Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Enable a Trusted Extensions Client to Access a Printer

    Initially, only the zone in which a print server was configured can print to the printers of that print server. The system administrator must explicitly add access to those printers for other zones and systems. The possibilities are as follows:

  • For a global zone, add access to the shared printers that are connected to a global zone on a different system.

  • For a labeled zone, add access to the shared printers that are connected to the global zone of its system.

  • For a labeled zone, add access to a shared printer that a remote zone at the same label is configured for.

  • For a labeled zone, add access to the shared printers that are connected to a global zone on a different system.

Before You Begin

You must be in the System Administrator role in the global zone.

  1. Verify that you can ping the printer.
    # ping printer-IP-address

    If this command fails, you have a network connection problem. Fix the connection problem, then return to this procedure. For assistance, see Troubleshooting the Trusted Network.

  2. Complete one or more procedures that enable your systems to access a printer.
    • Configure the global zone on a system that is not a print server to use another system's global zone for printer access.
      1. On the system that does not have printer access, assume the System Administrator role.
      2. Add access to the printer that is connected to the remote Trusted Extensions print server.
        # lpadmin -p printer-name -E \
        -v ipp://print-server-IP-address/printers/printer-name-on-server
    • Configure a labeled zone to use its global zone for printer access.
      # lpadmin -p printer-name -E \
      -v ipp://print-server-IP-address/printers/printer-name-on-print-server
    • Configure a labeled zone to use another system's labeled zone for printer access.

      The labels of the zones must be identical.

      1. On the system that does not have printer access, assume the System Administrator role.
      2. Change the label of the role workspace to the label of the labeled zone.
      3. Add access to the printer that is connected to the print server of the remote labeled zone.
        # lpadmin -p printer-name -E \
        -v ipp://zone-print-server-IP-address/printers/printer-name-on-zone-print-server
    • Configure a labeled zone to use an unlabeled print server for printing output with no security information.

      For instructions, see How to Assign a Label to an Unlabeled Print Server.

  3. Test the printers.

    Note - For security reasons, files with an administrative label, ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body pages of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.

    On every client, test that printing works for all accounts that can access the global zone and for all accounts that can access labeled zones.

    1. Print text and PostScript files from the command line.
      # lp /etc/motd ~/PostScriptTest.ps
      % lp $HOME/file1.txt $HOME/PublicTest.ps
    2. Print files from your applications, such as mail, your text editor, Adobe Reader, and your browser.
    3. Verify that banner pages, trailer pages, and body page labels print correctly.