Policy with multiple cases for different clients
John A. Murdie
john at cs.york.ac.uk
Wed Jan 23 14:04:47 PST 2008
> Hi,
>
> I would like to set up CUPS policy to have different rules for different machines from different networks. Does anyone have any suggestion?
>
> My scenario is that I would like to allow all machines in one network to be able to print. But those machines from other networks will need to be authenticated before printing.
>
> I tried to search on the Internet but couldn't find a way to have policy that check cases like I want to. For example, allow from 192.168.1.0/24 otherwise authenticate for valid user from all other networks.
>
> My server is Ubuntu 7.10 server without GUI.
> I follow "managing operation policies" on cups website to create something similar to creating a computer lab example. But, I can only limit printing from a certain network.
>
> I tried to test the authentication to see how it work by adding a "Require" statement as shown in the configuration below, but it doesn't seem to work like I expect.
I think that you're only missing a "Satisfy any" in there. I do something similar at my site for desktops (which are trusted to print) and laptops (whose users must authenticate to print):
<Policy default>
# Job-related operations must be done by the owner or an adminstrator...
# Desktops trusted, laptops must authenticate.
<Limit Create-Job Print-Job Send-Document Send-URI>
Order allow,deny
Allow from a.b.c.0/x # desktops
Require valid-user # laptops
Satisfy any
</Limit>
<Limit Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Order allow,deny
Require user @OWNER @SYSTEM @admins
</Limit>
...
See my very recent posting - http://www.cups.org/newsgroups.php?gcups.general+v:31740 for the entire cupsd.conf.
John A. Murdie
More information about the cups
mailing list