Adding CUPS shared printers to Windows Client

Tags:

Answer: 1

32 hours ago

This is the last bit about my local server setup that is driving me nuts for days now.

I figured out how to properly restrict my Locations (pretty loose still, but only for debugging) and use the Limits. Had to add the group adm to cups-files.conf because being in the lpadmin group for what ever reason was not enough for CUPS to restrict admin remote access, weird but its working now.

But for the last 3 days I have been struggeling with the fact das Windows just will not add the printers shared by my CUPS server due to being unable to locate them. And I am pretty sure that this got to do something with how my system ist setup on the server site, because this should be possible without running a samba-common on the server simply by avahi and what CUPS itself provides.

This is my cupsd.conf

LogLevel warn
PageLogFormat
MaxLogSize 0
# Allow remote access
Port 631
SSLPort 631
# SSLOptions [DenyDH] [DenyRC4] [DenySSL3] [DenyCBC] [DenyTLS1.0]
Listen 0.0.0.0:631
SSLListen 0.0.0.0:631
# Share local printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
HostNameLookups On
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Required
ServerCertificate /etc/cups/ssl/dcsrv01.fritz.box_crt.pem
ServerKey /etc/cups/ssl/dcsrv01.fritz.box_key.pem
ServerName dcsrv01.fritz.box
ServerAlias *
<Location />
  # Allow shared printing and remote administration...
  Encryption Required
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin>
  # Allow remote administration...
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/conf>
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/log>
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  # Allow remote access to the log files...
  Order allow,deny
  Allow @LOCAL
</Location>
<Policy default>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy authenticated>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Default
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy kerberos>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Negotiate
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Did I do the dumb somewhere in here? I am honestly at a loss.

Added by: Carson Hauck

Answer: 2

9 hours ago

To print to an IPP printer from a Windows system, you'll need to enable the "Internet Printing Client" feature on your system.

First part of top answer here outlines enabling this on Windows 7, but this applies to all currently supported Windows PC and Server versions: https://superuser.com/a/301421

Answer: 3

34 hours ago

CONNECTING CUPS (IPP) PRINTER TO WINDOWS 10 W/O SAMBA:

Sofar Samsba will still not work, but there is a different way to setup secure printing via cups + windows client.

  1. In Windows enable Windows feature IPP
  2. Add the printer via its ip address and the ipp scheme to cups. ipp://<printer_ip>/ipp/print. Understand that if you need to also securly forward from cups server to printer via ipp, ipps need to be used, but your printer has to support both, ipp and ipps.
  3. Create a local PKI or use an existing one to create a key and crt for your server that ius running cups.
  4. Activate all the ssl shenannigans with cups.
  5. Now go to the windows client and add the printer via "identify by hostname or ipaddress"
  6. enter: https://username:password@<cupsfqdn>:631/printers/<printer_name>
  7. select a driver
  8. done

Somehow Samsba sharing will still not work with my setup, but until then I can at least print this way.

Added by: Weldon Schoen

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9