How to Configure a Multilevel Print Server and Its Printers

Printers that are managed by a Trusted Extensions print server print labels on body pages, banner pages, and trailer pages. Such printers can print jobs within the label range of the print server. Any Trusted Extensions host that can reach the print server can use the printers that are connected to that server.

Before You Begin

Determine the print server for your Trusted Extensions network. You must be in the System Administrator role in the global zone on this print server.

1. Start the Solaris Management Console.

   For details, see How to Administer the Local System With the Solaris Management Console.

2. Choose the Files toolbox.

   The title of the toolbox includes Scope=Files, Policy=TSOL.

3. Enable multilevel printing by configuring the global zone with the print server port, 515/tcp.

   Create a multilevel port (MLP) for the print server by adding the port to the global zone.

   1. Navigate to the Trusted Network Zones tool.

   2. In the Multilevel Ports for Zone's IP Addresses, add 515/tcp.

   3. Click OK.

4. Define the characteristics of every connected printer.

   Use the command line. The Print Manager GUI does not work in the global zone.

   # lpadmin -p printer-name -v /dev/null \ -o protocol=tcp -o dest=printer-IP-address:9100 -T PS -I postscript # accept printer-name # enable printer-name

5. Assign a printer model script to each printer that is connected to the print server.

   The model script activates the banner and trailer pages for the specified printer.

   For a description of the scripts, see Printer Model Scripts. If the driver name for the printer starts with Foomatic, then specify one of the foomatic model scripts. On one line, use the following command:

   $ lpadmin -p printer \ -m { tsol_standard | tsol_netstandard | tsol_standard_foomatic | tsol_netstandard_foomatic }

   If the default printer label range of ADMIN_LOW to ADMIN_HIGH is acceptable for every printer, then your label configuration is done.

6. In every labeled zone where printing is allowed, configure the printer.

   Use the all-zones IP address for the global zone as the print server.

   1. Log in as root to the zone console of the labeled zone.

      # zlogin -C labeled-zone

   2. Add the printer to the zone.

      # lpadmin -p printer-name -s all-zones-IP-address

   3. (Optional) Set the printer as the default.

      # lpadmin -d printer-name

7. In every zone, test the printer.

   ---

   Note –

   Starting in the Solaris 10 7/10 release, files with an administrative label, either ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.

   ---

   As root and as a regular user, perform the following steps:

   1. Print plain files from the command line.

   2. Print files from your applications, such as StarOffice, your browser, and your editor.

   3. Verify that banner pages, trailer pages, and security banners print correctly.

See Also

• Limit printer label range – How to Configure a Restricted Label Range for a Printer

• Prevent labeled output – Reducing Printing Restrictions in Trusted Extensions (Task Map)

• Use this zone as a print server – How to Enable a Trusted Extensions Client to Access a Printer