About Samba CUPS Printing

About printing in general

In printing there are several sub-parts to be taken into account:

  • The document to be printed, in a format suitable for printing.

  • The print metadata (how many copies, whether double-sided or not, etc.).

  • The transport, how I send the document.

In this article we will speak indifferently of a photocopier or a printer, considering that we are talking about an advanced printing device with a network connection.

The printer spool

To avoid jamming the machine while the document is printing, the document is passed to a print queue, spool, or queue. Once the document is in the spool, the application on the client worstation that generated the document can continue to handle other activities.

In a standard printing system there are several print queues. There can be a local print queue, then a print queue on the print server, and then a print queue on the printer. The server receives print jobs from multiple clients at once and puts them in a queue to send them sequentially to the next queue, the printer queue. This is because printers now have their own built-in print server, and you can often print directly to it.

So there is also a spool on network printers and copiers. Conversely, USB inkjet printers are driven directly by the computer to which they are connected and do not necessarily have an internal queue. In this case, the computer serves as the print queue.

Once the job has been prepared (in GDI or already converted to PS/PCL), it must be sent to the next spool.

Metadata

Not all printing devices have the same capabilities. Some support duplex printing, some support stapling, some have multiple trays that will hold different types of paper or sheets of different sizes (A4, A3, etc.).

In the case of photocopiers, there are many different options between models and even many options for the same model. In the latter case it is necessary to tell the driver which options are available (number of trays, paper sizes, etc). Many drivers are able to query their photocopiers or printers to find out what the options are and to self-configure themselves. Sometimes the printer driver uses the SNMP protocol.

The metadata contains, among other things, the requested paper format: A5, A4, A3, letter, etc. They also contain the department code if analytical re-invoicing or counting methods exist.

Universal drivers

Universal drivers include a PS or PCL rendering engine and a set of information about the manufacturer’s different printer and copier models.

The different types of transport

Several protocols exist to transport a print job between a client, a server and a copier/printer:

  • Between a Windows client and a print server, the most standard protocol is SMB (Windows share, port 445 or 139).

  • Between a Linux workstation and a Linux print server, the most standard protocol is IPP, usually attached to port 631.

  • Between a client workstation or a print server and a printer, it will be JetDirect (a fairly simple protocol developed by HP), usually attached to port 9100.

There are other older protocols such as LPD (port 515), but they are not really used anymore.

The CUPS project implements support for the IPP protocol as well as management of print queues, drivers, etc.

In the case of a Samba-CUPS server, the client workstation has the choice to send its print job on two different protocols: IPP and SMB. In practice we will have:

  • Windows workstations will use the SMB transport.

  • Linux workstations will use the IPP transport.

Anatomy of a print driver

Print drivers on a CUPS server look different than on a Windows workstation and most of the time they will be just a PPD text file. Even if there is the word PostScript in it, this format is generic). The file contains the definition of the printer’s capabilities as well as the rasterization engine to use (PS, PCL, etc).

When you have a large number of printing options, it is useful to present them well, logically and, if possible, with an image of the photocopier to better identify the different options. In Windows this is provided in the printer driver by a DLL which is run through the graphical interface of the printer driver.

The different options contained in the PPD file do not necessarily have information to properly present the different printing options, which may explain why we often find ourselves with a list of drop-down menus that are not very practical.

In Windows the printer driver contains both the engine (PS, PCL, etc.), the definition of the print device’s capabilities, and a DLL that adds options to the Windows print panel.

Preparing the server-side or client-side job

Historically in Windows environments the transformation was done on the server side, but in more recent versions of Windows it is now done by default on the client side because client workstations now have CPUs and memory capacity that are capable and available to handle large print jobs.

Final Rasterization

The PS and PCL formats remain vector formats. They can include images in JPEG or RAW format, but they are primarily vector formats such as PDF. Before making the final print, the photocopier will have to do the rasterization, i.e. transform the vector file into an array of pixels, which can then be sent to the printing mechanism. Rasterization is not a simple process and can be very RAM and CPU intensive.

Follow me

Follow-me systems such as PaperCut or Gestpage have a system for configuring local print queues on workstations to allow easy management of remote sites without a print server.

Paper format

Todo

Talk about paper formats

Printing and security

Isolating printers from the network

Printer and copier firmware is rarely updated by adminsys, nor do manufacturers always provide updates. Print devices today are real computers, mostly Linux-based, with gaping security holes.

Isolating printing devices on a separate VLAN prevents the compromise of one printer from being exploited to compromise the entire network.

Installing drivers and security considerations

Print drivers operate with fairly high levels of priviledge. Historically Windows has been very bad at isolating drivers that rasterize print jobs. In the NT4 era, drivers ran directly in the Windows Kernel, and a driver crash would crash the machine. Over the years, the isolation of the print queue manager has improved, but it is still code running on the machine. That’s why installing a printer driver is not a harmless act and it must be validated that the chosen driver is not compromised.

When connecting a network print queue, the Windows client will try to download the driver from the print server, if it does not already have it. Matching between print drivers is done only on the driver name (e.g. HP Color LaserJet M4320) and a particular GUID. Since the act of installing a driver is not trivial, the workstation must first be authorized to download the driver with a GPO configuration, otherwise the workstation will refuse to automatically download the driver (if the user is an administrator, he will still be given the option to install it). If the download is authorized by GPO, the driver can be installed even if the user has restricted rights.

Benefits of a print server

A print server allows centralized configuration and inventory of printers and photocopiers. This makes the day-to-day management of the system administrator’s easier.

However, the use of print servers is not always appropriate for small remote sites that may not have an adequate server environment. Passing printouts through the headquarters site via VPN is often too slow. The only option then is direct printing.

In addition, print servers have a strong tendency to bug and require a restart of the print queue manager or a restart of the server itself.

Configuration and setup of the print queues can be done using a configuration management tool such as WAPT. This is an advantageous option that can greatly facilitate day-to-day print management.