In Example 17.2 we show a more verbose example configuration for print- related settings in a BSD-style printing environment. What follows is a discussion and explanation of the various parameters. We chose to use BSD-style printing here because it is still the most commonly used system on legacy UNIX/Linux installations. New installations predominantly use CUPS, which is discussed in a separate chapter. Example 17.2 explicitly names many parameters that do not need to be specified because they are set by default. You could use a much leaner smb.conf file. Alternately, you can use testparm or SWAT to optimize the smb.conf file to remove all parameters that are set at default.
This is an example configuration. You may not find all the settings that are in the confioguration file that was provided by the OS vendor. Samba configuration parameters, if not explicitly set default to a sensible value. To see all settings, as root use the testparm utility. testparm gives warnings for misconfigured settings.
Example 17.2 Extended BSD Printing Configuration
[global] printing = bsd load printers = yes show add printer wizard = yes printcap name = /etc/printcap printer admin = @ ntadmin , root total print jobs = 100 lpq cache time = 20 use client driver = no [printers] comment = All Printers printable = yes path = /var/spool/samba browseable = no guest ok = yes public = yes read only = yes writable = no [my_printer_name] comment = Printer with Restricted Access path = /var/spool/samba_my_printer printer admin = kurt browseable = yes printable = yes writeable = no hosts allow = 0.0.0.0 hosts deny = turbo_xp, 10.160.50.23, 10.160.51.60 guest ok = no
17.4.1 Detailed Explanation Settings
The following is a discussion of the settings from above shown example.
18.104.22.168 The [global] Section
The [global] section is one of four special sections (along with [ [ homes ] , [printers] and [print$] ...). The [global] contains all parameters which apply to the server as a whole. It is the place for parameters that have only a global meaning. It may also contain service level parameters that then define default settings for all other sections and shares. This way you can simplify the configuration and avoid setting the same value repeatedly. (Within each individual section or share you may, however, override these globally set share settings and specify other values).
printing = bsd ” Causes Samba to use default print commands applicable for the BSD (also known as RFC 1179 style or LPR/LPD) printing system. In general, the printing parameter informs Samba about the print subsystem it should expect. Samba supports CUPS, LPD, LPRNG, SYSV, HPUX, AIX, QNX, and PLP. Each of these systems defaults to a different print command (and other queue control commands).
load printers = yes ” Tells Samba to create automatically all available printer shares. Available printer shares are discovered by scanning the printcap file. All created printer shares are also loaded for browsing. If you use this parameter, you do not need to specify separate shares for each printer. Each automatically created printer share will clone the configuration options found in the [printers] section. (The load printers = no setting will allow you to specify each UNIX printer you want to share separately, leaving out some you do not want to be publicly visible and available).
show add printer wizard = yes ” Setting is normally enabled by default (even if the parameter is not specified in smb.conf ). It causes the Add Printer Wizard icon to appear in the Printers folder of the Samba host's share listing (as shown in Network Neighborhood or by the net view command). To disable it, you need to explicitly set it to no (commenting it out will not suffice). The Add Printer Wizard lets you upload printer drivers to the [print$] share and associate it with a printer (if the respective queue exists before the action), or exchange a printer's driver against any other previously uploaded driver.
total print jobs = 100 ” Sets the upper limit to 100 print jobs being active on the Samba server at any one time. Should a client submit a job that exceeds this number, a " no more space available on server " type of error message will be returned by Samba to the client. A setting of zero (the default) means there is no limit at all.
printcap name = /etc/printcap ” Tells Samba where to look for a list of available printer names. Where CUPS is used, make sure that a printcap file is written. This is controlled by the Printcap directive in the cupsd.conf file.
printer admin = @ntadmin ” Members of the ntadmin group should be able to add drivers and set printer properties ( ntadmin is only an example name, it needs to be a valid UNIX group name); root is implicitly always a printer admin . The @ sign precedes group names in the /etc/group . A printer admin can do anything to printers via the remote administration interfaces offered by MS-RPC (see below). In larger installations, the printer admin parameter is normally a per-share parameter. This permits different groups to administer each printer share.
lpq cache time = 20 ” Controls the cache time for the results of the lpq command. It prevents the lpq command being called too often and reduces the load on a heavily used print server.
use client driver = no ” If set to yes , only takes effect for Windows NT/200x/XP clients (and not for Win 95/98/ME). Its default value is No (or False ). It must not be enabled on print shares (with a yes or true setting) that have valid drivers installed on the Samba server. For more detailed explanations see the smb.conf man page.
