|...
printing = CUPS|LPRNG|...


* Check for Samba CUPS support (only necessary, if "printing = CUPS")
* If you choose CUPS as backend, make sure that your smbd is compiled with CUPS support:
# smbd -b | grep CUPS
# smbd -b | grep CUPS
HAVE_CUPS_CUPS_H
HAVE_CUPS_CUPS_H
Line 186: Line 132:
HAVE_CUPS
HAVE_CUPS
HAVE_LIBCUPS
HAVE_LIBCUPS
If you don't get any output, make sure that the CUPS header files and libraries are installed and recompile Samba with --with-cups.


:If you don't get any output, make sure that the CUPS header files and libraries are installed and recompile Samba with --with-cups
* The next step is to create the samba spool directory, defined in the „[printer]“ share. Set the appropriate permissions, depending on your needs.

* Create the Samba spool directory, defined in the "[printer]" share.


# mkdir -p /var/spool/samba/
# mkdir -p /var/spool/samba/
Line 195: Line 142:




=== Setup the [print$] share ===


== Share a printer ==
To enable Point'n'Print support, a share named „print$“ must exist. This share name is hardcoded in Windows clients and can't be altered.


Unless "load printers = yes" was set in your smb.conf to automatically share all printers available in the backend, for each printer, that should be shared by Samba, a separate share is required:
* Add the share to your smb.conf


[MyDemoPrinter]
[print$]
path = /srv/samba/Printer_drivers
path = /var/spool/samba/
comment = Printer Drivers
browseable = yes
writeable = yes
printable = yes
printer name = Printername_in_backend
# Set the "printer name" parameter to the name of your
# corresponding CUPS/LPD/... queue name


Reload Samba after configuration changes:
* Create the folder that will later contain the drivers:


# smbcontrol all reload-config
# mkdir -p /srv/samba/Printer_drivers/


* Next we create the required directory structure for the print$ share (newer versions of Samba will create it on the fly):


BASEDIR=/srv/samba/Printer_drivers
for i in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86/{2,3} WIN40 x64; do
mkdir -p $BASEDIR/$i;
done


* Finally, set the permissions. It is recommended that normal users just have read-only access to the share, while the group you have [[#Granting_print_operator_privileges|granted print operator privileges]] to, has write permissions to upload printer drivers. The following examples are granting write permissions to the „Domain Admins“ group.


:* If you're running Samba 4 and later, you are having the choice to use [[Shares_with_POSIX_ACLs#Change_permissions_on_folders_of_a_share|POSIX]] or [[Shares_with_Windows_ACLs#Change_permissions_on_folder_of_a_share|Windows ACLs]] on the print$ share. The benefit of Windows ACLs are, that you can use the full Windows ACLs set. Have a look at the [[Shares_with_Windows_ACLs#Change_permissions_on_folder_of_a_share|Setup and configure file shares]] documentation for further details. The suggested filesystem permissions for Windows ACLs on the print$ share are:
::* Creator Owner: Full control (Subfolders and files only)
::* Authenticated Users: Read & execute, List folder contents, Read (This folder, subfolders and files)
::* System: Full control (This folder, subfolders and files)
::* Domain Admins: Full control (This folder, subfolders and files)


= Further documention =
:* ACL example for POSIX ACLs on the print$ share (e. g. for Samba 3.x)
# chgrp -R „SAMDOM\Domain Admins“ /srv/samba/Printer_drivers/
# chmod -R 2755 /srv/samba/Printer_drivers/


* [[Configuring_Point'n'Print_automatic_printer_driver_deployment|Configuring Point'n'Print automatic printer driver deployment]]




== Sharing a printer with Samba ==

* For each printer you want to share via Samba, you have to create a separate share (unless you have "load printers = yes" defined in your smb.conf). The following is an example:

[MyDemoPrinter]
path = /var/spool/samba/
browseable = yes
printable = yes
printer name = Printername_in_backend

* Set the „printer name“ parameter to the name of your corresponding CUPS/LPD/... queue.

* To bring the changes live, reload the Samba configuration:

# smbcontrol all reload-config

= Point'n'Print automatic printer driver deployment =

This is described on a seperate wiki page: [[Configuring Point'n'Print automatic printer driver deployment]].


----
----

Revision as of 17:06, 31 October 2015

Introduction

A print server accepts print jobs from network computers, queues them locally and send them to the appropriate printers. Beside domain and file service capabilities, Samba can act as a MS Windows compatible print server as well. While Samba provides the interface to Windows/SMB machines, CUPS or LDP is used by Samba to send print jobs to the devices.

In the following, we give an overview about Sambas supported backends, including how to add new network printer to them. The examples setup a RAW printer (content is send unmodified to the device). We don't use filters or drivers on the backend, because a RAW printer allows the rendering of the output to be done on the workstation by the printer vendors specific driver. In the latter the printer will be shared by Samba to provide the service to the network. If you're also interested in automatic printer driver deployment via Point'n'Print, see the corresponding documentation.



