Table of content
  1. Configuration
    1. Samba
    2. CUPS
      1. Network
      2. Printing
  2. Commands
    1. Configuring Printers
    2. Samba integration
      1. Adding a printer

Installing a CUPS server to manage printers and print queues. Many improvements can be made to the configuration proposed such as a stronger authentication, encryption of communications, …

Build information

Ensure the following options:

print/cups
1
2
3
[x] GNUTLS    SSL/TLS support via GnuTLS
[x] LIBPAPER  Paper size selection support via libpaper
[x] NLS       Native Language Support

Configuration

Samba

CUPS comes with a tool cupsaddsmb that is used to integrate CUPS configured printers with Samba. For this cupsaddsmb will perform two steps: installing binary drivers for Windows and configuring Samba.

So that cupsaddsmb can install the Windows drivers, it is necessary to retrieve them first:

Installing PostScript drivers from Windows, they will have to be manually copied from an existing installation of Windows. And from the location listed below:

Version Windows Unix
32-bit %WINDIR%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\ /usr/share/cups/drivers/
64-bit %WINDIR%\SYSTEM32\SPOOL\DRIVERS\X64\3\ /usr/share/cups/drivers/x64/
Fichiers à recopier
ps5ui.dll pscript.hlp pscript.ntf pscript5.dll

Case is important, and it is imperative that the file names are in lowercase in the Unix directory, otherwise cupsaddsmb won’t find them.

CUPS

Information on the server name and the administrator to contact in case of problems.

cups.conf
1
2
3
# Serveur
ServerName              printers.example.com
ServerAdmin             admin@example.com

Records in the log errors and warnings, the size of the log file will not be limited. The print history will be retained but not the corresponding files.

1
2
3
4
5
# Logs 
LogLevel                warn
MaxLogSize              0 
PreserveJobHistory      Yes 
PreserveJobFiles        No 

Specifies the interface on which the CUPS server is listening, and the maximum number of simultaneous connections.

Network

1
2
3
Listen                  192.168.1.5:631
Listen                  /var/run/cups.sock
MaxClients              50 

The printer information are broadcasted on the local network using CUPS protocol, but no external information on existing printers will be taken into account by the server.

1
2
3
4
5
6
7
8
9
# Browsing
Browsing                On
BrowseLocalProtocols    cups
BrowseRemoteProtocols   none
BrowseAddress           @LOCAL
BrowseShortNames        Yes
BrowseOrder             allow,deny
BrowseDeny              All
BrowseInterval          30

Printing

Transformation filters associated with document printing are executed with a lower priority, but will not have limits imposed on memory or cpu. The number of copies to print is restricted to 30.

1
2
3
FilterLimit             0
FilterNice              10
MaxCopies               30

Specifies the authentication type to use for IPP users, and the system group to be used for administrative operations.

1
2
3
4
# Security
#  ( lppasswd -a root )
DefaultAuthType         BasicDigest
SystemGroup             wheel

Restricted access to the different server paths, server is accessible to all, except the administration part for which the user must be on the local network and identified as belonging to the system.

1
2
3
4
5
6
7
8
9
10
11
12
13
# Restrict access to the server...
<Location />
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow from @LOCAL
</Location>

Sets the policy for managing printing operations and printers based on user type. In particular, the administrator can manage printers and kill any print request.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  <Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Commands

Configuring Printers

Associats the printer description file (PostScript Printer Description):

1
lpadmin -p garfield -P HP_LaserJet_4050_Series.ppd

List the options and their default values for the ​​specified printer:

1
lpoptions -d garfield -l

Samba integration

Adding a printer

To add a printer to Samba while associating it with the CUPS driver:

1
cupsaddsmb -v -U admin -H printers garfield