22.214.171.124 The [printers] Section
This is the second special section. If a section with this name appears in the smb.conf , users are able to connect to any printer specified in the Samba host's printcap file, because Samba on startup then creates a printer share for every printername it finds in the printcap file. You could regard this section as a general convenience shortcut to share all printers with minimal configuration. It is also a container for settings that should apply as default to all printers. (For more details see the smb.conf man page.) Settings inside this container must be Share Level parameters.
comment = All printers ” The comment is shown next to the share if a client queries the server, either via Network Neighborhood or with the net view command to list available shares.
printable = yes ” The [printers] service must be declared as printable. If you specify otherwise , smbd will refuse to load at startup. This parameter allows connected clients to open , write to and submit spool files into the directory specified with the path parameter for this service. It is used by Samba to differentiate printer shares from file shares.
path = /var/spool/samba ” Must point to a directory used by Samba to spool incoming print files. It must not be the same as the spool directory specified in the configuration of your UNIX print subsystem! The path typically points to a directory that is world writeable, with the " sticky " bit set to it.
browseable = no ” Is always set to no if printable = yes. It makes the [printer] share itself invisible in the list of available shares in a net view command or in the Explorer browse list. (You will of course see the individual printers).
guest ok = yes ” If this parameter is set to yes , no password is required to connect to the printer's service. Access will be granted with the privileges of the guest account . On many systems the guest account will map to a user named " nobody ". This user will usually be found in the UNIX passwd file with an empty password, but with no valid UNIX login. (On some systems the guest account might not have the privilege to be able to print. Test this by logging in as your guest user using su - guest and run a system print command like:
lpr -P printername /etc/motd
public = yes ” Is a synonym for guest ok = yes. Since we have guest ok = yes, it really does not need to be here. (This leads to the interesting question: " What if I by accident have two contradictory settings for the same share ?" The answer is the last one encountered by Samba wins. Testparm does not complain about different settings of the same parameter for the same share. You can test this by setting up multiple lines for the guest account parameter with different usernames, and then run testparm to see which one is actually used by Samba.)
read only = yes ” Normally (for other types of shares) prevents users from creating or modifying files in the service's directory. However, in a " printable " service, it is always allowed to write to the directory (if user privileges allow the connection), but only via print spooling operations. Normal write operations are not permitted.
writeable = no ” Is a synonym for read only = yes.
126.96.36.199 Any [my_printer_name] Section
If a section appears in the smb.conf file, which when given the parameter printable = yes causes Samba to configure it as a printer share. Windows 9x/Me clients may have problems with connecting or loading printer drivers if the share name has more than eight characters . Do not name a printer share with a name that may conflict with an existing user or file share name. On Client connection requests , Samba always tries to find file shares with that name first. If it finds one, it will connect to this and will not connect to a printer with the same name!
comment = Printer with Restricted Access ” The comment says it all.
path = /var/spool/samba_my_printer ” Sets the spooling area for this printer to a directory other than the default. It is not necessary to set it differently, but the option is available.
printer admin = kurt ” The printer admin definition is different for this explicitly defined printer share from the general [printers] share. It is not a requirement; we did it to show that it is possible.
browseable = yes ” This makes the printer browseable so the clients may conveniently find it when browsing the Network Neighborhood .
printable = yes ” See Section 188.8.131.52.
writeable = no ” See Section 184.108.40.206.
hosts allow = 10.160.50.,10.160.51. ” Here we exercise a certain degree of access control by using the hosts allow and hosts deny parameters. This is not by any means a safe bet. It is not a way to secure your printers. This line accepts all clients from a certain subnet in a first evaluation of access control.
hosts deny = turbo_xp,10.160.50.23,10.160.51.60 ” All listed hosts are not allowed here (even if they belong to the allowed subnets). As you can see, you could name IP addresses as well as NetBIOS hostnames here.
guest ok = no ” This printer is not open for the guest account.
