# Making Samba ready for Windows Vista (32/64 bit)

## SkyBeam

Making Samba ready for Windows Vista (32/64 bit, roaming profiles and automatic printer driver deployment)

This is a small summary about my experiences when upgrading to Windows Vista x64 on all my desktops. So I decided to write this small how-to hoping it is useful for anybody else.

1. Roaming profiles

First of all you have to know that Windows Vista is creating a completely fresh profile from scratch. It does not migrate anything from any previously existing roaming profile. Even the "File and Settings Transfer Wizard" (included in Windows XP) is not available any more. So there is no easy way to transfer your existing profile from pre-Vista versions to Vista!

Microsoft offers some tools (look at the Userstate Migration Tool - USMT) but none of them really fit my needs in automatically migrating a full XP profile to Vista by keeping all application data and all registry values.

Anyway - the first thing you have to know is that Vista adds a suffix to the path specified in the "logon path" property of Samba which specifies the location of the roaming profiles. The suffix is named ".V2".

Example:

Store roaming profiles within \\<logonserver>\profile\.winprofile:

```

[general]

...

logon path = \\%L\profile\.winprofile

...

[profile]

        comment = User Profiles

        path = /data/home/%U

        profile acls = Yes

        csc policy = disable

        valid users = %U

        read only = No

        create mask = 0600

        directory mask = 0700

```

Vista will store the profiles at

```

\\<logonserver>\profile\.winprofile.V2

```

NOTE: Vista will try to create the .winprofile.V2 folder if it does not exist.

This will only work if the profile share is fully writeable by the accessing user. From my point of view this is an issue which Microsoft never addressed since roaming profiles have been invented. Any user could access the profile share and create any folder there to store any garbage which pollutes the profile server. At least the newly created .winprofile.V2 folder will have access rights set which only allows the creating user to access the folder.

With Samba you can work around this problem by redirecting the "profile" share to a user-specific directory as I did it above. This prevents users to see the directories of other users. I even store the Windows profile in a sub-folder of their home directory. This allows power-users to verify which files are synchronized to the server while non-experienced users will not notice the additional (hidden) .winprofile folder on their home drive. By the way - the /data/home/%U folder is attached as a network drive for the users by the logon script.

There are some discussions about the path to the profile. Some users suggest to use "logon path = \\%L\profile" and a share definition similar to the one above. However as you can see this will not work for Windows Vista since it will try to access \\<server>\profile.V2. Of course you can create this share as well but I think the solution I am using is much more flexible (even if MS decides to use ".V3" suffix in the future) and I don't have to pollute my smb.conf with OS-specific shares.

32-bit and 64-bit Printer drivers mixed

As I still want to support 32-bit clients and added some 64-bit clients I decided to add 64-bit printer drivers simultanously. Of course this is optional but it's very handy if the print server supplies the correct drivers directly from the server. So no prior software/driver installation on cliend side is needed - just connect the printer.

1. Create print$ share:

Windows needs the print$ share on the server which supplies the print spooler:

```

[print$]

        comment = Printer Drivers

        # point to the drivers

        path = /etc/samba/printer

        guest ok = yes

        browseable = yes

        read only = yes

        write list = root

```

NOTE: I decided to add the printer drivers directly to my configuration at /etc/samba/printer in order to have it backed up automatically. Of course any other location can do the job here as well.

Then create the folder structure to put the drivers to. You might use this simple script to create the architecture-specific folders:

```

BASEDIR=/etc/samba/printers

for X in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86 WIN40 x64; do

  mkdir -p $BASEDIR/$X;

done

```

The next thing to do is to collect the printer driver files. To do so print out the Windows printer test page on a Windows PC where you manually installed the drivers. The test page will contain a list of driver files. This files need to be copied to the folder shared by the [print$]/<arch> share (see smb.conf in chapter 12.1). You can find the driver files at %SystemRoot%\System32\spool\drivers\<arch>\<2|3>.

WARNING: Do not copy the driver files to [print$]/<arch>/<2|3> sub-folder but only to the <arch> top folder.

For example copy %SystemRoot%\System32\spool\drivers\x64\UNIDRV.DLL to \\<server>\print$\x64\.

