linux print server win & linux clients

You cant print from your other fedora box because of the Deny ALL, Allow from 127.0.0.1 option. This will only accept jobs from the machine cups is actually running from. If security isnt an issue, you could use Allow from ALL. If you want to limit access to hosts from your own network, you can  do this too. If  the cups box ip address is 192.168.1.1 you can allow the local network to print with Allow from 192.168.1.*
You probably do need samba  for the win98 box to print but it shouldnt be hard. Add the line printing = cups  to smb.conf and make sure the [printers] share is uncommented. You'll need to restart cups & samba after making changes.

Here is what it looks like now... shouldn't this do it? First I just commented out the Deny lines, and it just sat there and said "connecting.... " forever. So then I added the Deny From None lines, thinking that the Order Deny, Allow made it look for a Deny first. Now I'm getting the Network Host Busy error again. I've made two entries with the client, one with the server's name, the other with the IP, just in case that was the problem. Both are acting the same, though. The order of the Allow Froms doesn't really matter, does it? Shouldn't it just be a list of the allowed IPs? hrm... Also, I'll just check, but since I can get different errors, I think I'm doing this right... to restart (and reread the cupsd.conf file) I can just do a service cups restart, right?  Thanks owensleftfoot.


<Location /printers/lp0>
Order Deny,Allow
#Deny From All
Deny From None
Allow From 127.0.0.1
Allow From 192.168.1.1
AuthType None
Allow from 192.168.1.1
</Location>
# Lines below are automatically generated - DO NOT EDIT
<Location /printers/deskjet>
Order Deny,Allow
#Deny From All
Deny From None
Allow From 127.0.0.1
Allow From 192.168.1.1
AuthType None
Allow from All
</Location>
<Location />
Order Deny,Allow
#Deny From All
Deny From None
Allow From 127.0.0.1
Allow From 192.168.1.1
</Location>
Browsing On
BrowseProtocols cups
BrowseOrder Deny,Allow
BrowseAllow from @LOCAL
BrowseAddress 255.255.255.255
Listen *:631

Is 192.168.1.1 the ip address of the second FC box? The firewall is turned on by default  in FC. Its worth turning it off just to check that it isnt interfereing - service iptables stop. Have a look at /var/log/spool/cups/access.log and post any relevant info here. Also what type of printer did you configure on the client FC box? It should have been lpd or ipp.

that's a placeholder that has the actual IP of my client machine. since i'll be doing things like turning off firewalls (i tried it before to no avail also, but tried it again tonight in case there was something different) and possibly exposing my print server as I learn how to get my Allows in order, I wanted to be a bit careful. However, the actual IP used is a world-readable IP.

I turned off iptables and now it gives me a server-error-service-unavailable error, even when i turn the firewall back on.

The client queue is set up as Networked CUPS (IPP) and the server is the fqd. For the path, I put /dev/lp0, which is where the printer appears to be on the server, though it seems to give me the same results no matter what i put in there. The driver is the same as on the server and I didn't mess with the driver options or the queue options.

On the server in /var/log I do have a bunch of spooler files (spooler, spooler.1, spooler.2, etc... )  These are all empty, however, so give us no meaningful information. In /var/log/cups/access_log, I have a million lines like this one:

192.168.1.1  - - [03/Oct/2004:17:28:38 -0700] "POST /dev/lp0 HTTP/1.1" 403 0

That was the last one, though, so somewhere after the third it appears that messages aren't even getting to the server anymore. It's weird that the test page I sent with the firewall off didn't show up, isn't it? Also looked at the error_log on the server and I don't see anything worth mention in there either. Just standard "reloading", and "read /cups/ppds.dat", etc... Thanks for your continued help. I appreciate it!

Also, I believe this should remedy the firewall issue, right?

iptables -I RH-Firewall-1-INPUT 7 -p tcp --destination-port 631 -j ACCEPT

It gave me the following rule with the rest of my open ports:

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp

Some of them say "state NEW", that might be a good thing to add, or not?

