This chapter describes how to set up the print services, as well as how to set up printers and make those printers accessible to systems on the network.
This is a list of the information in this chapter:
For overview information, see Chapter 1, Introduction to Printing in the Solaris Operating System.
For printer setup information, see Chapter 4, Setting Up Printers (Tasks).
Task |
Description |
For Instructions |
---|---|---|
Set up printing services with Solaris Print Manager |
To use Solaris Print Manager, there is very little configuration required. However, there are some guidelines and requirements for running the tool. Also, you must also have appropriate privileges to use many of the tool's features. |
Determining a Method to Use for Printer Setup and Administration |
Set up the Internet Printing Protocol. |
Setting up the IPP services involves configuring both server and client data:
For IPP client-side support, queue configuration data is stored in the printers.conf configuration database. This database contains entries for each configured print queue. |
How to Configure IPP Server Data
|
Solaris Print Manager is a Java-based graphical user interface that enables you to manage local and remote printer configuration. This tool can be used in the following naming service environments: LDAP, NIS, NIS+, and files. You must be logged in as superuser to use this tool.
Use Solaris Print Manager to set up print servers (Add New Attached Printer or Add a Network Printer) and print clients (Add Access to Printer). An attached printer is a printer that is physically cabled to the print server. A network printer is physically attached to the network. Adding access to a printer, or adding remote access to a printer, is the process of giving print clients (all those machines that are not the server) access to the printer. For more information about printing terms, see Glossary.
Solaris Express 5/06: Starting with this release, the Solaris print system can use and recognize localhost as the host name in the print system databases. Previously, /bin/hostname was used to generate the print host name. These improvements were made to enable print servers to maintain the same print host name, independent of the machine host name. For more information, see How to Use Solaris Print Manager to Add a Print Queue With the Local Host Specified as the Host Name.
You can add, modify, or delete a print queue and add printer access by using the Solaris Print Manager GUI tool. Most of the options that can be used with the lpadmin command are also available in Solaris Print Manager.
You must superuser equivalent privileges to gain access to some of the options in Solaris Print Manager. Options and selectable attributes within the tool can vary, depending on the user's role.
For a detailed description of all the printer definitions that you can set or reset by using Solaris Print Manager, see Setting Printer Definitions by Using Solaris Print Manager.
For step-by-step instructions on setting up new printers with Solaris Print Manager, see Chapter 3, Setting Up Printing Services (Tasks).
Solaris Print Manager checks user input for the various text fields in the input screens. There are two types of checking: general illegal input and input that is illegal for specific fields.
Solaris Print Manager does not accept the following characters as input, except for the help screens:
Shell metacharacters, such as “\$^&*(){}`'|;:?<>, except for the destination field on the network printer screen, which accepts colons (:)
Multibyte characters
Pound signs (#), spaces, or tabs, except the description field, which accepts tabs
To start Solaris Print Manager, use either of the following methods:
Select the Solaris LP Print Manager application in the GNOME Desktop.
Type the appropriate command from the command line.
Verify that the following prerequisites are met. To use Solaris Print Manager, you must meet the following requirements:
Have a bitmapped display monitor, such as the standard display monitor that comes with a Sun workstation. Solaris Print Manager can be used only on a system with a console that is a bitmapped screen.
Be running an X Window System, such as the GNOME Desktop Environment, or be using the remote display feature on a system running an xhost environment.
Be logged in as superuser or an equivalent role on the print server to install an attached or network printer, or on the print client to add access to a printer.
Have the required access privileges for managing the LDAP, NIS, or NIS+ database.
If your naming service is LDAP, you must have the following items.
The distinguished name (DN) of a printer administrator and password in the directory.
The name or IP address of an LDAP server hosting the administered domain. This information is usually displayed and selected automatically.
If your naming service is NIS, you must have the root password for the NIS master.
If you naming service is NIS+, you might need to complete the following steps.
Log in to the NIS+ master as superuser.
Identify the group that owns the printers table.
# niscat -o printers.org_dir.domain-name.com . . . Group : "admin.domain-name.com" |
If necessary, add the system that runs Solaris Print Manager to the NIS+ admin group authorized to update the printers.org_dir.<domain> file.