Then add the driver to your samba configuration (generic command line):

```

32-bit:

rpcclient -U <printadmin> -c 'adddriver "Windows NT x86" "<printerName>:<DriverFileName>:\

<DataFileName>:<ConfigFileName>:<HelpFileName>:LanguageMonitorName|NULL>:\

DefaultDataType|RAW:<CommaSeparatedListOfFiles>”’ localhost

64-bit:

rpcclient -U <printadmin> -c 'adddriver "Windows x64" "<printerName>:<DriverFileName>:\

<DataFileName>:<ConfigFileName>:<HelpFileName>:LanguageMonitorName|NULL>:\

DefaultDataType|RAW:<CommaSeparatedListOfFiles>”’ localhost

```

Example using my Lexmark Optra R Plus printer:

```

32-bit driver:

rpcclient -U root -c 'adddriver "Windows NT x86" "OptraRPlusPS2:lexpsnt3.dll:\

OPTRAP.PPD:LEXPSNTU.DLL:LEXPSNT.HLP:NULL:RAW:LEXUNST.ZIP,PTZIPW32.DLL,\

LEXPPDS.ZIP,LEXEDF.DLL,LEXCFI.DLL,LMPCLTHK.DLL,E32XBM.DLL,C910BM.DLL,\

C750BM.DLL,C720BM.DLL,C710BM.DLL,T62XBM.DLL,T61XBM.DLL,M410BM.DLL,\

W820BM.DLL,W810BM.DLL,E855BM.DLL,OC45BM.DLL,OC40BM.DLL,OC1200BM.DLL,\

K1220BM.DLL,SC1275BM.DLL,SC1275BM.DLL,OPTRASBM.DLL,LEXPSNT.ALL,\

LEXDRVIN.EXE,DRVNPANT.DLL,LEXMV95.HLP,PTAPIW32.DLL,PTRESW32.DLL,PTGUIW32.DLL,\

LEXPSNT.CNT,LEXPSHOW.HLP,LEXFNTRC.DLL,LEXDRVX.DLL,LEXPSLNG.DLL"' localhost

64-bit driver:

rpcclient -U root -c 'adddriver "Windows x64" "OptraRPlusPS2x64:UNIDRV.DLL:\

LXOPRP.GPD:UNIDRVUI.DLL:UNIDRV.HLP:NULL:RAW:OPTRARES.DLL,TTFSUB.GPD,\

UNIRES.DLL,STDNAMES.GPD,STDDTYPE.GDL,STDSCHEM.GDL,STDSCHMX.GDL"' localhost

```

Here's another example (this time 32-bit only, sorry) for the HP LaserJet 1022N printer:

```

rpcclient -U root -c 'adddriver "Windows NT x86" "HPLJ1022N:IMFNT5.DLL:\

SDhp1020.SDD:SDNT5UI.DLL:SDhp1020.HLP:NULL:RAW:SDhp1020.DLL,SUhp1020.DLL,\

SUhp1020.ENT,ZJBIG.DLL,ZLhp1020.DLL,SUXML.DLL,XERCES-C.DLL,hp1020.img,hp1022.img,\

hp1022n.img,ZSHP1020.EXE,ZSHP1020.HLP,SUhp1020.VER,VSHP1020.DLL,IMFPRINT.DLL,\

QDPRINT.DLL,SD32.DLL,SDIMF32.DLL,SDDM32.DLL,SDDMUI.DLL,SR32.DLL,ZGDI32.DLL,\

SDhp1020.UNZ,ZSPOOL.DLL,ZSPOOL32.EXE,ZTAG32.DLL,ZUNINST.EXE,ZLM.DLL,IMF32.DLL,\

SDNTUM4.DLL"' localhost

```

Please make sure that all the files listed here are accessible at the "[print$]/<arch>" folder. Again, the list of files can be found on a test-printout done on a sample machine where you manually  installed the printer driver once. It seems to be possible to add new drivers directly within the printer properties on the samba share by the printer admin. To do so point your Windows machine to "\\<samba-server>", then open the Printers folder, right click the printer, select properties, go to Advanced and hit the New Driver... button.

However I never tried this method.

Now the drivers are installed and need to be bound to a bound to an existing printer.