Thanks and ttyl,

mich

does it help any to say that the print jobs are just sitting in the client queue and that they don't make it to the server queue?

Also, I'm now getting a Destination printer does not exist! error. :(  This is much harder than it should be, huh?  Thanks for all your help.

Did you set up the printer on the linux box  with the cups interface or with redhat-config-printer? It would be worth deleting the client setup and doing it again setting it up as a unix printer - lpd with redhat-config-printer. Cups supports both and you may find it easier to setup. The queue name is the name of the printer on the server.

First check whether you are able to ping your server

Next in your /etc/cups/cupsd.conf
 the line 192.168.1.1
should be 192.168.1.*or 192.168.1.

and see if it works

owen:

not sure why, but the system doesn't find a redhat-config-printer. There are rpms in the up2date spool for it, which would seem to indicate that it's been updated, but it's nowhere to be found. What I have been using is this utility: system-config-printer-gui. However, I did try to set it up with lpd this time instead of ipp, but I am again getting the network host is busy, down, or unreachable.  drat!

uptime:

I can ping the server. I am sshed into it by name to edit/view cupsd.conf and other stuff.
Changing the allowed address as you showed unfortunately didn't give us any progress. It just gave me the server-error-service-unavailable error again.



In the sharing dialog on the client box... i don't want to make the queue available to others, right? Just making sure I'm understanding what it's asking me. On the general tab, i have automatically find remote shared queues ticked and ticked the lpd box for the lpd printer in the setup. Must be last for me... the promt asking if i would like to print a test page had a new tone to it tonight... yes, I *would* like to print a test page! :)

Maybe we could approach this from a different way... first making sure that the server is on and listening (i'm pretty sure it is, but these busy/unreachable errors can't be right), then move over to the client when we've determined that's the problem? Is there some lp command that will check the cupsd.conf file? or some option to one of the lp tools that will give us meaningful output? Like a -v option to one of them or something? i just know of lpq, lprm, and lp... maybe there are other ones that would be helpful to us. Anyways... thanks again for your help!

Unfortunately while cups supports lpd, its tools dont have all the options of the original lpd tools - there is no  -V  option for lpr.  The next thing I would try is using cups own interface to add the printer on the client. Ina webbrowser go to http://127.0.0.1:631/ and login as root. Try adding a printer - try ipp first then lpd if ipp doesnt work. I think the "name","description" & "location" fields are just comments -  it doesnt really matter what you put here.

192.168.1.1  - - [03/Oct/2004:17:28:38 -0700] "POST /dev/lp0 HTTP/1.1" 403 0
This looks like an access  denied error message. Comment the other entries out and try Allow from ALL (Dont forget to restart cups). I would try this before what I suggested above.

Check the following
1)ensure lpd service is stopped on the server.
/sbin/service lpd stop

2)”cups” is started when you boot your system.In case it doesn’t , use the following command.
/sbin/service cups start

3)use “ntsysv” to start “cups” automatically when you restart the system.


4)Disable the firewall if any on your server

5)The basic cupsd.conf file should have the following lines On the server.
Create a new cupsd.conf file.  

Location /
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.10.*
/Location

Browsing On
BrowseProtocols cups
BrowseAddress 192.168.10.255
BrowseInterval 60

On the client:
BrowseAllow 192.168.10.*
BrowseDeny All
BrowseOrder allow,deny



6)Check if the following packages are installed on your client

cupsys
cupsys-bsd
cupsys-client
libcupsimage2
libcupsys2-gnutls10

7) telnet to your server from the  client system on port 631 and check the response.

owen: adding printers locally to the server that used the world IP gave me the same problem as the client. I'm sure you're right that it is an access problem since an HTTP 403 is access forbidden, which is the same error the config is showing. However, I think somehow we've fixed that part of the problem, as you'll see below.

uptime:

lpd is an unrecognized service, so it must be off :-P  cups is on and I used chkconfig to start it on runlevels 2,3,4, and 5.

