# [solved] Cups / Samba Issues

## risq

Hi,

i installed a printer on my gentoo server, which works locally but i cannot print from windows clients. 

The printer is attached locally via USB, sharing should work trough Samba. I used this kind of setup quite often, never ran into any problems.

What i did so far:

- Installed the printer via ppd File

- Did a test print locally, everthing works fine

- Found the printer over network, installed the x64 driver on Windows

->Test print is only Garbage (EOF)

->  cat /var/log/cups/error_log 

```

E [06/Apr/2012:18:18:41 +0200] Unable to encrypt connection from 10.10.1.121!

E [06/Apr/2012:18:18:41 +0200] error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

E [06/Apr/2012:18:18:51 +0200] Unable to encrypt connection from 10.10.1.121!

E [06/Apr/2012:18:18:51 +0200] Unable to encrypt connection from 10.10.1.121!

E [06/Apr/2012:18:18:51 +0200] Unable to encrypt connection from 10.10.1.121!

E [06/Apr/2012:18:18:51 +0200] Unable to encrypt connection from 10.10.1.121!

```

Smb.conf:

```

security = user

load printers = yes

printing = cups

[printers]

comment      = All printers

path         = /var/spool/samba

browseable   = yes

guest ok     = yes

writable     = no

printable    = yes

public       = yes

printer name = oki

```

Cups.conf.

```

#

# "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $"

#

# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a

# complete description of this file.

#

# Log general information in error_log - change "warn" to "debug"

# for troubleshooting...

LogLevel warn

# Administrator user group...

SystemGroup lpadmin

<Location />

Order allow,deny

Allow from 10.10.1.*

</Location>

# Only listen for connections from the local machine.

Listen *:631

Listen /var/run/cups/cups.sock

# Show shared printers on the local network.

Browsing On

BrowseOrder allow,deny

BrowseAllow all

BrowseLocalProtocols CUPS

# Default authentication type, when authentication is required...

DefaultAuthType Basic

# Restrict access to the server...

# Restrict access to the admin pages...

<Location /admin>

  Order allow,deny

</Location>

# Restrict access to configuration files...

<Location /admin/conf>

  AuthType Default

  Require user @SYSTEM

  Order allow,deny

</Location>

# Set the default printer/job policies...

<Policy default>

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

# Set the authenticated printer/job policies...

<Policy authenticated>

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    AuthType Default

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

```

Any hints welcome..Last edited by risq on Tue Apr 24, 2012 9:26 pm; edited 1 time in total

----------

## risq

i still need help on this one

----------

## mvaterlaus

to help you on your problem, it would be nice to know, what printer model you are using. also have you defined a raw queue for printing from windows? afaik, the windows driver formats the output, which will be printed as is, if you use a raw queue. if you are not using a raw queue, cups will reinterpret the output from windows, which could generate a mess when printing.

----------

## dansou90

For printing through samba, you don't need to configure the printer in samba. You just need to tell samba that there are printers on your system which should be used from the network. I have a similar setup like you (still on a Debian system, but this doesn't matter); the [printers] section of my smb.conf is looking this way:

```
[printers]

        comment = All Printers

        path = /var/spool/samba

        create mask = 0700

        printable = Yes

        browseable = No
```

Then you have to configure the printer in cups as network printer (that means, to share it over the network). This can easily be done through the cups web interface which is located at port 631 of your server, so simply type in a web browser on your server"localhost:631". If you access the server from another computer in the network, you have to replace localhost with the IP Address of your server. Also you have to make sure that you can access the admin pages of the web interface from another computer, so check the relevant part of your cups.conf. For me, this setup is working (It is also possible to print from x64 Win7 via cups/samba).

----------

## risq

thx for your replys.

i dont know much raw queues, the goal is to choose a printer driver on the windows client, so cups dont have to provide any drivers.

i just figured out that choosing a pcl driver with windows would work ! but as soon as i switch to the postscript driver under windows, printing wont work, same configuration with samba and cups. 

so do i have to do anything special to make postscript work?

?!

----------

## dansou90

You have to configure the Postscript Driver in the Cups web interface. For this, you have to search for a ppd-File on your own... maybe on the manufacturers site or at openprinting.org.

----------

## risq

i already used the postscript driver when i installed the printer via cups. but when i connect from a windows pc i have to choose the pcl driver, otherwise (with the windows postscript driver) printing does not work

?! still looking for help on this one..

----------

## dansou90

How is authentication set up on your samba server? After reviewing your error log and comparing your smb.conf to mine I think your problem has to do something with the authentication of the users on the network with the samba server. If someone wants to print on my printer, he/she has to authenticate through a simple bash script which adds some network shares (home and exchange), after that they are allowed to print. The line

```
E [06/Apr/2012:18:18:41 +0200] error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 
```

says that the server doesn't know the client... so this should be your problem. Just for completion, here is my full smb.conf:

```
[global]

        workgroup = HOME

        server string = %h server

        interfaces = 127.0.0.1, eth0

        bind interfaces only = Yes

        obey pam restrictions = Yes

        passdb backend = smbpasswd

        pam password change = Yes

        passwd program = /usr/bin/passwd %u

        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

        username map = /etc/samba/smbpasswd

        unix password sync = Yes

        syslog = 0

        log file = /var/log/samba/log.%m

        max log size = 1000

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        printcap name = cups

        dns proxy = No

        panic action = /usr/share/samba/panic-action %d

[homes]

        comment = Home Directories

        valid users = %S

        read only = No

        create mask = 0770

        directory mask = 0770

        browseable = No

[printers]

        comment = All Printers

        path = /var/spool/samba

        create mask = 0700

        printable = Yes

        browseable = No

[print$]

        comment = Printer Drivers

        path = /var/lib/samba/printers

[exchange]

        comment = allgemeiner Datenaustausch

        path = /home/exchange

        read only = No
```

My directory structure under /home is built as follows:

```
/home

/home/user

/home/user/<username1>

/home/user/<username2>

...

/home/exchange
```

Maybe this helps...

----------

## darkphader

Try the following.

Add to these sections:

```
[global]

printing = cups

printcap name = cups
```

```
[printers]

cups options = raw
```

EDIT: to correct typoLast edited by darkphader on Sat Apr 21, 2012 2:33 pm; edited 1 time in total

----------

## darkphader

 *risq wrote:*   

> i already used the postscript driver when i installed the printer via cups. but when i connect from a windows pc i have to choose the pcl driver, otherwise (with the windows postscript driver) printing does not work

 

Should not be a problem. The "raw" option I posted should ameliorate. If not just create a new raw printer queue in cups just for Windows boxen.

----------

## risq

 *darkphader wrote:*   

> Try the following.
> 
> Add to these sections:
> 
> ```
> ...

 

this works!  (my printer section is called [printers] though, dont know if that matters). thx a lot ! i still wonder why i never came across this problem, i installed quite a few printers with samba/cups before, never used to option or mabye that option was defaulted in some version before?!..

----------

## darkphader

 *risq wrote:*   

> this works!  (my printer section is called [printers] though, dont know if that matters).

 

Yes, it matters - I mistyped :)

EDIT: corrected the typo in the above post.

----------

