I'm trying to setup a (Debian) print server for both my Windows and Linux (Ubuntu) workstations.
What I aim to have:
- Printers are configured on print server's CUPS. Queue are created and managed (pause, transfer, etc.) here (id. the web GUI).
- Windows and Linux workstations uses the print server to print: they don't need to know the printers IP address.
- Windows workstations are able to set print settings (duplex, color, collation, stapling, booklet, hole punch, etc.) as they could had they installed the Windows drivers the "standard" way (double click on .exe, direct communication with printer).
- Print drivers are offered to Windows workstations by the print server itself (Samba calls this Point'n'Print).
- No user password (for now, might change in the future).
Note: from now on and unless specified otherwise, "CUPS" will refer to the CUPS daemon running on the print server I aim to build.
What I got working currently:
- Printers were added to CUPS using ipp:// or socket:// and the PPD files from the printer manufacturer (or HPLIP). Printing from CUPS works (test print page via the web GUI).
- Linux workstation can add a printer locally using Ubuntu "add printer" wizard to look for printers that are shared via CUPS: just have to type the print server FQDN/IP.
- Printers are listed on \print-server\ browsed from a Windows workstation.
- Printers are listed via
smbclient -L print-server -Nran from a Linux workstation.
Currently not working:
- Cannot add the Windows printer driver to CUPS using the "printmanagement.msc" MMC (I get a "access denied" error). So Samba's Point'n'Print will not work.
I understand there is an issue on authentication that prevent Windows from reading/writing files to install drivers on the Samba server. I have managed to make Samba asks for user/password when accessing \print-server\ from a Windows workstation but neither the UNIX root password nor a normal UNIX user worked.
Currently weirdly working:
-
If I manually provide the printer drivers to Windows workstation (since "Point'n'Print" is not working) when adding printer from \print-server\, user/workstation print settings are not always taken into account.
It seems CUPS default options interfere with the workstation's ones: I set duplex printing off by default on CUPS but want it to work if the user tick the checkbox on it's printing settings.
Where should I go to make CUPS use user's settings?
-
I have some encoding issues: some printed pages have unusual and random letter spacings.
Is there some settings that can improve compatibility for any document (PDF, Word, image, etc.)?
Environment:
- No Windows domain involved: no Active Directory, no Microsoft/Samba primary/secondary domain controller at all.
- Debian v8.2 "Jessie"
- Samba v4.1 (fresh install, no other shares)
- CUPS v1.7
- Windows workstations: Windows 7 & 8
- Linux workstations: Ubuntu 14.04
- Printers are: Xerox and HP
- HPLIP v3.14.6
smb.conf (all package's default settings):
[global]
workgroup = MYWORKGRP
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
From what I read, many uses Samba to share files and printers on a Windows network so I am pretty sure I am missing something somewhere…
Best Answer
1.
So your first problem seems to be this:
Note, that the Windows clients do not retrieve their printer drivers from CUPS, and CUPS itself cannot communicate with the Windows clients directly.
Only Samba can do that, so Windows clients will retrieve their printer drivers from Samba. Samba poses as a Windows print server for the clients, and Samba will also provide a special share (listed
[print$]in smb.conf) for clients to auto-install the drivers from. (You should try to use the UNC path of\\myserver\print$or\\myworkstation\print$in Windows explorer and see the drivers from any host which shares a printer.)Windows users need a special privilege in to administer printers and configuring/uploading drivers. This privilege was named
SePrintOperatorPrivilegeby Microsoft.Samba implements the SMB set of Windows networking protocols and procedures so Windows clients can use its services.
Hence, only users which have this privilege granted can upload and preconfigure printer drivers to a Samba server, just like it would be the case for a Windows print server.
Typically, you would want to grant the privilege to the Domain Admins group, plus, maybe another Domain Group you may have called Our Printer Admins. I now assume your domain name is MYDOMAIN.
To grant the named user groups that right, execute the following commands:
In each case you'll be prompted to supply the domain admin password:
If you know this password and everything works, you'll see this confirmation:
Of course, you could grant this privilege to one or more individual domain users (example above:
MYDOMAIN\User54321) too. But this is not recommended. Better grant the privilege to a group instead of individual accounts. This enables you to add and revoke the privilege by updating the group membership.To list all users and groups having the
SePrintOperatorPrivilegeprivilege granted, enter:You should see the following output:
You've now created the pre-condition that users listed above can upload and install printer drivers to your Samba server.
(Update: Just had a closer look at the smb.conf you quoted above... Replace MYDOMAIN\ with MYWORKGRP\ for the commands I gave, or skip it altogether and just use a user name or a group name known to Samba. You could possibly also temporarily try
guest ok = yesinside the[print$]stanza. Don't forget to set it back tonoonce your drivers are in place...)2.
Your second problem seems to be:
CUPS by default does not "filter" print jobs it gets handed over by Samba. It processes them as "raw" jobs and just passes them to the real print hardware device.
So if the driver is correctly installed on the Windows print clients, whatever job options they click, should be honored by the printer, regardless of default settings which may be configured into CUPS for CUPS-local printing...
You cannot "make" CUPS use user's settings -- CUPS will just pass them through.