| View previous topic :: View next topic |
| Author |
Message |
SkyBeam
n00b
Joined: 27 Nov 2006
Posts: 17
Location: Switzerland
|
 Posted: Fri Dec 21, 2007 5:16 pm Post subject: Making Samba ready for Windows Vista (32/64 bit) |
 |
|
Making Samba ready for Windows Vista (32/64 bit, roaming profiles and automatic printer driver deployment)
This is a small summary about my experiences when upgrading to Windows Vista x64 on all my desktops. So I decided to write this small how-to hoping it is useful for anybody else.
1. Roaming profiles
First of all you have to know that Windows Vista is creating a completely fresh profile from scratch. It does not migrate anything from any previously existing roaming profile. Even the "File and Settings Transfer Wizard" (included in Windows XP) is not available any more. So there is no easy way to transfer your existing profile from pre-Vista versions to Vista!
Microsoft offers some tools (look at the Userstate Migration Tool - USMT) but none of them really fit my needs in automatically migrating a full XP profile to Vista by keeping all application data and all registry values.
Anyway - the first thing you have to know is that Vista adds a suffix to the path specified in the "logon path" property of Samba which specifies the location of the roaming profiles. The suffix is named ".V2".
Example:
Store roaming profiles within \\<logonserver>\profile\.winprofile:
| Code: |
[general]
...
logon path = \\%L\profile\.winprofile
...
[profile]
comment = User Profiles
path = /data/home/%U
profile acls = Yes
csc policy = disable
valid users = %U
read only = No
create mask = 0600
directory mask = 0700
|
Vista will store the profiles at
| Code: |
\\<logonserver>\profile\.winprofile.V2
|
NOTE: Vista will try to create the .winprofile.V2 folder if it does not exist.
This will only work if the profile share is fully writeable by the accessing user. From my point of view this is an issue which Microsoft never addressed since roaming profiles have been invented. Any user could access the profile share and create any folder there to store any garbage which pollutes the profile server. At least the newly created .winprofile.V2 folder will have access rights set which only allows the creating user to access the folder.
With Samba you can work around this problem by redirecting the "profile" share to a user-specific directory as I did it above. This prevents users to see the directories of other users. I even store the Windows profile in a sub-folder of their home directory. This allows power-users to verify which files are synchronized to the server while non-experienced users will not notice the additional (hidden) .winprofile folder on their home drive. By the way - the /data/home/%U folder is attached as a network drive for the users by the logon script.
There are some discussions about the path to the profile. Some users suggest to use "logon path = \\%L\profile" and a share definition similar to the one above. However as you can see this will not work for Windows Vista since it will try to access \\<server>\profile.V2. Of course you can create this share as well but I think the solution I am using is much more flexible (even if MS decides to use ".V3" suffix in the future) and I don't have to pollute my smb.conf with OS-specific shares.
32-bit and 64-bit Printer drivers mixed
As I still want to support 32-bit clients and added some 64-bit clients I decided to add 64-bit printer drivers simultanously. Of course this is optional but it's very handy if the print server supplies the correct drivers directly from the server. So no prior software/driver installation on cliend side is needed - just connect the printer.
1. Create print$ share:
Windows needs the print$ share on the server which supplies the print spooler:
| Code: |
[print$]
comment = Printer Drivers
# point to the drivers
path = /etc/samba/printer
guest ok = yes
browseable = yes
read only = yes
write list = root
|
NOTE: I decided to add the printer drivers directly to my configuration at /etc/samba/printer in order to have it backed up automatically. Of course any other location can do the job here as well.
Then create the folder structure to put the drivers to. You might use this simple script to create the architecture-specific folders:
| Code: |
BASEDIR=/etc/samba/printers
for X in COLOR IA64 W32ALPHA W32MIPS W32PPC W32X86 WIN40 x64; do
mkdir -p $BASEDIR/$X;
done
|
The next thing to do is to collect the printer driver files. To do so print out the Windows printer test page on a Windows PC where you manually installed the drivers. The test page will contain a list of driver files. This files need to be copied to the folder shared by the [print$]/<arch> share (see smb.conf in chapter 12.1). You can find the driver files at %SystemRoot%\System32\spool\drivers\<arch>\<2|3>.