# nisgrpadm -a admin.domain-name.com hostname |
As superuser, log in to the system that runs Solaris Print Manager. Your NIS+ configuration might make it necessary to run the /usr/bin/keylogin command. For more information, see the keylogin(1) man page.
Have the SUNWppm package installed.
# pkginfo | grep SUNWppm system SUNWppm Solaris Print Manager |
Start Solaris Print Manager by using one of the following methods:
Select the Solaris LP Print Manager in the GNOME Desktop.
System -> Administration -> Solaris LP Print Manager
Type the following command:
# /usr/sbin/printmgr & |
You can also start Solaris Print Manager by using the original path of the printmgr command:
# /usr/sadm/admin/bin/printgr & |
The Select Naming Service window overlays the Solaris Print Manager main window.
If Solaris Print Manager fails to start from the GNOME Desktop menu or from the command line, check the following:
Superuser (root) might not have permission to connect to the X-server process on the local system or the remote system. In this case, type the following:
$ ssh -Xhostname $ su (Enter root's password) # /usr/sbin/printmgr & |
Replace hostname with either the local system name or the remote system name before restarting Solaris Print Manager.
Verify that the SUNWppm package is installed on the local system or the remote system.
$ pkginfo | grep SUNWppm |
Select the naming service that is used in your network from the Select Naming Service window. The choices are: LDAP, NIS, NIS+, or files.
Check that the domain name is correct.
The Solaris Print Manager main menu is displayed after the naming service is loaded successfully.
The IPP listening service provides an IPP network protocol service that enables print client systems a means of interacting with a print service on the system that is running the listener. This listener implements server-side IPP protocol support, which includes a broad set of standard operations and attributes. The listener is implemented on Solaris as an Apache module and a series of shared libraries containing IPP operation and wire support. The IPP software stack is installed when the Solaris OS is installed on the system. The listening service is an SMF service that depends on the print service to run. As a result, IPP is automatically enabled on a print server when the first print queue has been added . It is also disabled when the last print queue has been removed. If you make configuration changes, you will need to restart the listener. For more information, see How to Restart the IPP Network Listening Service.
The IPP listening service implementation is embedded under the Apache Web Server. The web server receives IPP operations through HTTP POST requests. When an HTTP POST request is received it is passed on to the Apache IPP module (mod_ipp.so). Based on configuration, the Apache Web Service might provide an authentication service and it might also use encryption between client and server. The listening service runs as it's own dedicated instance of Apache.
IPP support in the Solaris OS is split into server-side and client-side support. Both the server-side and client-side support share some common elements, as well as elements that are unique to the client or server operation. As a result, the IPP client and server components share a code base that implements these common elements. Table Table A–1 describes the components that make up IPP support in the Solaris OS.
The Apache configuration for this web server instance runs as the lp print service user, which provides enough privileges to support all of the existing IPP operations, but limits access to print service specific resources. The listening service runs as its own web server instance, specifically configured to support IPP, which is intended to minimize potential security risks.
On the server-side, IPP configuration changes are made to the /etc/apache/httpd-standalone-ipp.conffile. On the client-side, IPP configuration changes are made to the /etc/printers.conf file.
If you make any configuration changes, you need to restart the service to load the new configuration. For more information, see How to Restart the Print Scheduler.
The IPP listening service configuration file, /etc/apache/httpd-standalone-ipp.conf, is like any normal Apache 1.3 configuration file. The configuration files takes any Apache 1.3 configuration directives that you want to use.
The default configuration includes the following features:
Listening on port 631.
Loading of a minimal set of Apache modules.
Enabling all supported IPP operations at the /printers/ path, for example ipp://server/printers/, without requiring authentication.
The default operations that are enabled for/printers/ is limited to a set of operations that poses less of a security risk. However, all operations are enabled at the /admin/ path, for example ipp://server/admin/, with basic authentication required.