Print server backends

In the following we assume, that the print server backend is already basically configured, running and printers can be added.


CUPS

CUPS is currently the most widely used spool system in *nix environments and shipped with most distributions. Samba has built-in support and defaults to CUPS, if the development package (header files and libraries) are found at compile time.

  • Open the CUPS admin web frontend (https://servername:631/admin)
  • Click "Add Printer" on the "Administration" tab
  • Choose the way that your printer is connected and enter the appropriate URL. Examples:
  • LPD protocol:
lpd://hostname/queue
  • Internet Printing Protocol
ipp://hostname/ipp/port
  • Forwarding the jobs to a Windows print server (Note: Vista and higher don't allow anonymous connects by default. You have to provide a username and password for the connection)
smb://username:password@domain/servername/printername 
  • Enter a name for the printer
  • Choose "Raw" for the printer vendor and model
  • Save the the settings


LPD

This was the first widely used printing system and is still used on many servers. It is very simple to install and to configure. There are different implementations of LPD servers, like the often used LPRng.

  • Add the following line to your "printcap" file (typically located in /etc/)
PRINTERNAME:sd=/path/to/spool/directory:sh:mx=0:mc=0:rm=IP_or_DNS_Name
For the used options in above example check out the printcap man page.
  • Create the printers spool directory
# checkpc -f
  • Restart LPD
# service lpd restart
  • The following command allows you query the state of the printer:
# lpq -P PRINTERNAME
Printer: PRINTERNAME@SAMPRINTSERVER (dest PRINTERNAME@IP_or_DNS_Name)
 Queue: no printable jobs in queue
Ready

no entries



Configure Samba as print server

Enable spoolssd (optional)

Note: Some features of spoolssd were broken before 4.0.17 and 4.1.7. If you consider using spoolssd, please use a later version!

spoolssd, a feature introduced in Samba 4.0, increases printer performance. In the past, when a print job came in, a smbd child process was forked, to initialize the printcap cache, spoolss, etc. If you have a huge printcap cache and it needs to be updated first, the client could hang for several seconds. Since Samba 4.0, you can configure spoolssd to be started as forked processes. If enabled, you'll see additional smbd processes, which will handle only spoolss requests. The master process is a simple daemon with a small memory footprint, that only forks and kills childrens serving the spoolss pipe. When a connection comes in, it can directly start to talk to the daemon and ask for information about the printer without any delay, this gives a performance improvement.

To enable spoolssd, add the following to the [global] section of your smb.conf:

rpc_server:spoolss = external
rpc_daemon:spoolssd = fork

After the next restart of Samba, you will discover additional smbd processes that handle spoolss requests:

With spoolssd enabled:                     With spoolssd disabled (default):
30903 smbd                                 30903 smbd
30912  \_ smbd                             30912  \_ smbd
30913      \_ smbd
30914      \_ smbd
30915      \_ smbd
30916      \_ smbd
30917      \_ smbd
30918      \_ smbd
30920      \_ smbd
30921      \_ smbd
30922      \_ smbd
30923      \_ smbd
30924      \_ smbd

You can adjust the daemons behaviour through the following parameters (the values in the examples are the defaults):

spoolssd:prefork_min_children = 5           # Minimum number of child processes
spoolssd:prefork_max_children = 25          # Maximum number of child processes
spoolssd:prefork_spawn_rate = 5             # Start (fork) x new children if one connection comes in (up to prefork_max_children)
spoolssd:prefork_max_allowed_clients = 100  # Number of clients, a child process should be responsible for
spoolssd:prefork_child_min_life = 60        # Minimum lifetime of a child process (60 seconds
                                            # is the minimum, even a lower value has been configured)

spoolssd is still a new feature. If you encounter any bug, please report it at https://bugzilla.samba.org/, to get it fixed as soon as possible.


Setup the [printers] share

This share defines general information about your printing backend. See the "[printers]" section in the smb.conf man page for further information.

  • Add the [printers] section to your smb.conf
[printers]
       path = /var/spool/samba/
       printable = yes
       printing = CUPS|LPRNG|...
  • Check for Samba CUPS support (only necessary, if "printing = CUPS")
# smbd -b | grep CUPS
   HAVE_CUPS_CUPS_H
   HAVE_CUPS_LANGUAGE_H
   HAVE_CUPS
   HAVE_LIBCUPS
If you don't get any output, make sure that the CUPS header files and libraries are installed and recompile Samba with --with-cups
  • Create the Samba spool directory, defined in the "[printer]" share.
# mkdir -p /var/spool/samba/
# chmod 1777 /var/spool/samba/



Share a printer

Unless "load printers = yes" was set in your smb.conf to automatically share all printers available in the backend, for each printer, that should be shared by Samba, a separate share is required:

[MyDemoPrinter]
       path = /var/spool/samba/
       browseable = yes
       printable = yes
       printer name = Printername_in_backend
       # Set the "printer name" parameter to the name of your
       # corresponding CUPS/LPD/... queue name

Reload Samba after configuration changes:

# smbcontrol all reload-config



Further documention