# basic basic printer sharing

## curmudgeon

I don't know what I am missing here. I am trying to share a printer to other non-linux machines.

Here is the cupsd.conf:

```

LogLevel warn

# Allow remote access

Port 631

Listen /run/cups/cups.sock

# Share local printers on the local network.

Browsing On

BrowseLocalProtocols 

DefaultAuthType Basic

WebInterface Yes

<Location />

  # Allow shared printing...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin>

  Order deny,allow

</Location>

<Location /admin/conf>

  AuthType Default

  Order deny,allow

  Require user @SYSTEM

</Location>

<Policy default>

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

<Policy authenticated>

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    AuthType Default

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Cancel-Job CUPS-Authenticate-Job>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

```

The printers look like (note shared is yes):

```

<Printer foo>

UUID urn:uuid:00000000-0000-0000-0000-000000000000

Info foo

MakeModel Generic foo Printer

DeviceURI usb://foo

State Idle

StateTime 1000000000

Type 0000000

Accepting Yes

Shared Yes

JobSheets none none

QuotaPeriod 0

PageLimit 0

KLimit 0

OpPolicy default

ErrorPolicy stop-printer

</Printer>

```

But if I go to: http://localhost:631/printers/  and click on foo, I see "foo (Idle, Accepting Jobs, Not Shared)"

And of course (far more important), other machines on the network can't see the printers

No doubt I am missing something painfully obvious, but I just can't see it.Last edited by curmudgeon on Mon Jan 06, 2014 1:11 am; edited 2 times in total

----------

## lexflex

Hi,

Maybe you can try to allow some specific IP range ( like  Allow 192.168.0.*  )  or IP address to test ( instead of @local) just to see if that works. I had some problems with defining 'allow' ranges myself  some time ago ( but cant remember the details).

Alex.

----------

## dmpogo

I don't like your empty BrowseLocalProtocols statement,  although if you use cups >= 1.6 and want to use any protocol but DNSSD (i.e avahi/bonjour), you need to run separate cups-browsed daemon, and all BrowseLocalProtocols CUPS directives go into cups-browsed.conf, with something like

BrowseLocalProtocols CUPS,DNSSD

Actually, I am not sure that web interface is aware about separate cups-browsed  nowdays.

BrowseProtocols statements are useless in cupsd.conf,   since cupsd itself only supports and always uses DNSSD.  But empty string may preclude browsing, comment it out.

----------

## 666threesixes666

if they are doze machines maybe its the samba printer sharing you be looking for?

----------

## curmudgeon

 *dmpogo wrote:*   

> I don't like your empty BrowseLocalProtocols statement,  although if you use cups >= 1.6 and want to use any protocol but DNSSD (i.e avahi/bonjour), you need to run separate cups-browsed daemon, and all BrowseLocalProtocols CUPS directives go into cups-browsed.conf, with something like
> 
> BrowseLocalProtocols CUPS,DNSSD

 

I am confused. I thought that cup-browsed was for searching for remote printers. Is it also necessary for broadcasting local printers?

Actually, I guess I am confused with the whole terminology of "sharing" a printer. Does that mean broadcasting its existence or simply allowing remote printing (I can probably live with the later assuming I can specify printers correctly on remote machines).

----------

## curmudgeon

 *666threesixes666 wrote:*   

> if they are doze machines maybe its the samba printer sharing you be looking for?

 

I thought that was the "old" way to do it. :)

For example:

https://wiki.archlinux.org/index.php/CUPS_printer_sharing

"The preferred way to connect a Windows client to a Linux print server is using IPP. It's a standard printer protocol based on HTTP, allowing you all ways to profit from port forwarding, tunneling etc. The configuration is very easy and this way is less error-prone than using Samba. IPP is natively supported by Windows since Windows 2000."

----------

## 666threesixes666

yeah, this is the new way

http://assets.sbnation.com/assets/3006205/office-space-printer-beat-down-gif.gif

 :Laughing: 

im pretty sure the computer printing has to have the printer drivers on it.  last time i had a networked printer it was wifi aware and it was like that....  i think what you're trying to do is similar only with a nix box between the two.

as original post says "Not Shared" doze boxes wont like that, switch it to shared...  and make doubly sure that the doze boxes have the printer drivers.

