Chapter 3 Setting Up Network Printing Services (Tasks)

This chapter describes how to set up the printing services that are required to create and manage printers on a network by using the Internet Printing Protocol, the RFC-1179 protocol, or the SMB protocol..

This is a list of the information that is in this chapter:

• Configuring the Internet Printing Protocol (Task Map)

• Enabling, Disabling, and Restarting Network Printing Services (Task Map)

For overview information, see Chapter 1, Introduction to Printing in the Oracle Solaris Operating System.

For printer setup information, see Chapter 5, Setting Up Printers by Using LP Print Commands (Tasks).

Configuring the Internet Printing Protocol (Task Map)

Table 3–1 Configuring IPP (Task Map)

Task	Description	For Instructions
Configure IPP server-side support.	For IPP server-side support, you can customize the listening service by adding directives to the Apache configuration file on the server.	How to Configure IPP Server Data
Configure IPP client-side support.	For IPP client-side support, queue configuration data is stored in the printers.conf configuration database. This database contains entries for each configured print queue.	How to Configure IPP Client Data

Configuring the Internet Printing Protocol

The IPP listening service provides an IPP network protocol service that enables print client systems a means of interacting with a print service on the system that is running the listener. This listener implements server-side IPP protocol support, which includes a broad set of standard operations and attributes. The listener is implemented on Oracle Solaris as an Apache module and a series of shared libraries containing IPP operation and wire support. The IPP software stack is installed when the Oracle Solaris OS is installed on the system. The listening service is an SMF service that depends on the print service to run. As a result, IPP is automatically enabled on a print server when the first print queue has been added . It is also disabled when the last print queue has been removed. If you make configuration changes, you will need to restart the listener. For more information, see How to Restart the IPP Network Listening Service.

The IPP listening service implementation is embedded under the Apache Web Server. The web server receives IPP operations through HTTP POST requests. When an HTTP POST request is received it is passed on to the Apache IPP module (mod_ipp.so). Based on configuration, the Apache Web Service might provide an authentication service and it might also use encryption between client and server. The listening service runs as it's own dedicated instance of Apache.

IPP support in the Oracle Solaris OS is split into server-side and client-side support. Both the server-side and client-side support share some common elements, as well as elements that are unique to the client or server operation. As a result, the IPP client and server components share a code base that implements these common elements. Table Table A–1 describes the components that make up IPP support in the Oracle Solaris OS.

Configuring IPP Server and Client Data

The Apache configuration for this web server instance runs as the lp print service user, which provides enough privileges to support all of the existing IPP operations, but limits access to print service specific resources. The listening service runs as its own web server instance, specifically configured to support IPP, which is intended to minimize potential security risks.

On the server-side, IPP configuration changes are made to the /etc/apache/httpd-standalone-ipp.conf file. On the client-side, IPP configuration changes are made to the /etc/printers.conf file.

---

Note –

If you make any configuration changes, you need to restart the service to load the new configuration. For more information, see How to Restart the Print Scheduler.

---

The IPP listening service configuration file, /etc/apache/httpd-standalone-ipp.conf, is like any normal Apache 1.3 configuration file. The configuration files takes any Apache 1.3 configuration directives that you want to use.

The default configuration includes the following features:

• Listening on port 631.

• Loading of a minimal set of Apache modules.

• Enabling all supported IPP operations at the /printers/ path, for example ipp://server/printers/, without requiring authentication.

The default operations that are enabled for/printers/ is limited to a set of operations that poses less of a security risk. However, all operations are enabled at the /admin/ path, for example ipp://server/admin/, with basic authentication required.

The mod_ipp Apache configuration options to choose from are:

• ipp-conformance – Selects the level of protocol checking. The default is automatic, allowing maximum client interaction.

• ipp-operation – Allows you to selectively enable or disable IPP operation support for one more IPP operations.

• ipp-default-user – Selects the user name to use when contacting the local print service.

  The default is lp user, which allows for more functional proxying.

• ipp-default-service – Selects the default print service where print requests are directed.

  The default is the lpsched daemon.

Conformance checking types are:

• Automatic – Only check that the requested operation is supported by the protocol listener, which is the default.

• 1.0 – Check that the request conforms to IPP, 1.0.

• 1.1 – Check that the request conforms to IPP, 1.1.