220.127.116.11 Print Commands
In each section defining a printer (or in the [printers] section), a print command parameter may be defined. It sets a command to process the files that have been placed into the Samba print spool directory for that printer. (That spool directory was, if you remember, set up with the path parameter). Typically, this command will submit the spool file to the Samba host's print subsystem, using the suitable system print command. But there is no requirement that this needs to be the case. For debugging or some other reason, you may want to do something completely different than print the file. An example is a command that just copies the print file to a temporary location for further investigation when you need to debug printing. If you craft your own print commands (or even develop print command shell scripts), make sure you pay attention to the need to remove the files from the Samba spool directory. Otherwise, your hard disk may soon suffer from shortage of free space.
18.104.22.168 Default UNIX System Printing Commands
You learned earlier on that Samba, in most cases, uses its built-in settings for many parameters if it cannot find an explicitly stated one in its configuration file. The same is true for the print command . The default print command varies depending on the printing parameter setting. In the commands listed below, you will notice some parameters of the form % X where X is p, s, J , and so on. These letters stand for printer name, spoolfile and job ID, respectively. They are explained in more detail further below. Table 17.1 presents an overview of key printing options but excludes the special case of CUPS that is discussed in Chapter 18, CUPS Printing Support .
Table 17.1. Default Printing Settings
We excluded the special case of CUPS here, because it is discussed in the next chapter. For printing = CUPS , if Samba is compiled against libcups, it uses the CUPS API to submit jobs. (It is a good idea also to set printcap = cups in case your cupsd.conf is set to write its autogenerated printcap file to an unusual place). Otherwise, Samba maps to the System V printing commands with the -oraw option for printing, i.e., it uses lp -c -d%p -oraw; rm %s . With printing = cups , and if Samba is compiled against libcups, any manually set print command will be ignored!
22.214.171.124 Custom Print Commands
After a print job has finished spooling to a service, the print command will be used by Samba via a system() call to process the spool file. Usually the command specified will submit the spool file to the host's printing subsystem. But there is no requirement at all that this must be the case. The print subsystem may not remove the spool file on its own. So whatever command you specify, you should ensure that the spool file is deleted after it has been processed .
There is no difficulty with using your own customized print commands with the traditional printing systems. However, if you do not wish to roll your own, you should be well informed about the default built-in commands that Samba uses for each printing subsystem (see Table 17.1). In all the commands listed in the last paragraphs, you see parameters of the form %X . These are macros , or shortcuts, used as placeholders for the names of real objects. At the time of running a command with such a placeholder, Samba will insert the appropriate value automatically. Print commands can handle all Samba macro substitutions. In regard to printing, the following ones do have special relevance:
The print command must contain at least one occurrence of %s or the %f . The %p is optional. If no printer name is supplied, the %p will be silently removed from the print command. In this case, the job is sent to the default printer.
If specified in the [global] section, the print command given will be used for any printable service that does not have its own print command specified. If there is neither a specified print command for a printable service nor a global print command, spool files will be created but not processed! Most importantly, print files will not be removed, so they will consume disk space.
Printing may fail on some UNIX systems when using the " nobody " account. If this happens, create an alternative guest account and give it the privilege to print. Set up this guest account in the [global] section with the guest account parameter.
You can form quite complex print commands. You need to realize that print commands are just passed to a UNIX shell. The shell is able to expand the included environment variables as usual. (The syntax to include a UNIX environment variable $variable in the Samba print command is %$variable .) To give you a working print command example, the following will log a print job to /tmp/print.log , print the file, then remove it. The semicolon (" ; " is the usual separator for commands in shell scripts:
print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s
You may have to vary your own command considerably from this example depending on how you normally print files on your system. The default for the print command parameter varies depending on the setting of the printing parameter. Another example is:
print command = /usr/local/samba/bin/myprintscript %p %s