----------

## curmudgeon

 *666threesixes666 wrote:*   

> m pretty sure the computer printing has to have the printer drivers on it.  last time i had a networked printer it was wifi aware and it was like that....  i think what you're trying to do is similar only with a nix box between the two.

 

I did install the printer driver on the client machine, so that shouldn't be the problem.

 *666threesixes666 wrote:*   

> as original post says "Not Shared" doze boxes wont like that, switch it to shared...  and make doubly sure that the doze boxes have the printer drivers.

 

Well , that is what I am trying to figure out how to do. :) I don't know how to make cups see the printer as "shared."

----------

## 666threesixes666

theres a search feature in top right of cups ui found @ localhost:631

http://localhost:631/help/sharing.html?QUERY=share#SERVER_CONFIG

 :Twisted Evil: 

im pretty sure it will be a setting like "publish printer" it might be oddly worded

----------

## dmpogo

 *curmudgeon wrote:*   

>  *dmpogo wrote:*   I don't like your empty BrowseLocalProtocols statement,  although if you use cups >= 1.6 and want to use any protocol but DNSSD (i.e avahi/bonjour), you need to run separate cups-browsed daemon, and all BrowseLocalProtocols CUPS directives go into cups-browsed.conf, with something like
> 
> BrowseLocalProtocols CUPS,DNSSD 
> 
> I am confused. I thought that cup-browsed was for searching for remote printers. Is it also necessary for broadcasting local printers?
> ...

 

Yes, you need cups-browsed also for broadcast if you want to broadcast printers with any protocol other than DNSSD

'Sharing'  was not CUPS terminology, and in Windows world it meant to make printers visible on the network as well as allow remote access to them.

It is easy to see what 'sharing button' does  at localhost:631  -   web interface simply rewrites cupsd.conf,  so you can compare cupsd.conf with and without this button checked.   I suspect it just sets Browsing directive to 'on'.

I don't have CUPS nearby,  but I suspect that, regretfully,  localhost:631 web interface will not modify cups-browsed.conf  (simply because that web interface is still in Apple hands who do not care about existence of cups-browsed). But I may be mistaken.

----------

## curmudgeon

I am getting absolutely nowhere with this.

I do have cups-browsed running, and all of the other linux machines on the network see all of the printers every time a print dialog box pops up, even though the cups printer page still says "not shared" (yes, the other linux machines can actually print to it).

But I still can't get the printer installed on windows.

On the windows machine, the internet printing client (windows features) is turned on (not sure I really need that, but I have been trying absolutely everything).

On the windows machine, In advanced sharing settings, network discovery is turned on.

When I go to "add printer" / "add a network, wireless, or bluetooth printer" / " the printer that i want isn't listed", and then enter the printer in the "select a shared printer by name" box, I immediately get:

"Connect to Printer

Windows couldn't connect to the printer. Check the printer name and try again. If this is a network printer, make sure that the printer is turned on, and the the printer address is correct."

I entered as the printer "http://10.0.0.10:631/printers/printer"

Pasting the printer string in a browser on the windows machine connects to the printer page on the linux machine immediately.

The linux machine with the printer is 10.0.0.10, and the windows machine is 10.0.0.20.

Running a tcpdump on the linux machine produces these packets (when I press the "next" button):

```

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on net0, link-type EN10MB (Ethernet), capture size 65535 bytes

00:00:00.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 68

00:00:01.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 68

00:00:02.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 68

00:00:03.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:00:04.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:00:05.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:00:06.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:00:07.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:00:08.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

```

So tcpdump does not even see an attempted connection from the windows machine.