WARNING: Do not copy the driver files to [print$]/<arch>/<2|3> sub-folder but only to the <arch> top folder.
For example copy %SystemRoot%\System32\spool\drivers\x64\UNIDRV.DLL to \\<server>\print$\x64\.
Then add the driver to your samba configuration (generic command line):
| Code: |
32-bit:
rpcclient -U <printadmin> -c 'adddriver "Windows NT x86" "<printerName>:<DriverFileName>:\
<DataFileName>:<ConfigFileName>:<HelpFileName>:LanguageMonitorName|NULL>:\
DefaultDataType|RAW:<CommaSeparatedListOfFiles>”’ localhost
64-bit:
rpcclient -U <printadmin> -c 'adddriver "Windows x64" "<printerName>:<DriverFileName>:\
<DataFileName>:<ConfigFileName>:<HelpFileName>:LanguageMonitorName|NULL>:\
DefaultDataType|RAW:<CommaSeparatedListOfFiles>”’ localhost
|
Example using my Lexmark Optra R Plus printer:
| Code: |
32-bit driver:
rpcclient -U root -c 'adddriver "Windows NT x86" "OptraRPlusPS2:lexpsnt3.dll:\
OPTRAP.PPD:LEXPSNTU.DLL:LEXPSNT.HLP:NULL:RAW:LEXUNST.ZIP,PTZIPW32.DLL,\
LEXPPDS.ZIP,LEXEDF.DLL,LEXCFI.DLL,LMPCLTHK.DLL,E32XBM.DLL,C910BM.DLL,\
C750BM.DLL,C720BM.DLL,C710BM.DLL,T62XBM.DLL,T61XBM.DLL,M410BM.DLL,\
W820BM.DLL,W810BM.DLL,E855BM.DLL,OC45BM.DLL,OC40BM.DLL,OC1200BM.DLL,\
K1220BM.DLL,SC1275BM.DLL,SC1275BM.DLL,OPTRASBM.DLL,LEXPSNT.ALL,\
LEXDRVIN.EXE,DRVNPANT.DLL,LEXMV95.HLP,PTAPIW32.DLL,PTRESW32.DLL,PTGUIW32.DLL,\
LEXPSNT.CNT,LEXPSHOW.HLP,LEXFNTRC.DLL,LEXDRVX.DLL,LEXPSLNG.DLL"' localhost
64-bit driver:
rpcclient -U root -c 'adddriver "Windows x64" "OptraRPlusPS2x64:UNIDRV.DLL:\
LXOPRP.GPD:UNIDRVUI.DLL:UNIDRV.HLP:NULL:RAW:OPTRARES.DLL,TTFSUB.GPD,\
UNIRES.DLL,STDNAMES.GPD,STDDTYPE.GDL,STDSCHEM.GDL,STDSCHMX.GDL"' localhost
|
Here's another example (this time 32-bit only, sorry) for the HP LaserJet 1022N printer:
| Code: |
rpcclient -U root -c 'adddriver "Windows NT x86" "HPLJ1022N:IMFNT5.DLL:\
SDhp1020.SDD:SDNT5UI.DLL:SDhp1020.HLP:NULL:RAW:SDhp1020.DLL,SUhp1020.DLL,\
SUhp1020.ENT,ZJBIG.DLL,ZLhp1020.DLL,SUXML.DLL,XERCES-C.DLL,hp1020.img,hp1022.img,\
hp1022n.img,ZSHP1020.EXE,ZSHP1020.HLP,SUhp1020.VER,VSHP1020.DLL,IMFPRINT.DLL,\
QDPRINT.DLL,SD32.DLL,SDIMF32.DLL,SDDM32.DLL,SDDMUI.DLL,SR32.DLL,ZGDI32.DLL,\
SDhp1020.UNZ,ZSPOOL.DLL,ZSPOOL32.EXE,ZTAG32.DLL,ZUNINST.EXE,ZLM.DLL,IMF32.DLL,\
SDNTUM4.DLL"' localhost
|
Please make sure that all the files listed here are accessible at the "[print$]/<arch>" folder. Again, the list of files can be found on a test-printout done on a sample machine where you manually installed the printer driver once. It seems to be possible to add new drivers directly within the printer properties on the samba share by the printer admin. To do so point your Windows machine to "\\<samba-server>", then open the Printers folder, right click the printer, select properties, go to Advanced and hit the New Driver... button.