The generic command to bind a driver looks as follows:

```

rpcclient -U <printadmin> -c 'setdriver <printer> <printDriver>’ <host>

```

So for my Optra R Plus printer I used:

```

rpcclient -U root -c 'setdriver OptraRPlusPS2 OptraRPlusPS2' localhost

rpcclient -U root -c 'setdriver OptraRPlusPS2 OptraRPlusPS2x64' localhost

```

NOTE: I issued 2 commands in order to bind the 32-bit and the 64-bit driver. Windows will automatically look for the right one.

Finally you can check the driver integration by issuing

```

rpcclient -U root -c 'enumdrivers' localhost

```

It should yield an output like

```

[Windows NT x86]

Printer Driver Info 1:

        Driver Name: [OptraRPlusPS2]

[Windows x64]

Printer Driver Info 1:

        Driver Name: [OptraRPlusPS2x64]

```

done.

Annex, smb.conf

For completeness I am attaching the relevant portions of my samba configuration here. I hope it's complete since I ripped out some things which I think are not relevant here. WARNING: It's using LDAP passdb backend - so you might not simply copy it for your server.

```

# Global parameters

[global]

   # ############################################################################

   # global parameters

   # ############################################################################

   workgroup = DOMAIN

   netbios name = server

   # server string = Samba %v

   server string = My LAN server

   encrypt passwords = Yes

   map to guest = Bad User

   time server = Yes

   domain master = Yes

   os level = 64

   preferred master = Yes

   domain logons = Yes

   passdb backend = ldapsam:ldap://127.0.0.1/

   pam password change = Yes

   # passwd chat debug = Yes

   idmap backend = ldap:ldap://127.0.0.1/

   # ############################################################################

   # user management

   # ############################################################################

   admin users = root, Administrator

   # Uncomment this if you want a guest account, you must add this to /etc/passwd

   # otherwise the user "nobody" is used

   # guest account = pcguest

   # ############################################################################

   # user management

   # ############################################################################

   # file based

   # add user script               = /usr/sbin/useradd -g 10000 -d /dev/null -s /bin/false %u

   # delete user script            = /usr/sbin/userdel '%s'

   # add group script              = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

   # delete group script           = /usr/sbin/groupdel '%g'

   # add user to group script      = /usr/bin/gpasswd -a '%u' '%g'

   # delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

   # set primary group script      = /usr/sbin/usrermod -g '%g' '%u'

   # add machine script            = /usr/sbin/useradd -g 10002 -d /dev/null -s /bin/false -M '%u'

   # LDAP based

   add user script               = /usr/sbin/smbldap-useradd -a -m "%u"

   # add user script             = /usr/sbin/smbldap-useradd –m -A 1 -B 1 –a "%u"

   delete user script            = /usr/sbin/smbldap-userdel "%u"

   add group script              = /usr/sbin/smbldap-groupadd –p "%g"

   delete group script           = /usr/sbin/smbldap-groupdel "%g"

   add user to group script      = /usr/sbin/smbldap-groupmod –m "%u" "%g"

   delete user from group script = /usr/sbin/smbldap-groupmod –x "%u" "%g"

   set primary group script      = /usr/sbin/smbldap-usermod –g "%u" "%g"

   add machine script            = /usr/sbin/smbldap-useradd -a -w "%u"

   # ############################################################################

   # net logon

   # ############################################################################

   # logon script = logon.bat

   logon script = KIX32.exe logon.kix

   # NOTE: Windows Vista will add a ".V2" suffix to the path

   #       e.g. \\%L\profile\.winprofile.V2

   logon path = \\%L\profile\.winprofile

   logon drive = N:

   logon home = \\%L\%U

   # ############################################################################

   # log settings

   # ############################################################################

   # log level = 5 passdb:5 auth:10 winbind:2

   # log level = 3 passdb:1 auth:1 winbind:1

   # log almost only file-accesses

   # log level = 2 passdb:0 auth:0 winbind:0

   # no log

   log level = 0 passdb:0 auth:0 winbind:0

   log file = /var/log/samba/smb.%m

   max log size = 5000

   # ############################################################################

   # networking options

   # ############################################################################

   # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   socket options = TCP_NODELAY

   # hosts allow = 192.168.1. 192.168.2. 127.

   # dns proxy = no

   # read raw = yes

   # write raw = yes

   wins support = yes

   dns proxy = yes

   interfaces = eth0

   # ############################################################################

   # access options

   # ############################################################################

   # used for network boot

   null passwords = true

   # security = user

   # ############################################################################

   # files and directories

   # ############################################################################

   # lock directory = /var/cache/samba/

   pid directory = /var/run/samba

   dont descend = lost+found

   # file naming options

   # preserve case = yes

   # short preserve case = yes

   # case sensitive = no

   # oplock break wait time = 30

   # veto files = /*.eml/*.nws/riched20.dll/*.{*}/

   veto files = /lost+found/*.eml/*.nws/*.{*}/

   # ############################################################################

   # printing

   # ############################################################################

   # printer admins, default: root

   # printer admin = @adm root rme

   load printers = yes

   printing = cups

   # printcap name = cups

   # ############################################################################

   # antivirus

   # ############################################################################

   # vfs object = vscan-clamav

   # vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

   # ############################################################################

   # FAM file alteration monitor

   # ############################################################################

   # fam change notify = yes

   # ############################################################################

   # LDAP configuration

   # ############################################################################

   ldap admin dn = cn=admin,dc=mydomain,dc=local

   ldap delete dn = Yes

   ldap user suffix = ou=Users

   ldap group suffix = ou=Groups

   ldap machine suffix = ou=Computers

   ldap idmap suffix = ou=Idmap

   ldap passwd sync = Yes

   ldap suffix = dc=mydomain,dc=local

   # ldap ssl= No

   # host msdfs = Yes

[netlogon]

   comment = Network Logon Service

   guest ok = yes

   read only = yes

   path = /data/netlogon

[homes]

   comment = Home Directories

   path = /data/home/%U

   read only = No

   create mask = 0640

   directory mask = 0750

   browseable = No

[profile]

   comment = User Profiles

   path = /data/home/%U

   profile acls = Yes

   csc policy = disable

   valid users = %U

   read only = No

   create mask = 0600

   directory mask = 0700

[print$]

   comment = Printer Drivers

   # point to the drivers

   path = /etc/samba/printer

   guest ok = yes

   browseable = yes

   read only = yes

   write list = root

   

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = No

   public = Yes

   guest ok = yes

   read only = yes

   printable = Yes

   # printer admin = root

   # use client-side printer drivers:

   # print command = lpr-cups -P %p -o raw %s -r

   print command = lpr -P %p -r -oraw %s

   # use cups own drivers (use generic PostScript on clients):

   # print command = lpr-cups -P %p %s

   # The following two commands are the samba defaults for printing=cups

   # change them only if you need different options:

   ; lpq command = lpq -P %p

   ; lprm command = cancel %p-%j

