Create PDF using SAMBA Printing ------------------------------- 2006-11-14 Purpose: Create a Samba shared printer on CentOS which will output color PDF files that all users in a Windows Server 2003 AD based environment using Windows XP Professional workstations are able to connect to, install, and use... all as a regular local user on their specific workstation (no local admin rights). The PDF output will be automatically placed in the user's home folder in a folder called PDFDropBox located on a W2K3 SP1 file server. This works with Windows Server 2003 Active Directory and probably also with 2000. You will need ghostscript and Samba 3.x or greater and a color PS printer driver. 1. yum install ghostscript samba samba-client samba-common (ghostscript includes ps2pdf) 2. create /mnt/users directory and add this new line to /etc/fstab: //W2K3HOSTNAME/Users /mnt/users smbfs uid=nobody,credentials=/path/to/.printpdfcred 0 0 3. the .printpdfcred file ---BEGIN--- username = W2K3HOSTNAME\pdfprinter password = xxxxxxxx ----END---- 4. the W2K3HOSTNAME\pdfprinter local user needs write access to user home folders (I currently added it to W2K3HOSTNAME\Admninistrators group so the user has full rights by default). You could create your own group and setup more granular permissions if you desire so long as W2K3HOSTNAME\pdfprinter has write and create access to the user home folders. 5. mount -a (this does the actual mount of your new fstab entry) 6. copy this script to /usr/bin/printpdf and make it executable ---BEGIN--- #!/bin/sh # Simple script to convert a specified postscript file into a PDF document # and place it in a location that is shared by the Samba server. # # Arguments: # 1st - The name of the spool file # # John Bright, 2001, jbright@winfordeng.com # # David McDowell, 04/04/2006, turnpike420@gmail.com # - set value "User = $2" which value comes from the %U in "print command" of smb.conf # - created filename="$User-$DATE.pdf" for personalized filename convention # - added mkdir -p line # - changed OUTDIR # We will create the pdf into a temporary file based upon the current date and time. # After we are finished, we'll rename it to a file with the same date, but ending # in .pdf. We do this because if a user tries to open a PDF that is still being written, # they will get a message that it is corrupt, when it is actually just not done yet. DATE=`date +%b%d-%H%M%S` User="$2" filename="$User-$DATE.pdf" # Directory in which to place the output # Be sure this directory exists and is writable by the user that Samba # is running as (for example, the nobody user) # # (In this case, the pdfprinter user discussed in #4 above) # mkdir -p /mnt/users/$User/PDFdropbox OUTDIR=/mnt/users/$User/PDFdropbox ps2pdf $1 /tmp/$User.$DATE.temp mv /tmp/$User.$DATE.temp $OUTDIR/$filename rm $1 ----END---- 7. check /etc/samba/smb.conf for these settings ---BEGIN--- [global] netbios name = LINUXHOSTNAME workgroup = DOMAINNAME server string = LINUXHOSTNAME map to guest = bad password preferred master = no domain master = no local master = no hosts allow = 192.168.1. 127. interfaces = lo, 127.0.0.1, eth0, 192.168.1.99 socket address = 192.168.1.99 bind interfaces only = yes printcap name = /etc/printcap load printers = yes printing = lprng log file = /var/log/samba/%m.log security = user # The printer admin line must be active to begin this process, it will be commented later. printer admin = nobody [pdf] comment = Virtual PDF Printer path = /tmp printable = yes guest ok = yes print command = /usr/bin/printpdf %s %U lpq command = lprm command = # printer driver = "HP Business Inkjet 3000 PS" # printer driver location = "\\LINUXHOSTNAME\print$" [print$] comment = Printer Driver Download Area path = /etc/samba/printdrivers/ guest ok = yes browseable = yes read only = yes # The write list line must be active to begin this process, it will be commented later. write list = nobody -----END----- 8. create these directories and make sure to add write permissions mkdir /etc/samba/printdrivers (owner is root:root) mkdir /etc/samba/printdrivers/W32X86 mkdir /etc/samba/printdrivers/W32X86/3 chmod --recursive a+w /etc/samba/printdrivers 9. service smb restart 10. from Windows XP - Start - Run: rundll32 printui.dll,PrintUIEntry /s /t2 /n\\LINUXHOSTNAME to install the driver for the HP Business Inkjet 3000 PS by pointing to the driver install files .inf file. (You can choose any modern color PS driver as far as I know, just name it accordingly where required.) 11. now set the driver to the defined printer in samba, so back to LINUXHOSTNAME do: rpcclient -U'DOMAINNAME\yourusername' -c 'setdriver pdf "HP Business Inkjet 3000 PS"' LINUXHOSTNAME 12. comment out 2 lines in smb.conf [global] # printer admin = nobody [print$] # write list = nobody 13. Undo permissions granted earlier and restart samba: chown --recursive root.root /etc/samba/printdrivers chmod --recursive og-w /etc/samba/printdrivers service smb restart At this point, you CAN install the SMB PDF printer as a local administrator on your Windows XP workstations, however, what admin has that kind of time? We want users to be able to add this printer on their own. You have to go another step further or this will fail for regular local users. The error you will encounter says the local policy does not allow the driver to be installed. Why? http://support.microsoft.com/kb/319939 So, you could setup Group Policy (Local Computer Policy) - run gpedit.msc User configuration - Administrative Templates - Control Panel - Printers Point and Print Restrictions - set to Disabled This would require that you have GP implemented and want to admin your workstations in this manner. The other method (the one we used) was to add the Samba LINUXHOSTNAME to our AD. Now the Point and Print Restriction is no longer valid as our machine is now part of AD. To add the Samba LINUXHOSTNAME to AD: http://www.turnpike420.net/linux/Samba_add_to_AD.txt