However I never tried this method.
Now the drivers are installed and need to be bound to a bound to an existing printer.
The generic command to bind a driver looks as follows:
| Code: |
rpcclient -U <printadmin> -c 'setdriver <printer> <printDriver>’ <host>
|
So for my Optra R Plus printer I used:
| Code: |
rpcclient -U root -c 'setdriver OptraRPlusPS2 OptraRPlusPS2' localhost
rpcclient -U root -c 'setdriver OptraRPlusPS2 OptraRPlusPS2x64' localhost
|
NOTE: I issued 2 commands in order to bind the 32-bit and the 64-bit driver. Windows will automatically look for the right one.
Finally you can check the driver integration by issuing
| Code: |
rpcclient -U root -c 'enumdrivers' localhost
|
It should yield an output like
| Code: |
[Windows NT x86]
Printer Driver Info 1:
Driver Name: [OptraRPlusPS2]
[Windows x64]
Printer Driver Info 1:
Driver Name: [OptraRPlusPS2x64]
|
done.
Annex, smb.conf
For completeness I am attaching the relevant portions of my samba configuration here. I hope it's complete since I ripped out some things which I think are not relevant here. WARNING: It's using LDAP passdb backend - so you might not simply copy it for your server.
| Code: |
# Global parameters
[global]
# ############################################################################
# global parameters
# ############################################################################
workgroup = DOMAIN
netbios name = server
# server string = Samba %v
server string = My LAN server
encrypt passwords = Yes
map to guest = Bad User
time server = Yes
domain master = Yes
os level = 64
preferred master = Yes
domain logons = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
pam password change = Yes
# passwd chat debug = Yes
idmap backend = ldap:ldap://127.0.0.1/
# ############################################################################
# user management
# ############################################################################
admin users = root, Administrator
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
# guest account = pcguest
# ############################################################################
# user management
# ############################################################################
# file based
# add user script = /usr/sbin/useradd -g 10000 -d /dev/null -s /bin/false %u
# delete user script = /usr/sbin/userdel '%s'
# add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
# delete group script = /usr/sbin/groupdel '%g'
# add user to group script = /usr/bin/gpasswd -a '%u' '%g'
# delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
# set primary group script = /usr/sbin/usrermod -g '%g' '%u'
# add machine script = /usr/sbin/useradd -g 10002 -d /dev/null -s /bin/false -M '%u'
# LDAP based
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
# add user script = /usr/sbin/smbldap-useradd –m -A 1 -B 1 –a "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd –p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod –m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod –x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod –g "%u" "%g"
add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
# ############################################################################
# net logon
# ############################################################################
# logon script = logon.bat
logon script = KIX32.exe logon.kix
# NOTE: Windows Vista will add a ".V2" suffix to the path
# e.g. \\%L\profile\.winprofile.V2
logon path = \\%L\profile\.winprofile
logon drive = N:
logon home = \\%L\%U
# ############################################################################
# log settings
# ############################################################################
# log level = 5 passdb:5 auth:10 winbind:2
# log level = 3 passdb:1 auth:1 winbind:1
# log almost only file-accesses
# log level = 2 passdb:0 auth:0 winbind:0
# no log
log level = 0 passdb:0 auth:0 winbind:0
log file = /var/log/samba/smb.%m
max log size = 5000
# ############################################################################
# networking options
# ############################################################################
# socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# hosts allow = 192.168.1. 192.168.2. 127.
# dns proxy = no
# read raw = yes
# write raw = yes
wins support = yes
dns proxy = yes
interfaces = eth0
# ############################################################################
# access options
# ############################################################################
# used for network boot
null passwords = true
# security = user
# ############################################################################
# files and directories
# ############################################################################
# lock directory = /var/cache/samba/
pid directory = /var/run/samba
dont descend = lost+found
# file naming options
# preserve case = yes
# short preserve case = yes
# case sensitive = no
# oplock break wait time = 30
# veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto files = /lost+found/*.eml/*.nws/*.{*}/
# ############################################################################
# printing
# ############################################################################
# printer admins, default: root
# printer admin = @adm root rme
load printers = yes
printing = cups
# printcap name = cups
# ############################################################################
# antivirus
# ############################################################################
# vfs object = vscan-clamav
# vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
# ############################################################################
# FAM file alteration monitor
# ############################################################################
# fam change notify = yes
# ############################################################################
# LDAP configuration
# ############################################################################
ldap admin dn = cn=admin,dc=mydomain,dc=local
ldap delete dn = Yes
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=local
# ldap ssl= No
# host msdfs = Yes
[netlogon]
comment = Network Logon Service
guest ok = yes
read only = yes
path = /data/netlogon
[homes]
comment = Home Directories
path = /data/home/%U
read only = No
create mask = 0640
directory mask = 0750
browseable = No
[profile]
comment = User Profiles
path = /data/home/%U
profile acls = Yes
csc policy = disable
valid users = %U
read only = No
create mask = 0600
directory mask = 0700
[print$]
comment = Printer Drivers
# point to the drivers
path = /etc/samba/printer
guest ok = yes
browseable = yes
read only = yes
write list = root
[printers]
comment = All Printers
path = /var/spool/samba
browseable = No
public = Yes
guest ok = yes
read only = yes
printable = Yes
# printer admin = root
# use client-side printer drivers:
# print command = lpr-cups -P %p -o raw %s -r
print command = lpr -P %p -r -oraw %s
# use cups own drivers (use generic PostScript on clients):
# print command = lpr-cups -P %p %s
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
; lpq command = lpq -P %p
; lprm command = cancel %p-%j
|
_________________
SkyBeam :: the sky isn't the limit |
|
| Back to top |
|
 |
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Mon Dec 24, 2007 12:18 pm Post subject: |
|
|
Awesome. Thank you for sharing.
Maybe somebody should put this in the Tips & Tricks forum.  |
|
| Back to top |
|
|
SkyBeam
n00b
Joined: 27 Nov 2006
Posts: 17
Location: Switzerland
|
| Posted: Mon Dec 24, 2007 5:55 pm Post subject: |
|
|
| BoneKracker wrote: | | Maybe somebody should put this in the Tips & Tricks forum. |
Well, you're right. I was looking for the most appropriate place to put it and somehow missed the Tips & Tricks.
Unfortunately it seems that I cannot move it. So a board administrator might do it.
Sorry.
_________________
SkyBeam :: the sky isn't the limit |
|
| Back to top |
|
|
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Tue Dec 25, 2007 12:30 am Post subject: |
|
|
| SkyBeam wrote: | | BoneKracker wrote: | | Maybe somebody should put this in the Tips & Tricks forum. |
Well, you're right. I was looking for the most appropriate place to put it and somehow missed the Tips & Tricks.
Unfortunately it seems that I cannot move it. So a board administrator might do it.
Sorry. |
That's not what I meant.
I meant, "Wow, this is so good it ought to be where it's more likely to be captured and reused. |
|
| Back to top |
|
|
Psi15
Tux's lil' helper
Joined: 07 Jan 2003
Posts: 86
Location: Vienna
|
| Posted: Fri Jul 11, 2008 4:03 pm Post subject: |
|
|
Hi!
I have a HP Laserjet 1022 connected to my Samba Server (via CUPS), but when I try to install that printer on a Vista machine, I get a very strange Windows error (currently error 0x0000070c).
Did everything work for you without problems?
cheers
Philipp |
|
| Back to top |
|
|
Psi15
Tux's lil' helper
Joined: 07 Jan 2003
Posts: 86
Location: Vienna
|
| Posted: Fri Jul 11, 2008 4:07 pm Post subject: |
|
|
| Psi15 wrote: | Hi!
I have a HP Laserjet 1022 connected to my Samba Server (via CUPS), but when I try to install that printer on a Vista machine, I get a very strange Windows error (currently error 0x0000070c).
Did everything work for you without problems?
cheers
Philipp |
Ok - I fixed it myself. I forgot to uncomment one line in /etc/cups/mime.conf (the one about raw files). Now if I edit the printer settings to say "use spooling for printing" (sorry for the translation - my windows is german) it works pretty fine.
cheers
Philipp |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
