CUPS Setup for WolfCopy on Mac OS X 10.5 +

Setting up Printers using CUPS on Mac OS X 10.5 +


Introduction

OIT has moved to support the built-in Common Unix Printing System (CUPS) in MacOS X 10.5.  CUPS replaces the older LPRNG system that was developed and maintained as a custom printing solution by OIT.  As a part of this change every user will have to type in their Unity ID and password each time they print.  The name and password information is secured by encrypting the link to the print server with ssl.  CUPS uses the Internet Printing Protocol (IPP) standard to effect printing and OIT has forced all connections to be encrypted.  Beyond the security, using CUPS has the advantage of being supported by Apple, requiring no special programming or installation of software and will not be affected by software updates.  Because CUPS support multiple authentication types OIT will at some point in the future add support for even stronger forms of authentication (AuthNegotiate) as they become available.

Setting up WolfCopy Printers

WolfCopy printers can now be setup using standard MacOS X software.  To setup a printers simply:
Select System Preferences… from the Apple Menu and click on Print & Fax as shown in Figure 1.
Picture showing how to select Apple menu, then System Preferences and then click on the Print & Fax icon.

Figure 1. Print & Fax System Preferences.

In the Print & Fax panel do the following as illustrated in Figure 2:

  1. Make sure the lock icon in the lower right side is indicating unlocked.  If not click on it and enter an administrator user name to allow settings changes to be made.
  2. Click the + to add a printer
  3. When the printer setup dialog appears click on IP to choose internet protocol based printing
  4. Select Internet Printing Protocol -IPP from the Protocol: pop-up menu
  5. In the Address: field type    print.ncsu.edu
  6. In the Queue: field type printers/ and then the name of the WolfCopy printer you wish to use.  To find out available printers look at https://print.ncsu.edu:631/printers/ and note that there are several hundred.  
    WolfCopy printers are usually named by their official university building abbreviation – room number – a sequence number. 
    Example: for a single black and white printer in the building named Building with official abbreviation of BLD in room one (1) the name should be bld-001-1.  If the printer were a color printer then the name should be bld-001-color1. 
    NOTEnames are always lower case.
    So the Queue: field will be printers/bld-001-color1
  7. In the Name: field type the name of the WolfCopy printer  Example: bld-001-color1
  8. In the Location: field type some text describing the printers physical location.  Example: Building Room One
  9. From the Print Using: pop-up choose   Select a driver to use…  which will reveal a long list of printer models.  Be sure to select the printer model that matches the Printer Driver: field for the printer desired athttps://print.ncsu.edu:631/printers

Now click the Add button.

Picture showing 9 widgets to edit in order to add a printer.

Figure 2. Adding a Printer

Some printer may require additional information after clicking add depending on how their model files, also called PPDs, are written.  Make these settings as prompted.  If the desired settings are not known then contact the owner of the printer or guess.
The printer should now appear in the left column in the Print & Fax panel.

A final step remains to set a CUPS option on the printer to always prompt for the name and password in the print dialog.  Apple does not provide a graphical user interface (GUI) to make this setting in Mac OS X 10.5.  To make this setting we have 2 options: a) use the terminal to send a lpadmin command or b) print one time and have the print queue on the Macintosh go to hold status. CUPS uses several configuration files stored in the a hidden folder /private/etc/cups.  The CUPS setting for  AuthInfoRequired  is in the file printers.conf as  AuthInfoRequired username,password  for each printer.  To add the setting in do one of the following steps:

a) Using Terminal to set the AuthInfoRequired option must be done by an administrator user on the Macintosh.  Follow these steps:

  1. Open /Applications/Utilities/Terminal.app
  2. Type: sudo lpadmin -p -o auth-info-required=username,password 
    where is replaced with the text typed into the Name: field when the printers was created with the dashes (-) replaced with underscores (_).  Example: sudo lpadmin -p bld_001_color1 -o auth-info-required=username,password 
    NOTE: the CUPS name of all printers on the machine can be discovered by typing lpstat -v and looking at the listing like this:
      device for bld_001_color1: ipp://print.ncsu.edu/printers/bld-001-color1    
    the CUPS name will be the text after the word “for” and before the first colon(:).
  3. Type the password of the administrator when prompted
  4. Verify that the add worked by typing: lpoptions -p  Example: lpoptions -p bld_001_color1 The lpoptions should return some text like the following:
    media=Letter sides=one-sided finishings=3 copies=1 job-hold-until=no-hold job-priority=50 number-up=1 auth-info-required=username,password job-sheets=none,none printer-info=bld-001-color1 printer-is-accepting-jobs=1 printer-is-shared=0 printer-location=’Building 001 ‘ printer-make-and-model=’HP Color LaserJet 8500’ printer-state=3 printer-state-change-time=1218130564 printer-state-reasons=none printer-type=6328532
    Look for the text   auth-info-required=username,password  as confirmation.
  5. Test printing

b) Printing once to set the AuthInfoRequired option can be done without Terminal.app and command line tools but can be confusing.
Because the WolfCopy print servers are set to require both encryption and CUPS AuthType Basic the print subsystem in MacOS X 10.5 will actually stop the print job (but not the print queue or printer) and mark that job with the status  On Hold (Authentication Required) as shown by number 1 in Figure 3.

