17.5 Printing Developments Since Samba-2.2


Prior to Samba-2.2.x, print server support for Windows clients was limited to LanMan printing calls. This is the same protocol level as Windows 9x/Me PCs offer when they share printers. Beginning with the 2.2.0 release, Samba started to support the native Windows NT printing mechanisms. These are implemented via MS-RPC (RPC = Remote Procedure Calls ). MS-RPCs use the SPOOLSS named pipe for all printing.

The additional functionality provided by the new SPOOLSS support includes:

  • Support for downloading printer driver files to Windows 95/98/NT/2000 clients upon demand ( Point'n'Print ).

  • Uploading of printer drivers via the Windows NT Add Printer Wizard (APW) or the Imprints [1] tool set.

    [1] http://imprints. sourceforge .net/

  • Support for the native MS-RPC printing calls such as StartDocPrinter, EnumJobs(), and so on. (See the MSDN documentation [2] for more information on the Win32 printing API).

    [2] http://msdn.microsoft.com/

  • Support for NT Access Control Lists (ACL) on printer objects.

  • Improved support for printer queue manipulation through the use of internal databases for spooled job information (implemented by various *.tdb files).

A benefit of updating is that Samba-3 is able to publish its printers to Active Directory (or LDAP).

A fundamental difference exists between MS Windows NT print servers and Samba operation. Windows NT permits the installation of local printers that are not shared. This is an artifact of the fact that any Windows NT machine (server or client) may be used by a user as a workstation. Samba will publish all printers that are made available, either by default or by specific declaration via printer-specific shares.

Windows NT/200x/XP Professional clients do not have to use the standard SMB printer share; they can print directly to any printer on another Windows NT host using MS-RPC. This, of course, assumes that the client has the necessary privileges on the remote host that serves the printer resource. The default permissions assigned by Windows NT to a printer gives the Print permissions to the well-known Everyone group . (The older clients of type Windows 9x/Me can only print to shared printers).

17.5.1 Point'n'Print Client Drivers on Samba Servers

There is much confusion about what all this means. The question is often asked, " Is it or is it not necessary for printer drivers to be installed on a Samba host in order to support printing from Windows clients? " The answer to this is no, it is not necessary.

Windows NT/2000 clients can, of course, also run their APW to install drivers locally (which then connect to a Samba- served print queue). This is the same method used by Windows 9x/Me clients. (However, a bug existed in Samba 2.2.0 that made Windows NT/2000 clients require that the Samba server possess a valid driver for the printer. This was fixed in Samba 2.2.1).

But it is a new capability to install the printer drivers into the [print$] share of the Samba server, and a big convenience, too. Then all clients (including 95/98/ME) get the driver installed when they first connect to this printer share. The uploading or depositing of the driver into this [print$] share and the following binding of this driver to an existing Samba printer share can be achieved by different means:

  • Running the APW on an NT/200x/XP Professional client (this does not work from 95/98/ME clients).

  • Using the Imprints toolset.

  • Using the smbclient and rpcclient commandline tools.

  • Using cupsaddsmb (only works for the CUPS printing system, not for LPR/LPD, LPRng, and so on).

Samba does not use these uploaded drivers in any way to process spooled files. These drivers are utilized entirely by the clients who download and install them via the " Point'n'Print " mechanism supported by Samba. The clients use these drivers to generate print files in the format the printer (or the UNIX print system) requires. Print files received by Samba are handed over to the UNIX printing system, which is responsible for all further processing, as needed.

17.5.2 The Obsoleted [printer$] Section

Versions of Samba prior to 2.2 made it possible to use a share named [printer$] . This name was taken from the same named service created by Windows 9x/Me clients when a printer was shared by them. Windows 9x/Me printer servers always have a [printer$] service that provides read-only access (with no password required) to support printer driver downloads. However, Samba's initial implementation allowed for a parameter named printer driver location to be used on a per share basis. This specified the location of the driver files associated with that printer. Another parameter named printer driver provided a means of defining the printer driver name to be sent to the client.

These parameters, including the printer driver file parameter, are now removed and cannot be used in installations of Samba-3. The share name [print$] is now used for the location of downloadable printer drivers. It is taken from the [print$] service created by Windows NT PCs when a printer is shared by them. Windows NT print servers always have a [print$] service that provides read-write access (in the context of its ACLs) to support printer driver downloads and uploads. This does not mean Windows 9x/Me clients are now thrown aside. They can use Samba's [print$] share support just fine.