I opened a hole for cups in the firewall (port 631), using the rules above. I can telnet into port 631, so it appears to be working fine.

Here are the cups packages on my system:
# rpm -qa | grep cups
qtcups-2.0-15
cups-libs-1.1.20-11.3
cups-devel-1.1.20-11.3
cups-1.1.20-11.3
libgnomecups-0.1.6-7

They're different from yours, guessing becuase you're using a BSD-based system and I'm on FC2? I think everything is there to do the printing. It's trying, I'm just getting access errors, it appears.

Telnetting to port 631 works fine. It says Trying, then Connected. It tells me the escape char is '^]', then waits for input.

Server:
--------------------------------
MaxLogSize 0

#
# Printcap: the name of the printcap file.  Default is /etc/printcap.
# Leave blank to disable printcap file generation.
#

Printcap /etc/printcap

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 4.43.*
</Location>
Browsing On
BrowseProtocols cups
#BrowseOrder Deny,Allow
#BrowseAllow from @LOCAL
BrowseAddress 4.43.255.255
BrowseInterval 60
Listen *:631

Client:
------------------------------
LogLevel debug

#
# MaxLogSize: controls the maximum size of each log file before they are
# rotated.  Defaults to 1048576 (1MB).  Set to 0 to disable log rotating.
#

MaxLogSize 0

#
# Printcap: the name of the printcap file.  Default is /etc/printcap.
# Leave blank to disable printcap file generation.
#

Printcap /etc/printcap

<Location /printers/printer-cups>
Order Deny,Allow
Allow From 127.0.0.1
</Location>
<Location />
Order Deny,Allow
Allow From 127.0.0.1
</Location>
Browsing On
BrowseProtocols cups
BrowseOrder Deny,Allow
Allow 127.0.0.1
BrowseAllow From All
Listen 127.0.0.1:631




Somewhere in the tweaking of this, it seemed to work. My access log shows HTTP 200s from the client machine. Now it shows nothing (not even the 403s). So somewhere along the way, the server was accepting jobs from the client (though there was a new problem: it still wasn't printing them). From the server I did a lp printer.mydomain.com testfile.txt and it printed that out. Since I used the domain, this means that the printer does accept external jobs, right? Does this now narrow it down to a misconfigured client, or did the server cheat? I see that the access_log shows a couple hits from the IP address then it goes back to localhost. Oddly (or maybe not) all the 200s from when I was connecting, there was one connection from the client IP, then a bunch from localhost again.   Anyways... are we getting close, I hope?

PS - Why is it on the client that even though i've commented out a printer queue and restarted cups that it still shows up in the print dialogs? How can it still find that printer? ttyl,

mich

What does printers.conf look like on the client?

I hope we're getting close. I hate using so much of your time :(  Seems like this should be so much easier...  Anyways, thank you for continued help!


For the client:

<DefaultPrinter printer-cups>
Info Created by redhat-config-printer 0.6.x
Location
DeviceURI ipp://printer.domain.com/dev/lp0
State Stopped
StateMessage Destination printer does not exist!
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>

On the server (hope it helps to compare):
<DefaultPrinter deskjet>
Info Created by redhat-config-printer 0.6.x
DeviceURI parallel:/dev/lp0
Location
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>
<Printer printer-cups>
Info Created by redhat-config-printer 0.6.x
DeviceURI ipp://printer.domain.com/dev/lp0
Location
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>



The domain name resolve to the correct IP address (tested via ping).

I think this is the problem -  DeviceURI ipp://printer.domain.com/dev/lp0 on the client.  I think that /dev/lp0 should actually be the name of the printer on server, not the actual printer device.  From your conf file it looks like your printer is called printer-cups. So the line should be DeviceURI ipp://printer.domain.com/printer-cups

printer-cups was the printer we made a while ago to try to connect to the print server to itself on its external address (which did work). deskjet is the direct one on the parallel port. I made the change as you said and also experimented with putting in deskjet. both of them intermittently successfully post to the server.