```

----------

## Bones McCracker

Awesome.  Thank you for sharing.

Maybe somebody should put this in the Tips & Tricks forum.   :Smile: 

----------

## SkyBeam

 *BoneKracker wrote:*   

> Maybe somebody should put this in the Tips & Tricks forum.  

 

Well, you're right. I was looking for the most appropriate place to put it and somehow missed the Tips & Tricks.

Unfortunately it seems that I cannot move it. So a board administrator might do it.

Sorry.

----------

## Bones McCracker

 *SkyBeam wrote:*   

>  *BoneKracker wrote:*   Maybe somebody should put this in the Tips & Tricks forum.   
> 
> Well, you're right. I was looking for the most appropriate place to put it and somehow missed the Tips & Tricks.
> 
> Unfortunately it seems that I cannot move it. So a board administrator might do it.
> ...

 

That's not what I meant.    :Smile: 

I meant, "Wow, this is so good it ought to be where it's more likely to be captured and reused.

----------

## Psi15

Hi!

I have a HP Laserjet 1022 connected to my Samba Server (via CUPS), but when I try to install that printer on a Vista machine, I get a very strange Windows error (currently error 0x0000070c).

Did everything work for you without problems?

cheers

Philipp

----------

## Psi15

 *Psi15 wrote:*   

> Hi!
> 
> I have a HP Laserjet 1022 connected to my Samba Server (via CUPS), but when I try to install that printer on a Vista machine, I get a very strange Windows error (currently error 0x0000070c).
> 
> Did everything work for you without problems?
> ...

 

Ok - I fixed it myself. I forgot to uncomment one line in /etc/cups/mime.conf (the one about raw files). Now if I edit the printer settings to say "use spooling for printing" (sorry for the translation - my windows is german) it works pretty fine.

cheers

Philipp

----------