IPP Keywords for Apache Web Server Configuration

The following syntax is used for the IPP operations keywords:

ipp-operation operation enable | disable

For more information about the IPP operation keywords that are used to configure the Apache Web Server, see IPP Operation Keywords.

How to Configure IPP Server Data

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Open the /etc/apache/httpd-standalone-ipp.conf file in a text editor.

3. Add the desired IPP server configuration data.

   For example:

   if mod_ipp is loaded User lp run as "lp" URI: ipp://{host]/printers/{queue} SetHandler application/ipp use mod_ipp for this location ipp-conformance strict enable strict protocol checking (default) ipp-operation all enable enable all supported operations

How to Configure IPP Client Data

Under PAPI support, the bsdaddr value (server,q) is converted to it's equivalent printer-uri-supported value (lpd://server/printers/q), when the printer-uri-supported value is missing from the printers database. However, in some situations, such as when there is a mix of client systems and the queue is on an IPP capable server, you might need to manually configure this data.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Open the /etc/printers.conf file in a text editor. Add the desired IPP client configuration data.

   For example:

   /etc/printers.conf:queue: \ :bsdaddr=server,queue,Solaris: \ :printer-uri-supported=ipp\://server/printers/queue:

See Also

For additional information about printing with IPP, Appendix A, Using the Internet Printing Protocol.

For more information about administering printers by using IPP, see Administering Printers on a Network When Using the Internet Printing Protocol (Task Map).

Enabling, Disabling, and Restarting Network Printing Services (Task Map)

Table 3–2 Enabling, Disabling, and Restarting Printing Services: Task Map

Task	Description	For Instructions
Enable, disable, and restart the IPP network listening service through the Service Management Facility (SMF).	The IPP listener provides server-side support for IPP. This service is controlled by SMF. You can enable, disable, and restart the IPP network listening service by using he svcadm command.	How to Enable the IPP Network Listening Service How to Disable the IPP Network Listening Service How to Restart the IPP Network Listening Service
Enable, disable, and restart the RFC-1179 network listening service through SMF.	The RFC-1179 network listening service is controlled by SMF. You can enable, disable, and restart the RFC-1179 network listening service by using the svcadm command.	How to Enable the RFC-1179 Network Listening Service How to Disable the RFC-1179 Network Listening Service How to Restart the RFC-1179 Network Listening Service
You can enable, disable, and restart the SMB network service through SMF.	Server-side support for the SMB network service is controlled by SMF and is available through Samba. You can enable, disable, and restart the SMB network listening service by using the svcadm command.	How to Enable the SMB Network Service How to Disable the SMB Network Service How to Restart the SMB Network Service

Managing Network Printing Services

The FMRI descriptions for the SMF services for the IPP, RFC-1179, and the SMB protocols are as follows:

• For the IPP listening service, the FMRI is svc:/application/print/ipp-listener.

• For the RFC-1179 listening service, the FMRI is svc:/application/print/rfc1179-listener.

• For the SMB network service (server-side support), the FMRI is svc:/network/samba or svc:/network/wins. This service is available through Samba.

  For more information about SMF services and using the svcadm command, see Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration.

How to Enable the IPP Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To enable the IPP network service, type:

   # svcadm enable application/print/ipp-listener

How to Disable the IPP Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To disable the IPP network service, type:

   # svcadm disable application/print/ipp-listener

How to Restart the IPP Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To restart the IPP network service, type:

   # svcadm restart application/print/ipp-listener

How to Enable the RFC-1179 Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To enable the RFC-1179 network listening service, type:

   # svcadm enable application/print/rfc1179

How to Disable the RFC-1179 Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To disable the RFC-1179 network service, type:

   # svcadm disable application/print/rfc1179

How to Restart the RFC-1179 Network Listening Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To restart the RFC-1179 network service, type:

   # svcadm restart application/print/rfc1179

How to Enable the SMB Network Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To enable the SMB network service, type one of the following commands:

   # svcadm enable application/print/samba

   # svcadm enable application/print/wins

How to Disable the SMB Network Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To disable the SMB network service, type one of the following commands:

   # svcadm disable application/network/samba

   # svcadm disable application/network/wins

How to Restart the SMB Network Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. To restart the SMB network service, type:

   # svcadm restart application/network/samba

   # svcadm restart application/network/wins