Users send print jobs to the single-label printer at the same label assigned to the print server.
Assume the Security Administrator role and go to an ADMIN_LOW
workspace.
Open the Solaris Management Console in the desired scope.
Click Trusted Solaris Management Console, then Computers and Networks. Provide a password when prompted.
Assign a template to the print server with the desired label.
The template is assigned to the IP address of the unlabeled print server.
See Chapter 8, Specifying Routing and Security for Remote Computers for how the Security Administrator assigns a single label to an unlabeled computer.
Assume the System Administrator role and go to an ADMIN_LOW
workspace.
In the System_Admin folder in the Application Manager, double-click the Printer Administrator action.
Choose files to update local files or choose either NIS, NIS+(xfn) or NIS+ for a naming service.
Connect the printer to a serial or parallel port on a print server using the appropriate cable, as described in the printer's installation guide.
Assume the System Administrator role on the print server, and go to an ADMIN_LOW
workspace.
If the printer is connected to a serial port, make sure the correct baud rate is set, using the Serial Port tool from the Solaris Management Console Devices and Hardware manager.
See the printer documentation for the correct baud rate. See also "Adjusting Printer Port Characteristics" in System Administration Guide, Volume 2.
Bring up the Printer Administrator tool as described in "To Launch the Printer Administrator Action".
Choose New Attached Printer from the Printer menu.
If needed, follow the procedure "How to Add a New Attached Printer With Solaris Print Manager" in the "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.
Do not change the Printer Type and File Contents settings from the default value of PostScript. If you do, printing will not work.
If the default printer label range of ADMIN_LOW
to ADMIN_HIGH
is acceptable, you are done.
To restrict the label range for the printer, go to "To Configure a Restricted Label Range for a Printer".
A network printer must be managed by a Trusted Solaris print server in order to print labeled output. A network printer prints only at a single-label assigned to it in a Security Families template.
Pick a printer name to be used as its host name, and assign the printer an IP address.
Set up the printer as described in the printer's documentation.
Assume the System Administrator role on the Trusted Solaris print server, and go to an ADMIN_LOW
workspace.
Add an entry for the printer using the Computers tool in the Solaris Management Console.
The scope of the toolbox that you load determines whether the entry is made in the local hosts file, NIS map or NIS+ table.
Create a new unlabeled tamplate assigning it the ADMIN_HIGH
label.
Double-click Trusted Solaris Configuration->Computers and Networks->Security Families.
In the Action menu, select Add->Template.
On the New Template dialog->Basic Information tab
Assign a Name.
Select Unlabeled from the Host Type menu and specify the Minimum Label and the Maximum Label as ADMIN_HIGH
.
Assign a Label and a Clearance of ADMIN_HIGH
, and click OK in the New Template dialog box.
Assign the new template to the host name or IP address of the printer by double-clicking the icon for the new template.
In the Action menu, select Add->Host.
In the New Remote Host Entry dialog, enter the Host Name and IP address, then click OK.
Configure the printer on the Trusted Solaris computer using the LP administration commands.
Complete the setup of the Network printer on the Trusted Solaris computer by following the procedure "How To Add A Network Printer Using LP Commands" in the "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.
Do this procedure only if you need to restrict the label range for a printer that is controlled by a Trusted Solaris print server. The default printer label range is ADMIN_LOW
to ADMIN_HIGH
.
Assume the Security Administrator role and go to an ADMIN_LOW
workspace.
See "To Log In and Assume a Role", if needed.
Bring up the Device Allocation Manager.
Either select the Allocate Device option from the Trusted Path menu or launch the Device Allocation Manager action from the Tools subpanel on the Front Panel.
Click the Device Administration button to display the Device Allocation: Administration dialog box.
Select the name of the new printer.
Click the Configure button to display the Device Allocation: Configuration dialog box, as shown in the following figure.
Change the label range as desired by clicking the Min Label and Max Label buttons and using the label builders that display to select the desired label.
Click the OK button on the Configuration dialog box to save the label changes, click the OK button on the Administration dialog box to close it, and then close the Device Allocation Manager.
If either NIS+ or NIS was specified as the naming service when the print server is configured, this procedure is not needed on any NIS+ or NIS clients in the domain.
On the local computer, access the Printer Administrator.
See "To Launch the Printer Administrator Action", if needed.
See How to Add Printer Access With Solaris Print Manager in "Setting Up Printers (Tasks)" in System Administration Guide, Volume 2.
If the Always Print Banner check box on the Printer Administrator dialog is checked, banner and trailer pages always print, even if the user has the solaris.print.nobanner
authorization and uses the -o nobanner option
to lp.
Bring up the Printer Administrator on the print server.
See "To Launch the Printer Administrator Action", if needed.
Make sure that the Always Print Banner check box is not checked.
Exit the Printer Administrator.
Make sure that the solaris.print.nobanner
authorization is in one of the profiles assigned to each user or role that is allowed to print without banner and trailer pages.
See "To Assign Printing-Related Authorization(s) to an Account", if needed.
Instruct the user or role to submit jobs using the lp command with the option -o nobanner.
trustworthy% lp -o nobanner staff.mtg.notes |
Assume the Security Administrator role and go to an ADMIN_LOW
workspace.
Bring up the User Accounts tool.
Make sure that the desired print-related authorization is contained in one of the user's rights profiles.
Assume the Security Administrator role and go to an ADMIN_LOW
workspace.
Use the Admin Editor action to edit the /usr/lib/lp/postscript/tsol_separator.ps file.
See "To Edit a Local File", if needed.
Find the following lines:
%% To eliminate page labels completely, change this line to %% set the page label to an empty string: /PageLabel () def /PageLabel Job_SL_Internal def |
The value of Job_PageLabel may have been changed at your site.
Replace the value of /PageLabel with an empty parentheses.
/PageLabel () def |
Make sure that the Print Without Label authorization is in one of the profiles assigned to each user or role that is allowed to print jobs without labels at the top and bottom of each page.
See "To Assign Printing-Related Authorization(s) to an Account", if needed.
Make sure that the user or role submits jobs using lp with the option -o nolabels.
trustworthy% lp -o nolabels staff.mtg.notes |
Doing this procedure enables an authorized user or role to print jobs without labels when working at any label.
Files that are available to the general public may be printed on an unlabeled printer.
In the tnrhdb/tnrhtp entries that define an unlabeled print server, assign to the print server the appropriate label.
For example, a site may label files that are available to the general public as PUBLIC or UNCLASSIFIED.
Do the following three steps for each user or role allowed to print publicly-readable files without page labels.
Make sure that the public label is in each account's personal label range.
Instruct each user to define the PRINTER variable in the appropriate shell initialization file in the user's publicly-labeled home directory SLD.
Go to the publicly-labeled home directory SLD.
Open the .login or .profile file (as appropriate) for editing.
Define the PRINTER
variable to be the name of the printer connected to the unlabeled print server.
When a printer named nolabels is connected to a single-label print server whose label is PUBLIC, the .login or .profile file in the PUBLIC SLD directory would have the following environment variable defined.
setenv PRINTER nolabels |
Write and quit the file.
Have each affected account log out and log in again to put the changed printer definitions in effect.
Have each affected account create and print jobs that need to be printed without labels from within the publicly-labeled SLD.