How to Configure a Network Printer for Sun Ray Clients

This procedure configures a PostScript printer on a Sun Ray server that has a single all-zones interface. The printer is made available to all users of Sun Ray clients of this server. Initial configuration happens in the global zone. After the global zone is configured, each labeled zone is configured to use the printer.

Before You Begin

You must be logged in to a multilevel session in Trusted CDE.

1. In the global zone, assign an IP address to the network printer.

   For instructions, see Chapter 5, Setting Up Printers by Using LP Print Commands (Tasks), in System Administration Guide: Printing.

2. Start the Solaris Management Console.

   • For instructions, see Initialize the Solaris Management Console Server in Trusted Extensions in Oracle Solaris Trusted Extensions Configuration Guide.

   • Select the Scope=Files, Policy=TSOL toolbox and log in.

3. Assign the printer to the admin_low template.

   1. In the Computers and Networks tool, double-click Security Templates.

   2. Double-click admin_low.

   3. In the Hosts Assigned to Template tab, add the printer's IP address.

      For more information, read the online help in the left pane.

4. Add the printer port to the shared interface of the global zone.

   1. In the Computers and Networks tool, double-click Trusted Network Zones.

   2. Double-click global.

   3. To the Multilevel Ports for Shared IP Addresses list, add port 515, protocol tcp.

5. Verify that the Solaris Management Console assignments are in the kernel.

   # tninfo -h printer-IP-address IP address= printer-IP-address Template = admin_low

   # tninfo -m global private: 111/tcp;111/udp;513/tcp;515/tcp;631/tcp;2049/tcp;6000-6050/tcp; 7007/tcp;7010/tcp;7014/tcp;7015/tcp;32771/tcp;32776/ip shared: 515/tcp;6000-6050/tcp;7007/tcp;7010/tcp;7014/tcp;7015/tcp

   ---

   Note –

   The additional private and shared multilevel ports (MLPs) such as 6055 and 7007 support Sun Ray requirements.

   ---

6. Ensure that printing services are enabled in the global zone.

   # svcadm enable print/server # svcadm enable rfc1179

7. If your system was installed with netservices limited, enable the printer to reach the network.

   The rfc1179 service must listen on addresses other than localhost. The LP service listens only on a named pipe.

   # inetadm -m svc:/application/print/rfc1179:default bind_addr='' # svcadm refresh rfc1179

   ---

   Note –

   If you are running netservices open, the preceding command generates the following error: Error: "inetd" property group missing.

   ---

8. Enable all users to print PostScript.

   In the Trusted Editor, create the /etc/default/print file and add this line:

   PRINT_POSTSCRIPT=1

   Applications such as StarOffice and gedit create PostScript output.

9. Add all LP filters to the printing service.

   In the global zone, run this C-Shell script:

   csh cd /etc/lp/fd/ foreach a (*.fd) lpfilter -f $a:r -F $a end

10. Add a printer in the global zone.

    Use the command line. The Print Manager GUI does not work in the global zone.

    # lpadmin -p printer-name -v /dev/null -m tsol_netstandard \ -o protocol=tcp -o dest=printer-IP-address:9100 -T PS -I postscript # accept printer-name # enable printer-name

11. (Optional) Set the printer as the default.

    # lpadmin -d printer-name

12. In every labeled zone, configure the printer.

    Use the all-zones IP address for the global zone as the print server. If your all-zones NIC is a virtual network interface (vni), use the IP address for the vni as the argument to the -s option.

    1. Log in as root to the zone console of the labeled zone.

       # zlogin -C labeled-zonename

    2. Add the printer to the zone.

       # lpadmin -p printer-name -s global-zone-shared-IP-address

    3. (Optional) Set the printer as the default.

       # lpadmin -d printer-name

13. In every zone, test the printer.

    ---

    Note –

    Starting in the Solaris 10 7/10 release, files with an administrative label, either ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.

    ---

    As root and as a regular user, perform the following steps:

    1. Print plain files from the command line.

    2. Print files from your applications, such as StarOffice, your browser, and your editor.

    3. Verify that banner pages, trailer pages, and security banners print correctly.

Example 15–1 Determining Printer Status for a Network Printer

In this example, the administrator verifies the network printer's status from the global zone and from a labeled zone.

global # lpstat -t
    scheduler is running
    system default destination: math-printer
    system for _default: trusted1 (as printer math-printer)
    device for math-printer: /dev/null
    character set
    default accepting requests since Feb 28 00:00 2008
    lex accepting requests since Feb 28 00:00 2008
    printer math-printer is idle. enabled since Feb 28 00:00 2008. available.

Solaris1# lpstat -t
   scheduler is not running
   system default destination: math-printer
   system for _default: 192.168.4.17 (as printer math-printer)
   system for math-printer: 192.168.4.17
   default accepting requests since Feb 28 00:00 2008
   math-printer accepting requests since Feb 28 00:00 2008
   printer _default is idle. enabled since Feb 28 00:00 2008. available.
   printer math-printer is idle. enabled since Feb 28 00:00 2008. available.