Policy with multiple cases for different clients

voravit voravit at kth.se
Wed Jan 23 13:42:43 PST 2008


Hi,

I would like to set up CUPS policy to have different rules for different machines from different networks. Does anyone have any suggestion?

My scenario is that I would like to allow all machines in one network to be able to print. But those machines from other networks will need to be authenticated before printing.

I tried to search on the Internet but couldn't find a way to have policy that check cases like I want to. For example, allow from 192.168.1.0/24 otherwise authenticate for valid user from all other networks.

My server is Ubuntu 7.10 server without GUI.
I follow "managing operation policies" on cups website to create something similar to creating a computer lab example. But, I can only limit printing from a certain network.

I tried to test the authentication to see how it work by adding a "Require" statement as shown in the configuration below, but it doesn't seem to work like I expect.

  <Limit All>
    Require user test ##perhaps I could also use "Require valid-user" here?
    Order allow,deny
    Allow from 192.168.1.0/24
  </Limit>

All it does is to force the printer section on the web interface to require authentication, which in this case accepts only authenticated test user.

I configures my hosts by adding printer directly and haven't tried to install CUPS client on them. I wonder if this is really a must or is there a way around it?
So far I just add printer directly on my hosts. (Add printer in windows and GUI in linux - I have fedora, which probably use CUPS?)

In addition, I have one more question regarding user showed under job section on CUPS web interface.

As I mention, When I didn't have "Require user test" in the configuration, the printer works fine within the allowed network. But I noticed that under job section, the user showed there is the actual user from the machine that print the job. For example, I get "Administrator" as a user for all the jobs coming from windows machines. Could someone explain why is it so? and is there any way to force the web interface to show user as something else for example IP address of a machine.

I would really appreciate if anyone could help me with this.

Best regards,
/Voravit






More information about the cups mailing list