17.5.3 Creating the [print$] Share

In order to support the uploading and downloading of printer driver files, you must first configure a file share named [print$] . The public name of this share is hard coded in the MS Windows clients. It cannot be renamed since Windows clients are programmed to search for a service of exactly this name if they want to retrieve printer driver files.

You should modify the server's file to add the global parameters and create the [print$] file share (of course, some of the parameter values, such as path are arbitrary and should be replaced with appropriate values for your site). See Example 17.3.

Of course, you also need to ensure that the directory named by the path parameter exists on the UNIX file system.

17.5.4 [print$] Section Parameters

The [print$] is a special section in smb.conf . It contains settings relevant to potential printer driver download and is used by windows clients for local print driver installation. The following parameters are frequently needed in this share section:

Example 17.3 [print$] example
  [global]  # members of the ntadmin group should be able to add drivers and set # printer properties. root is implicitly always a 'printer admin'.  printer admin = @ntadmin  ...  [printers]  ...  [print$]   comment = Printer Driver Download Area   path = /etc/samba/drivers   browseable = yes   guest ok = yes   read only = yes   write list = @ntadmin, root  

comment = Printer Driver Download Area ” The comment appears next to the share name if it is listed in a share list (usually Windows clients will not see it, but it will also appear up in a smbclient -L sambaserver output).

path = /etc/samba/printers ” Is the path to the location of the Windows driver file deposit from the UNIX point of view.

browseable = no ” Makes the [print$] share invisible to clients from the Network Neighborhood . However, you can still mount it from any client using the net use g:\\sambaserver\print$ command in a DOS-box or the Connect network drive menu> from Windows Explorer.

guest ok = yes ” Gives read-only access to this share for all guest users. Access may be granted to download and install printer drivers on clients. The requirement for guest ok = yes depends on how your site is configured. If users will be guaranteed to have an account on the Samba host, then this is a non-issue.

N OTE

graphics/round_pencil.gif

If all your Windows NT users are guaranteed to be authenticated by the Samba server (for example, if Samba authenticates via an NT domain server and the user has already been validated by the Domain Controller in order to logon to the Windows NT session), then guest access is not necessary. Of course, in a workgroup environment where you just want to print without worrying about silly accounts and security, then configure the share for guest access. You should consider adding map to guest = Bad User in the [global] section as well. Make sure you understand what this parameter does before using it.


read only =yes ” Because we do not want everybody to upload driver files (or even change driver settings), we tagged this share as not writeable .

write list = @ntadmin, root ” The [print$] was made read-only by the previous setting so we should create a write list entry also. UNIX groups (denoted with a leading "@" character). Users listed here are allowed write-access (as an exception to the general public's read-only access), which they need to update files on the share. Normally, you will want to only name administrative-level user account in this setting. Check the file system permissions to make sure these accounts can copy files to the share. If this is a non-root account, then the account should also be mentioned in the global printer admin parameter. See the smb.conf man page for more information on configuring file shares.

17.5.5 The [print$] Share Directory

In order for a Windows NT print server to support the downloading of driver files by multiple client architectures, you must create several subdirectories within the [print$] service (i.e., the UNIX directory named by the path parameter). These correspond to each of the supported client architectures. Samba follows this model as well. Just like the name of the [print$] share itself, the subdirectories must be exactly the names listed below (you may leave out the subdirectories of architectures you do not need to support).

Therefore, create a directory tree below the [print$] share for each architecture you wish to support like this:

 
 [print$]--+ --W32X86 # serves drivers to Windows NT x86 --WIN40 # serves drivers to Windows 95/98 --W32ALPHA # serves drivers to Windows NT Alpha_AXP --W32MIPS # serves drivers to Windows NT R4000 --W32PPC # serves drivers to Windows NT PowerPC 

R EQUIRED PERMISSIONS

graphics/exclamatory.gif

In order to add a new driver to your Samba host, one of two conditions must hold true:

  • The account used to connect to the Samba host must have a UID of 0 (i.e., a root account).

  • The account used to connect to the Samba host must be named in the printer admin list.

Of course, the connected account must still have write access to add files to the subdirectories beneath [print$] . Remember that all file shares are set to " read-only " by default.


Once you have created the required [print$] service and associated subdirectories, go to a Windows NT 4.0/200x/XP client workstation. Open Network Neighborhood or My Network Places and browse for the Samba host. Once you have located the server, navigate to its Printers and Faxes folder. You should see an initial listing of printers that matches the printer shares defined on your Samba host.



Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net