Create PDF using SAMBA Printing ------------------------------- 2008-01-03 Purpose: Create a Samba shared printer on CentOS which will output color PDF files that all users in a Windows Server 2003 AD based environment using Windows XP Professional workstations are able to connect to, install, and use... all as a regular local user on their specific workstation (no local admin rights). The PDF output will be automatically placed in the user's home folder in a folder called PDFDropBox located on a W2K3 SP2 file server. This works with Windows Server 2003 Active Directory and probably also with 2000. You will need ghostscript, Samba 3.x or greater and a color PS printer driver. 1. yum install ghostscript samba samba-client samba-common (ghostscript includes ps2pdf) 2. the .printpdfcred file (this contains nothing but the password for the W2K3HOSTNAME\pdfprinter user). Be sure you permission if properly. In this case, be sure the nobody user is the owner and chmod 600. ---BEGIN--- xxxxxxxx ----END---- 3. the W2K3HOSTNAME\pdfprinter local user needs write access to user home folders (I currently added it to W2K3HOSTNAME\Admninistrators group so the user has full rights by default). You could create your own group and setup more granular permissions if you desire so long as W2K3HOSTNAME\pdfprinter has write and create access to the user home folders. 4. copy this script to /usr/local/pdfprinter/printpdf and make it executable ---BEGIN--- #!/bin/sh # Convert a postscript file into a PDF document and save it to a non-persistent # Samba share. # # Arguments: # 1st - The name of the spool file # 2nd - The name of the win32 user who submitted the print (assumes a win32 # client computer) # Both arguments come from the "print command" in smb.conf # # John Bright, 2001, jbright@winfordeng.com wrote a very different original # script that I based my research on. # # David McDowell, 03/14/2007, turnpike420@gmail.com # # Set DATE which will be used in the PDF FILENAME DATE=`date +%b%d-%H%M%S` # Set USER to $2 (2nd arg) which will be used in the PDF FILENAME USER="$2" # Set the FILENAME. FILENAME="$USER-$DATE.pdf" # Create secure tempfile TMPFILE=`mktemp` || exit 1 # Create PDF ps2pdf $1 $TMPFILE # Move tempfile to FILENAME with smbclient smbclient //W2K3HOSTNAME/users `cat /path/to/.printpdfcred` -W W2K3HOSTNAME -U pdfprinter -c "cd $USER; mkdir PDFdropbox; cd PDFdropbox; put $TMPFILE $FILENAME" # Remove leftover garbage rm $1 rm $TMPFILE ----END---- 5. check /etc/samba/smb.conf for these settings ---BEGIN--- [global] netbios name = LINUXHOSTNAME workgroup = DOMAINNAME server string = LINUXHOSTNAME map to guest = bad password preferred master = no domain master = no local master = no hosts allow = 192.168.1. 127. interfaces = lo, 127.0.0.1, eth0, 192.168.1.99 socket address = 192.168.1.99 bind interfaces only = yes printcap name = /etc/printcap load printers = yes printing = lprng log file = /var/log/samba/%m.log security = user # The printer admin line must be active to begin this process, it will be commented later. printer admin = nobody [pdf] comment = Virtual PDF Printer path = /tmp printable = yes guest ok = yes print command = /usr/local/pdfprinter/printpdf %s %U lpq command = lprm command = # printer driver = "HP Business Inkjet 3000 PS" # printer driver location = "\\LINUXHOSTNAME\print$" [print$] comment = Printer Driver Download Area path = /etc/samba/printdrivers/ guest ok = yes browseable = yes read only = yes # The write list line must be active to begin this process, it will be commented later. write list = nobody -----END----- 6. create these directories and make sure to add write permissions mkdir /etc/samba/printdrivers (owner is root:root) mkdir /etc/samba/printdrivers/W32X86 mkdir /etc/samba/printdrivers/W32X86/3 chmod --recursive a+w /etc/samba/printdrivers 7. service smb restart 8. from Windows XP - Start - Run: rundll32 printui.dll,PrintUIEntry /s /t2 /n\\LINUXHOSTNAME to install the driver for the "HP Business Inkjet 3000 PS" by pointing to the driver install files .inf file. (You can choose any modern color PS driver as far as I know, just name it accordingly where required.) 9. now set the driver to the defined printer in samba, so on LINUXHOSTNAME do: rpcclient -U'DOMAINNAME\yourusername' -c 'setdriver pdf "HP Business Inkjet 3000 PS"' LINUXHOSTNAME 10. comment out 2 lines in smb.conf [global] # printer admin = nobody [print$] # write list = nobody 11. Undo permissions granted earlier and restart samba: chown --recursive root.root /etc/samba/printdrivers chmod --recursive og-w /etc/samba/printdrivers service smb restart 12. To add the Samba LINUXHOSTNAME to AD: http://www.turnpike420.net/linux/Samba_add_to_AD.txt 13. Add the samba printer to the Directory: http://www.turnpike420.net/linux/Samba_printer_add_to_directory.txt NOTE: Use #12 if you don't want to use the Point and Print Restriction method described below: If you don't do #12, you CAN install the SMB PDF printer as a local administrator on your Windows XP workstations, however, what admin has that kind of time? We want users to be able to add this printer on their own. You have to go another step further or this will fail for regular local users. The error you will encounter says the local policy does not allow the driver to be installed. Why? http://support.microsoft.com/kb/319939 So, you could setup Group Policy (Local Computer Policy) - run gpedit.msc User configuration - Administrative Templates - Control Panel - Printers Point and Print Restrictions - set to Disabled This would require that you have GP implemented and want to admin your workstations in this manner.