1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
|
!==
!== PRINTER_DRIVER2.txt for Samba release 2.2.0-alpha2 30 Jan 2001
!==
==========================================================================
Gerald Carter <jerry@samba.org> 14 Sep 2000
===========================================================================
Introduction
============
Beginning with the 2.2.0 release, Samba now supports the native Windows
NT printing mechanisms implemented via MS-RPC (i.e. the SPOOLSS named
pipe). Previous versions of Samba only supported the LanMan printing
calls.
The additional functionality provided by the new SPOOLSS support
includes:
o Support for downloading printer driver files to
Windows 95/98/NT/2000 clients upon demand.
o Uploading of printer drivers via the Windows NT
Add Printer Wizard (APW) or the Imprints tool set
o Support for the native MS-RPC printing calls such
as StartDocPrinter, EnumJobs(), etc... (See the MSDN
documentation for more information on the Win32
printing API)
o Support for NT Access Control Lists (ACL) on
printer objects
o Improved support for printer queue manipulation through
the use of an internal database for spooled job information.
Configuration
=============
In order to support the uploading of printer driver files, you
must first configure a file share named [print$]. The name of
this share is hard coded in Samba's internals so the name is
very important (print$ is the service used by Windows NT
print servers to provide support for printer driver download.
<aside>
Previous versions of Samba recommended using a share named
[printer$]. This name was taken from the printer$ service
created by Windows 9x clients when a printer was shared.
(Windows 9x printer servers always have a printer$ service
which provides read-only access via no password in order to
support printer driver downloads).
However, the initial implementation allowed for a parameter
named 'printer driver location' to be used on a per share basis
to specify the location of the driver files associated with that
printer. Another parameter named 'printer driver' provided a
means of defining the printer driver name to be sent to the
client.
These parameters, including 'printer driver file', are being
depreciated and should not be used in new installations.
For more information on this change, you should refer to the
"Migration" section of this document.
</aside>
You should modify the server's smb.conf file to create the
following file share (of course, some of the parameter values,
such as 'path' are arbitrary and should be replaced with
appropriate values for your site):
[print$]
path = /usr/local/samba/printers
guest ok = yes
browseable = yes
read only = yes
write list = ntadmin
The 'write list' is used to allow administrative level user accounts
to have write access in order to update files on the share.
See the smb.conf(5) man page for more information on configuring
file shares.
The requirement for 'guest ok = yes' depends upon how your
site is configured. If users will be guaranteed to have
an account on the Samba host, then this is a non-issue.
[author's note: The non-issue is that if all your Windows
NT users are guarenteed to be authenticated by the Samba server
(such as a domain member server and the NT user has already
been validated by the Domain Controller in order to logon
to the Windows NT console), then guest access is not necessary.
Of course, in a workgroup environment where you just want
to be able to print without worrying about silly accounts
and security, then configure the share for gues access.
You'll probably want to add 'map to guest = Bad User'
in the [global] section as well. Make sure you understand
what this parameter does before using it though. --jerry]
In order for a Windows NT print server to support the
downloading of driver files by multiple client architectures,
it must create subdirectories within the [print$] service
which correspond to each of the supported client architectures.
Samba follows this model as well.
Next create the directory tree below the [print$] share for
each architecture you wish to support.
[print$]-----
|-W32X86 ; "Windows NT x86"
|-WIN40 ; "Windows 95/98"
|-W32ALPHA ; "Windows NT Alpha_AXP"
|-W32MIPS ; "Windows NT R4000"
|-W32PPC ; "Windows NT PowerPC"
+++++++++++++ ATTENTION! REQUIRED PERMISSIONS +++++++++++++++++
Currently, the connected user must have uid 0 in order to
successfully install a new printer driver. There are two
points of authorization in this process.
o Access permissions to add files to the [print$]
share. This access control is managed using
the same semantics as normal file shares.
(i.e. filesystem permissions, write list,
writeable, etc...)
o Authorization to add entries to
$SAMBA/var/locks/ntdrivers.tdb
Updates to this TDB are curently restricted
to the root account.
Therefore, you must be connected to the samba host as the
root user in order to add a new printer driver.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Once you have created the required [print$] service and associated
subdirectories, simply log onto the Samba server using a root account
from a Windows NT 4.0 client. Navigate to the "Printers" folder
on the Samba server. You should see an initial listing of printers
that matches the printer shares defined on your Samba host.
<aside>
It is possible on a Windows NT print server to have printers
listed in the Printers folder which are not shared. Samba does
not make this distinction. By definition, the only printers of
which Samba is aware are those which are specified as shares in
smb.conf.
Another interesting side note is that Windows NT clients do
not use the SMB printer share, but rather can print directly
to any printer on another Windows NT host using MS-RPC. This
of course assumes that the printing client has the necessary
privileges on the remote host serving the printer. The default
permissions assigned by Windows NT to a printer gives the "Print"
permissions to the "Everyone" well-known group.