I also tried "browse for a printer" just to see what packets I could see, and got this:

```

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on net0, link-type EN10MB (Ethernet), capture size 65535 bytes

00:01:00.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:01:01.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:01:02.000000 IP 10.0.0.20.netbios-ns > 10.0.0.255.netbios-ns: UDP, length 50

00:01:03.000000 IP 10.0.0.20.52501 > 239.255.255.250.3702: UDP, length 713

00:01:04.000000 IP 10.0.0.20.52501 > 239.255.255.250.3702: UDP, length 713

00:01:05.000000 ARP, Request who-has 10.0.0.3 tell 10.0.0.20, length 46

00:01:06.000000 ARP, Request who-has 10.0.0.4 tell 10.0.0.20, length 46

00:01:07.000000 ARP, Request who-has 10.0.0.5 tell 10.0.0.20, length 46

00:01:08.000000 ARP, Request who-has 10.0.0.6 tell 10.0.0.20, length 46

00:01:09.000000 ARP, Request who-has 10.0.0.7 tell 10.0.0.20, length 46

00:01:10.000000 ARP, Request who-has 10.0.0.8 tell 10.0.0.20, length 46

00:01:11.000000 ARP, Request who-has 10.0.0.9 tell 10.0.0.20, length 46

00:01:12.000000 ARP, Request who-has 10.0.0.10 tell 10.0.0.20, length 46

00:01:12.000000 ARP, Reply 10.0.0.10 is-at 00:11:22:33:44:55 (oui Unknown), length 28

00:01:12.000000 IP 10.0.0.20.52503 > 10.0.0.10.snmp:  GetNextRequest(23)  43

00:01:12.000000 IP 10.0.0.10 > 10.0.0.20: ICMP 10.0.0.10 udp port snmp unreachable, length 74

00:01:13.000000 ARP, Request who-has 10.0.0.11 tell 10.0.0.20, length 46

00:01:14.000000 ARP, Request who-has 10.0.0.12 tell 10.0.0.20, length 46

00:01:15.000000 ARP, Request who-has 10.0.0.13 tell 10.0.0.20, length 46

[...]

```

I am wondering if the "udp port snmp unreachable" means anything important.

I don't have a clue about that (and I am hoping someone here does). :)

----------

## cwr

It might be worth running wireshark on the _Linux_ machine while trying

to load a printer from the _Windows_ machine; that will tell you exactly

what the Windows machine is trying to do, right down to the packet leve,

and you can take it from there.

Will

----------

## curmudgeon

 *cwr wrote:*   

> It might be worth running wireshark on the _Linux_ machine while trying
> 
> to load a printer from the _Windows_ machine; that will tell you exactly
> 
> what the Windows machine is trying to do, right down to the packet leve,
> ...

 

Maybe I am stupid, but what packets are wireshark going to see that tcpdump doesn't (they both use libpcap)?

There basically aren't any packets (maybe I should run wireshark on the windoze machine).

----------

## cwr

Well, if no packets are arriving at the Linux machine the Windows machine isn't

transmitting any; at a guess, they are  being stopped by the Windows firewall,

which I've had problems with  before.

Will

----------

## curmudgeon

 *cwr wrote:*   

> Well, if no packets are arriving at the Linux machine the Windows machine isn't
> 
> transmitting any; at a guess, they are  being stopped by the Windows firewall,
> 
> which I've had problems with  before.

 

I have windows firewall completely turned off

Wireshark reveals that the windows machine is seeing the ipp packets from the linux server (including the URL of the printer I am trying to connect to), but it is sending absolutely nothing when I push the "next" button to add the printer. Windows is just not trying to connect at all, and I have no idea why.

----------

## linuxfan

Has anybody found a solution for this? I have the same problem and it is driving me crazy. I even tried to fiddle with the Windows 7 registry as hinted by:

http://ubuntuforums.org/showthread.php?t=1824426

but alas, to no avail.  :Crying or Very sad:  [/url]

Will try, if I can at least print from another linux client.

----------

## linuxfan

In the meantime I have been able to test it with a second machine running sabayon. I just added the print-server in /etc/cups/client.conf and accessed via IPP. 

No problem. So I doubt it is a general cupsd configuration problem.

----------

