Adding CUPS shared printers to Windows Client

networking server printing
6,050

CONNECTING CUPS (IPP) PRINTER TO WINDOWS 10 W/O SAMBA:

Sofar Samsba will still not work, but there is a different way to setup secure printing via cups + windows client.

  1. In Windows enable Windows feature IPP
  2. Add the printer via its ip address and the ipp scheme to cups. ipp://<printer_ip>/ipp/print. Understand that if you need to also securly forward from cups server to printer via ipp, ipps need to be used, but your printer has to support both, ipp and ipps.
  3. Create a local PKI or use an existing one to create a key and crt for your server that ius running cups.
  4. Activate all the ssl shenannigans with cups.
  5. Now go to the windows client and add the printer via "identify by hostname or ipaddress"
  6. enter: https://username:password@<cupsfqdn>:631/printers/<printer_name>
  7. select a driver
  8. done

Somehow Samsba sharing will still not work with my setup, but until then I can at least print this way.

Share:
6,050

Related videos on Youtube

Seemax
Author by

Seemax

Updated on September 18, 2022

Comments

  • Seemax
    Seemax almost 2 years

    This is the last bit about my local server setup that is driving me nuts for days now.

    I figured out how to properly restrict my Locations (pretty loose still, but only for debugging) and use the Limits. Had to add the group adm to cups-files.conf because being in the lpadmin group for what ever reason was not enough for CUPS to restrict admin remote access, weird but its working now.

    But for the last 3 days I have been struggeling with the fact das Windows just will not add the printers shared by my CUPS server due to being unable to locate them. And I am pretty sure that this got to do something with how my system ist setup on the server site, because this should be possible without running a samba-common on the server simply by avahi and what CUPS itself provides.

    This is my cupsd.conf

    LogLevel warn
PageLogFormat
MaxLogSize 0
# Allow remote access
Port 631
SSLPort 631
# SSLOptions [DenyDH] [DenyRC4] [DenySSL3] [DenyCBC] [DenyTLS1.0]
Listen 0.0.0.0:631
SSLListen 0.0.0.0:631
# Share local printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
HostNameLookups On
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Required
ServerCertificate /etc/cups/ssl/dcsrv01.fritz.box_crt.pem
ServerKey /etc/cups/ssl/dcsrv01.fritz.box_key.pem
ServerName dcsrv01.fritz.box
ServerAlias *
<Location />
  # Allow shared printing and remote administration...
  Encryption Required
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin>
  # Allow remote administration...
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/conf>
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow @LOCAL
</Location>
<Location /admin/log>
  Encryption Required
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  # Allow remote access to the log files...
  Order allow,deny
  Allow @LOCAL
</Location>
<Policy default>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy authenticated>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Default
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy kerberos>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Negotiate
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

    Did I do the dumb somewhere in here? I am honestly at a loss.

    • Seemax
      Seemax almost 5 years
      I should add that I already tried to add a name setting into C:/windows/system32/driver/etc/hosts. Did change nothing.
    • Terrance
      Terrance almost 5 years
      See: help.ubuntu.com/community/NetworkPrintingWithUbuntu It looks like you need to setup Samba as well for it to work with Windows.
    • Seemax
      Seemax almost 5 years
      @Terrance I will try that when I got time sunday. I didn't even know that Windows is unable to use http and a generic interface to connect to cups. I hope once they get a bit further with their linux on NT stuff they will also add native support for cups and alike protocols, that would be nice.
    • Seemax
      Seemax over 4 years
      @Terrance I researched into this whole stuff a bit more and SMB is no longer working with all this sharing stuff if one wats to remain secure. Thats why instead of using samba it should work enabling the IPP option within windows 10 featrures. But this also will not work. Tested it with multiple machines. So currently neither Samba nor IPP works to get a printer connected in windows, which is based on a cups server. What a shame.
    • Terrance
      Terrance over 4 years
      Samba and SMB are different. Samba is the printer / file sharing server and SMB (Server Message Block) is a communications protocol. The two used to be considered the same but now they are completely different. I will have to check mine when I get home, but I know that I run Samba on my server and my Windows system is able to see it when it is shared. However, I did luck out since I connect my printer directly to my network so it is automatically available to the rest of my network.
    • Terrance
      Terrance over 4 years
      Really quick though, I think I had to add printing = CUPS to my /etc/samba/smb.conf in the [global] section. Then after a restart of Samba or a reboot of my server it seemed to show up after that. That was an older HP Laser printer that has been a workhorse.
    • Seemax
      Seemax over 4 years
      @Terrance But I just got the IPP way of things to work, the solution is stupidly easy and it took me a month to figure this out. With IPP activated under windows and the printer being setup via IPP scheme in cups, cups will expect a minimum of basic authentication. When added to windows I had to use the following line in printer discover: https://username:password@<cupsfqdn>:631/printers/<printer_n‌​ame> I sofar only used https://<cupsfqdn>:631/printers/<printer_name>. To use the secure path the servers root certificate needs to be added to windows manually tho.
    • Seemax
      Seemax over 4 years
      @Terrance Yeah I did all the smb.conf stuff but under network in windows it still only shows my NSF share I did setup on the same machine, not my cups printer. no idea why tho. But for now the IPP way of things work out.
    • Terrance
      Terrance over 4 years
      Glad it is working out for you! =)
    • Terrance
      Terrance over 4 years
      OK, I did finally get to check my setup I have between my Windows 10 and my Ubuntu 18.04 file / print server. I did setup CUPS on the server and I setup Samba as well. When I browse through my network to my Ubuntu server, I see my Samsung ML 1430 printer just fine. Then when I right click it and choose Connect it installs the drivers on my Windows 10 system and is able to print to it no issues. I did notice that in Windows it did set it up as an IPP connection automatically.
  • Seemax
    Seemax almost 5 years
    IPP is activated, but it still did not find the printer. Even if the printer was just added, it would not print to the ipp address. I am still working on getting some time to get samba running.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
ssh fails because port 22 doesn't work with AT&T Uverse
TP-Link UE300 on 16.04 server not working as 3.0 device
How can I set a second network interface in ubuntu 16.04?
Making websites visible to outside networks with Ubuntu Server 12.04
Why is my eth0 interface not detected when installing Snort?
How to create location map in nagios server?
How can we make our ubuntu server router as gateway mode to router mode?
DNS configuration problem with BIND9
How to setup Ubuntu router with 2 WAN interfaces