[12/Oct/2004:19:17:58 -0700] "POST /printer-cups HTTP/1.1" 200 307
.....
[12/Oct/2004:19:20:54 -0700] "POST /deskjet HTTP/1.1" 200 302

but this doesn't always work. Also, I can't figure out how/when it does work.

An additional problem is that even when a job does rarely post, it is never printed. Nothing seems to get into the queue. All client-generated jobs sit on the client queue. When I do an lpq on the client, it says that the printer is not ready. Then it lists the jobs. Perhaps this is why it's not sending them?

It seems like the things I change in the files (using vi) don't actually seem to affect the configuration. For some reason, it only seems to happen when I use the GUI. Am I looking at the wrong files?  When I do an lp somefile.txt it just sticks it in the queue.


Here are the results I'm getting that I think are indicative of what's happening:

In the GUI, printing a test page doesn't do anything on the server. However, if I go in to edit the printer without changing anything, when I hit ok, it allows the Apply button. When I hit apply, it will send one job to the server if there was one waiting in the queue (it doesn't look like it sends any more than that) that hasn't been sent. If I open the edit dialog (mind you, without changing anything) and click OK, then Apply, if there aren't any waiting jobs to send, then the next job that I send - from the GUI - will get sent (I've just been doing test pages from the printconf tool). So it seems that clicking on Apply in the GUI will trigger (or set the trigger for) one job, though the server sill won't print that job. I have not tried filling the queue with jobs and seeing if I can Apply through multiple ones.

From the command line, we're completely dead. Nothing happens. I figured the Apply button in the printconf tool just did a service cups restart, but that doesn't seem to be the case. When I do an lp /usr/share/printconf/tests/testpage.ps, it just sticks it in the client queue and is happy with that (though i am not). Even if i restart the service, that doesn't seem to boot it over to the server. Now this command line error might be useful... if i do a lp -h ipp://printer.domain.com/deskjet /usr/share/printconf/tests/testpage.ps it will give me this error:
lp: error - scheduler not responding!
Does that help?   I hope it does. Thank you. I think we're cornering it. We're slowly forcing it to give up small parts at a time. ttyl,

mich

Try changing the ipp:// line in printers.conf on the client to start with lpd:// instead. Lpd is a much simpler protocol than ipp. Also change printer.domain.com to the actual ipaddress of the server - just to rule out dns timeouts etc.

neither helped. i was getting service unavailable errors and such :(  grrrr.   went back to the config before where i was at least connecting upon restarts and had a dead command line.

What does the output of lpc status on the client look like?

client says...

printer-cups:
        printer is on device 'ipp' speed -1
        queuing is enabled
        printing is disabled
        no entries
        daemon present

Try /usr/bin/enable printer-cups
You have to use the whole path because there is a bash builtin function called enable which will be called if you dont.

oh boy! that seemed to get something going. still not printing yet, but i think we're homing in on it. Here's what I think happened and you can see if the logs support it. The enable was what we needed. That got it started sending jobs to the server. After talking to the server, the server said something bad to the client and it stopped. Doing an lpq right after enabling the printer showed the printer "ready and printing". But a few seconds later (after their convo) it was "not ready" again. Here is what happened on the server from the access log:

localhost - - [15/Oct/2004:21:08:29 -0700] "POST /admin/ HTTP/1.1" 200 128
<ip> - - [15/Oct/2004:21:08:53 -0700] "POST /dev/lp0 HTTP/1.1" 200 302
<ip> - - [15/Oct/2004:21:08:57 -0700] "POST /deskjet HTTP/1.1" 200 302
<ip> - - [15/Oct/2004:21:09:05 -0700] "POST /dev/lp0 HTTP/1.1" 200 302
<ip> - - [15/Oct/2004:21:09:30 -0700] "POST /deskjet HTTP/1.1" 200 302
<ip> - - [15/Oct/2004:21:09:41 -0700] "POST /deskjet HTTP/1.1" 200 302
localhost - - [15/Oct/2004:21:09:45 -0700] "POST /printers/ HTTP/1.1" 200 175

and the error log gave us a little more info (i tweaked it to do so in with the debug level in the conf file:

D [15/Oct/2004:21:18:43 -0700] AcceptClient() 7 from <client-ip>:631.
D [15/Oct/2004:21:18:43 -0700] ReadClient() 7 POST /deskjet HTTP/1.1
E [15/Oct/2004:21:18:43 -0700] get_printer_attrs: resource name '/deskjet' no good!
D [15/Oct/2004:21:18:43 -0700] Sending error: client-error-not-found
D [15/Oct/2004:21:18:43 -0700] ProcessIPPRequest: 7 status_code=406
D [15/Oct/2004:21:18:43 -0700] CloseClient() 7

the server is looking for a printer named /deskjet instead of just deskjet?

the printers.conf file says this:

<DefaultPrinter deskjet>
Info Created by redhat-config-printer 0.6.x
Location
DeviceURI parallel:/dev/lp0
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>

I'll try to do some testing with this hypothesis to see if i can get something to work. But if you have any other things to try, recommend them as well. :)   Thanks!

hrm. in the printconf GUI on the client, I had been putting in /deskjet for the resource. I tried taking out the / in the beginning (in case it already added one and i was making two somehow and it wasn't showing up in printers.conf). This didn't work, and just tried to append deskjet to the end of my address. Yuck. It also didn't like resource name /dev/lp0. I even tried taking everything out and just putting in / for the path in the GUI - no good.

So we've got the following paths in the GUI that the server has called bad resources in its error log:
/deskjet
/dev/lp0
/

Any ideas?

The relevant entry from the server in its printers.conf is listed in the previous post.

owen -

aha!  got it!  The printer now prints docs from the client that are sent via either the command line or the GUI.

in the printconf GUI, the correct answer for "path" was /printers/deskjet   - I guess it needed to know what kind of resource "deskjet" was.

for completeness, here are all the config files we were working with:

client
----------------
printers.conf:

<DefaultPrinter printer-cups>
Info Created by redhat-config-printer 0.6.x
DeviceURI ipp://printer.domain.com/printers/deskjet
Location
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>

cupsd.conf:

Allow 127.0.0.1
#BrowseDeny All
<Location /printers/printer2>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
AuthType None
</Location>
# Lines below are automatically generated - DO NOT EDIT
<Location /printers/printer-cups>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
AuthType None
</Location>
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
Browsing On
BrowseProtocols cups
BrowseOrder Deny,Allow
BrowseAllow from @LOCAL
Listen 127.0.0.1:631

server
-----------------

printers.conf:

<DefaultPrinter deskjet>
Info Created by redhat-config-printer 0.6.x
Location
DeviceURI parallel:/dev/lp0
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>
<Printer printer-cups>
Info Created by redhat-config-printer 0.6.x
Location
DeviceURI ipp://printer.domain.com/dev/lp0
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
</Printer>

cupsd.conf:

LogLevel debug
MaxLogSize 0
Printcap /etc/printcap

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.*
</Location>
Browsing On
BrowseProtocols cups
#BrowseOrder Deny,Allow
#BrowseAllow from @LOCAL
BrowseAddress 192.168.255.255
BrowseInterval 60
Listen *:631


I have one final question... so I have to do that /usr/bin/enable printer-cups every time or once it's up and running, it'll stay that way? If I have to do it all the time (though I'm guessing I wouldn't need to), what is the best way to do it? Thanks! ttyl,

mich

okey dokey. thanks!

I would  use samba   which the config  is listed in /etc/samba   edit  smb.conf
 

you will  need to make samba  users   and psswords .

fc 3   is  out now