</aside>
The initial listing of printers in the Samba host's Printers
folder will have no printer driver assigned to them. The way
assign a driver to a printer is to view the Properties of the
printer and either
o Use the "New Driver..." button to install a new printer
driver, or
o Select a driver from the popup list of installed drivers.
Initially this list will be empty.
If you wish to install printer drivers for client operating
systems other than "Windows NT x86", you will need to use the
"Sharing" tab of the printer properties dialog.
Assuming you have connected with a root account, you will
also be able modify other printer properties such as
ACLs and device settings using this dialog box.
The Imprints tool set provides a UNIX equivalent of the Windows
NT Add Printer Wizard. For complete information, please refer
to the Imprints web site at http://imprints.sourceforge.net/
as well as the documentation included with the imprints source
distribution. This section will only provide a brief introduction
to the features of Imprints.
What is Imprints?
Imprints is a collection of tools for supporting the goals of
o Providing a central repository information regarding
Windows NT and 95/98 printer driver packages
o Providing the tools necessary for creating the Imprints
printer driver packages.
o Providing an installation client which will obtain
and install printer drivers on remote Samba and Windows
NT 4 print servers.
Creating Printer Driver Packages
The process of creating printer driver packages is beyond
the scope of this document (refer to Imprints.txt also included
with the Samba distribution for more information). In short,
an Imprints driver package is a gzipped tarball containing the
driver files, related INF files, and a control file needed by the
installation client.
The Imprints server
The Imprints server is really a database server that may
be queried via standard HTTP mechanisms. Each printer entry
in the database has an associated URL for the actual
downloading of the package. Each package is digitally signed
via GnuPG which can be used to verify that package downloaded
is actually the one referred in the Imprints database. It is
**not** recommended that this security check be disabled.
The Installation Client
<aside>
More information regarding the Imprints installation client is available
in the Imprints-Client-HOWTO.ps file included with the imprints source
package.
</aside>
The Imprints installation client comes in two forms.
o a set of command line Perl scripts
o a GTK+ based graphical interface to the command
line perl scripts
The installation client (in both forms) provides a means
of querying the Imprints database server for a matching
list of known printer model names as well as a means to
download and install the drivers on remote Samba and Windows
NT print servers.
The basic installation process is in four steps and perl code
is wrapped around smbclient and rpcclient.
foreach (supported architecture for a given driver)
{
1. rpcclient: Get the appropriate upload directory
on the remote server
2. smbclient: Upload the driver files
3. rpcclient: Issues an AddPrinterDriver() MS-RPC
}
4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually
create the printer
One of the problems encountered when implementing the Imprints
tool set was the name space issues between various supported
client architectures. For example, Windows NT includes a driver
named "Apple LaserWriter II NTX v51.8" and Windows 95 calls
its version of this driver "Apple LaserWriter II NTX"
The problem is how to know what client drivers have been
uploaded for a printer. As astute reader will remember that
the Windows NT Printer Properties dialog only includes space
for one printer driver name. A quick look in the Windows NT
4 system registry at
HKLM\System\CurrentControlSet\Control\Print\Environment
will reveal that Windows NT always uses the NT driver name.
The is ok as Windows NT always requires that at least the Windows
NT version of the printer driver is present. However, Samba
does not have the requirement internally. Therefore, how can
you use the NT driver name if is has not already been installed?
The way of sidestepping this limitation is to require that all
Imprints printer driver packages include both the Intel Windows
NT and 95/98 printer drivers and that NT driver is installed
first.
Migration to 2.2.x
=============================
Given that printer driver management has changed
(we hope improved :) ) in 2.2.0 over prior releases,
migration from an existing setup to 2.2.0 can follow
several paths.
<WARNING>
The following smb.conf parameters are considered to be
depreciated and will be removed soon. Do not use them
in new installations
'printer driver file' (G)
'printer driver' (S)
'printer driver location' (S)
</WARNING>
Here are the possible scenarios for supporting migration:
o If you does not desire the new Windows NT
print driver support, nothing needs to be done.
All existing parameters work the same.
o If you want to take advantage of NT printer
driver support but does not want to migrate the
9x drivers to the new setup, the leave the existing
printers.def file. When smbd attempts to locate a
9x driver for the printer in the TDB and fails it
will drop down to using the printers.def (and all
associated parameters). The make_printerdef tool
will also remain for backwards compatibility but will
be moved to the "this tool is the old way of doing it"
pile.
o If you instal a Windows 9x driver for a printer on
your Samba host (in the printing TDB), this information will
take precedence and the three old printing parameters
will be ignored (including print driver location).
o If you want to migrate an existing printers.def file into
the new setup, the current only solution is to use the
Windows NT APW to install the NT drivers and the 9x
drivers. (comment: this could possibly be scripted using
smbclient and rpcclient, but I haven't had time --jerry)
|