||<
><>|| = Install CUPS = On our server, we are going to install the CUPS print server. We can do that by running the following command: {{{ # sudo apt-get install cups }}} Before doing any work on the CUPS system, it is generally a good idea to stop the cups service. You can do that with the following command: {{{ # sudo systemctl stop cups.service }}} Now that we have CUPS installed, we want to have CUPS authenticate users from our domain. Since we already have Kerberos properly functioning on the server, we can enable Kerberos by running the following command: {{{ # cupsctl DefaultAuthType=Negotiate }}} We can start the CUPS service again by running the following command: {{{ # sudo systemctl stop cups.service }}} You should now be able to login to CUPS by going to '''192.168.1.2:631''' and using your domain account. = Other CUPS Settings = The CUPS system is quite advanced and offers TONS of options for complex environments. This tutorial does NOT cover all of the available options, just the ones a small office server is most likely to need. If you do not need an option, or if you do not know if you need a specific option, leave it at the default setting. At the bottom of this page, we give an example cups configuration that should work for most small offices. To edit the cups configuration file, run the following command: {{{ # sudo nano /ect/cups.conf }}} ---- == Access Log Levels == {{{ AccessLogLevel actions # Options: actions | config | all }}} This directive specifies the logging level for the AccessLog file. The "config" level logs when printers and classes are added, deleted, or modified and when configuration files are accessed or updated. The "actions" level logs when print jobs are submitted, held, released, modified, or canceled, and any of the conditions for "config". The "all" level logs all requests. The default access log level is "actions". ---- == AutoPurgeJobs == {{{ AutoPurgeJobs no # Options: yes | No }}} This directive specifies whether to purge job history data automatically when it is no longer required for quotas. The default is "No". ---- == BrowseDNSSDSubTypes == {{{ BrowseDNSSDSubTypes _cups,_print }}} This directive specifies a list of Bonjour sub-types to advertise for each shared printer. '''_cups''' and '''_print''' are the two most commonly needed in a small office. ---- == BrowseLocalProtocols == {{{ BrowseLocalProtocols all # Options: all | dnssd | none }}} This directive tells the cups server which protocols to use for local printer sharing. ---- == BrowseWebIF == {{{ BrowseWebIF Yes # Options: Yes | No }}} This directive determines if the CUPS web interface is browsable. For most small offices, this should be set to yes. ---- == Browsing == {{{ Browsing Yes # Options: Yes | No }}} This setting specifies whether shared printers are advertised on the network. In most small offices, this should be set to yes. ---- == DefaultAuthType == {{{ DefaultAuthType Negotiate }}} This setting is used to authenticate users via the domain, and for the small business server, must be set to Negotiate ---- == DefaultEncryption == {{{ DefaultEncryption IfRequested # Options: Never | IfRequested | Required }}} Specifies whether encryption will be used for authenticated requests. For most small businesses, this should be set to "IfRequested". ---- == DefaultShared == {{{ DefaultShared Yes }}} Specifies whether local printers (those attached to the server) are shared by default. For a small business server, the default should generally be "yes", as that is where we will set up the printers to be shared. ---- == Setting security == Most small offices won't need elaborate security settings for its printing. Telling CUPS to allow any valid system user to access printers and restricting the printer admin functions to your printeradmin domain group is generally sufficient for a small office. You can do that using the following directive: {{{ Require user @OWNER @DOMAINADMIN @SYSTEM Order allow,deny Allow from 192.168.1.* Order allow,deny Require user @DOMAINADMIN @SYSTEM Allow from 192.168.1.* }}} ---- = Example config = The following is an example of a '''/ect/cups.conf''' configuration for a small office Linux server: {{{ AccessLogLevel actions AutoPurgeJobs no BrowseDNSSDSubTypes _cups,_print BrowseLocalProtocols all BrowseWebIF Yes Browsing Yes DefaultAuthType Negotiate DefaultEncryption IfRequested DefaultShared Yes Require user @OWNER @DOMAINADMIN @SYSTEM Order allow,deny Allow from 192.168.1.* Order allow,deny Require user @DOMAINADMIN @SYSTEM Allow from 192.168.1.* }}}