Picture showing an example print queue window with status On Hold (Authentication Required)
Figure 3. Print Queue window

To print and save the AuthInforRequired setting simply click Resume in the tool bar as in number 2 of Figure 3.  A dialog asking for Name: and Password: fields will appear.  Enter a Unity ID and password and click ok to print.  When the print job has successfully finished the CUPS print subsystem will update the printers.conf configuration file to add the correct setting for auth-info-required=username,password.  From this point on the queue should not hold again and each user on the machine will be prompted in the print dialog for a name and password.  
This process must be completed for each WolfCopy printer installed.

Command Line Setup

For folks who administer several machines with ARD or are comfortable with using the terminal here are instructions on how to create and configure CUPS printers for WolfCopy using CUPS command line tools.  CUPS printers are created and configured using the lpadmin tool.  Use the command man lpadmin to get details on all of the available options and switchs for the tool.  The following command should create and configure a printer using the example of bld-001-color1.

sudo lpadmin -p bld-001-color1 -L “bld-001-color1” -E -v ipp://print.ncsu.edu/printers/bld-001-color1  o auth-info-required=username,password

  -o error-policy=abort-job -P /Library/Printers/PPDs/Contents/Resources/HP Color LaserJet 8500.gz  

so looking at the command in detail :
sudo lpadmin  – executes the command lpadmin as administrative user
-p bld-001-color1 – sets the name for the new printer.  NOTE this is a lower case p
-L “bld-001-color1” – sets the information for CUPS printer.  NOTE the quotes
-E – makes the printer enabled.  NOTE that there are two capital E’s in the man page and the position in the command string separates enabled from encryption
 -v ipp://print.ncsu.edu/printers/bld-001-color1 -sets the univeral resource identifier (URI) that configures the printeserver (print.ncsu.edu) and print queue (printers/bld-001-color1)
o auth-info-required=username,password  -sets the requirement for username and password
-o error-policy=abort-job -set the local print queue so that print jobs are deleted if the printer/printserver can not be reached
-P /Library/Printers/PPDs/Contents/Resources/HP Color LaserJet 8500.gz – gives the PPD to use.  NOTE the back slashes to escape the spaces in the names so the unix shells will pass them on correctly.  Also most all PPDs under Mac OS X 10.5 are located at the path /Library/Printers/PPDs/Contents/Resources. The switch is an upper case P.  Information on PPD names and where they are stored can be found using the lpinfo command:

lpinfo -m

Giving a very long list that should look something like this:

Library/Printers/PPDs/Contents/Resources/Brother HL-2070N series CUPS.gz Brother HL-2070N series CUPS
Library/Printers/PPDs/Contents/Resources/Brother HL-2075N series CUPS.gz Brother HL-2075N series CUPS
Library/Printers/PPDs/Contents/Resources/Brother HL-2460 series.gz Brother HL-2460 BR-Script3

 With these CUPs command line tools it may also be possible to write a script to automate printer installation but OIT has not created such a script.

Short Username in Authentication Dialog

In the name and password dialog for CUPS Mac OS X 10.5 will automatically fill in the user’s full name instead of the short username that is required.  This annoying as the end user will have to delete the full name and type in a Unity ID each time.  To change this behaviour issue the following commands as root in terminal or with ARD Send UNIX…

defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES 
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool NO

 Open up print queue management in cupsd.conf so users can cancel job, restart and re-enable printers.

For many reasons a print job can get stalled itself or can stop or disable the local CUPS print queue.  By default the settings for the cups daemon process, cupsd, is secured so that only administrators can start, stop, disable or endable print queues.  Also only administrators or job owners can cancel print jobs.  Since users may just ” Print and Run” leaving a stopped queue or hung job these settings can be opened up using the following unix commands.  WARNING the following commands should be typed carefully and double checked each time they are sent as they can destroy the cupsd.conf file and disable printing completly if incorrectly typed!!!  Spaces are extremely important in these commands!!!

perl -p -i -e ‘s/ Resume-Printer//g;’ /private/etc/cups/cupsd.conf 
perl -p -i -e ‘s/ Enable-Printer//g;’ /private/etc/cups/cupsd.conf 
perl -p -i -e ‘s/ Cancel-Job//g;’ /private/etc/cups/cupsd.conf
launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist 
launchctl load /System/Library/LaunchDaemons/org.cups.cupsd.plist

What the perl commands do are to search the cupsd.conf files for the strings ” Resurme-Printer”, ” Enable-Printer”, and ” Cancel-Job” (note the space before each string!) and replace them with nothing and save the file.  This will remove those activities  from the restriction rules in cupsd.conf and make them open to everyone printing to use. The launchctl commands simply restart the cupsd printing system so the changes will take effect.  Again use with caution!

What if I want to set up my own print server using CUPS?
Since we use centralized print servers running on Linux machines we really do not have documentation on setting up CUPS print server software called cupsd.  Look for cupsd documentation at http://www.cups.org.  However we use the cupsd.conf file: http://oit.ncsu.edu/macintosh/setting-cupsd-pam-and-basic-auth in production with CUPS 1.3.3 servers in case this might help someone.

Getting More Help
For more help or questions on setting up WolfCopy printing from MacOS X 10.5 please contact the OIT help desk at 919-515-HELP


Updated 08072008 EGA