The mod_ipp Apache configuration options to choose from are:
ipp-conformance - Selects the level of protocol checking. The default is automatic, allowing maximum client interaction.
ipp-operation - Allows you to selectively enable or disable IPP operation support for one more IPP operations.
ipp-default-user - Selects the user name to use when contacting the local print service.
The default is lp user, which allows for more functional proxying.
ipp-default-service - Selects the default print service where print requests are directed.
The default is the lpsched daemon.
Conformance checking types are:
Automatic – Only check that the requested operation is supported by the protocol listener. (default)
1.0 – Check that the request conforms to IPP, 1.0
1.1 – Check that the request conforms to IPP, 1.1
The following syntax is used for the IPP operations keywords:
ipp-operation operation enable | disable
For more information about the IPP operation keywords that are used to configure the Apache Web Server, see IPP Operation Keywords.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Open the /etc/apache/httpd-standalone-ipp.conf file in a text editor.
Add the desired IPP server configuration data.
For example:
if mod_ipp is loaded User lp run as "lp" URI: ipp://{host]/printers/{queue} SetHandler application/ipp use mod_ipp for this location ipp-conformance strict enable strict protocol checking (default) ipp-operation all enable enable all supported operations |
Under PAPI support, the bsdaddr value (server,q) is converted to it's equivalent printer-uri-supported value (lpd://server/printers/q), when the printer-uri-supported value is missing from the printers database. However, in some situations, such as when there is a mix of client systems and the queue is on an IPPcapable server, you might need to manually configure this data.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Open the /etc/printers.conf file in a text editor. Add the desired IPP client configuration data.
For example:
/etc/printers.conf:queue: \ :bsdaddr=server,queue,Solaris: \ :printer-uri-supported=ipp\://server/printers/queue: |
For additional information about printing with IPP, Appendix A, Using the Internet Printing Protocol.
For more information about administering printers by using IPP, see Administering Printers by Using the Internet Printing Protocol (Task Map).
Task |
Description |
For Instructions |
---|---|---|
Enable, disable, and restart the IPP network listening service through the Service Management Facility (SMF). |
The IPP listener provides server-side support for IPP. This service is controlled by SMF. You can enable, disable, and restart the IPP network listening service by using he svcadm command. |
How to Enable the IPP Network Listening Service |
Enable, disable, and restart the RFC-1179 network listening service through SMF. |
The RFC-1179 network listening service is controlled by SMF. You can enable, disable, and restart the RFC-1179 network listening service by using the svcadm command. |
How to Enable the RFC-1179 Network Listening Service |
You can enable, disable, and restart the SMB network service through SMF. |
Server-side support for the SMB network service is controlled by SMF and is available through Samba. You can enable, disable, and restart the SMB network listening service by using the svcadm command. |
How to Enable the SMB Network Service |
Network services for the IPP, RFC-1179, and the SMB protocols are managed by SMF.
The FMRI descriptions for these printing services are as follows:
For the IPP listening service, the FMRI is svc:/application/print/ipp-listener.
For the RFC-1179 listening service, the FMRI is svc:/application/print/rfc1179-listener.
For the SMB network service (server-side support), the FMRI is svc:/network/samba or svc:/network/wins. This service is available through Samba.
For more information about SMF services and using the svcadm command, see Chapter 16, Managing Services (Overview), in System Administration Guide: Basic Administration.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To enable the IPP network service, type:
# svcadm enable application/print/ipp-listener |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To disable the IPP network service, type:
# svcadm disable application/print/ipp-listener |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To restart the IPP network service, type:
# svcadm restart application/print/ipp-listener |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To enable the RFC-1179 network listening service, type:
# svcadm enable application/print/rfc1179 |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To disable the RFC-1179 network service, type:
# svcadm disable application/print/rfc1179 |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To restart the RFC-1179 network service, type:
# svcadm restart application/print/rfc1179 |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To enable the SMB network service, type one of the following commands:
# svcadm enable application/print/samba |
# svcadm enable application/print/wins |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To disable the SMB network service, type one of the following commands:
# svcadm disable application/network/samba |
# svcadm disable application/network/wins |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
To restart the SMB network service, type:
# svcadm restart application/network/samba |
# svcadm restart application/network/wins |