[cups.general] hiding unwanted printers
Lucio Chiappetti
lucio at lambrate.inaf.it
Fri Sep 12 03:28:18 PDT 2008
On Thu, 11 Sep 2008, John Hodrien wrote:
> On Thu, 11 Sep 2008, Lucio Chiappetti wrote:
>> In our institute the "typical user workstation" is a Linux CUPS client
>> of a single CUPS server (running CUPS 1.2.7 under SuSE Linux). [...]
>> occasionally [...] some moron connects his own machine [...] and
>> misconfigures it to announce to be a CUPS server. [...] all users
>> [see] an excessively long list of printers.
> Why not just set the machines up without cups running, and have
> /etc/cups/client.conf:
> ServerName cupsserver.my.domain
That's exactly our INTENDED configuration, The well-behaved workstations
(actually the permanent ones, part of our NIS domain) SHOULD all be
configured as clients without cupsd. Anyhow I found one where cupsd was
running for unclear reasons (althoough yast2 said it was not enabled nor
associated to any runlevel), I stopped it, and still showed the problem
.... the wrong list of printers is propagated by the CUPS server !
(in fact this morning the list was different than the one of yesterday,
different morons ... but we cannot forbid our staff nor visitors to
connect their laptops to DHCP or to add dedicated machines outside of the
NIS domain)
> That gets the client only talking to your server which I'm assuming will
> have browsing disabled.
This issue of browsing is a bit unclear to us (is it a matter of ISSUING
announcements or RECEIVING announcements ?) and it is not sure whether
yast2 copes with it correctly.
yast2-> hardware-> printer -> other -> expert cups setting-> cups server
setting contains a "browsing on / off"
yast2-> hardware-> printer -> other -> change IPP listen contains a tick
box "Listen to IPP broadcast packets" and a select address button
Now it looks like that the "Listen to IPP broadcast packets" tick box has
no counterpart in /etc/cupsd.conf but toggles the Browsing On/Off as the
"browsing on / off" radio button.
After a few unsuccessful attempts (inclusive of browsing off having no
effect), we ended up modifying (partly manually) cupsd.conf to contain
Browsing On
BrowseOrder Deny,Allow
BrowseAllow none
BrowseDeny all
This originally seemed to have no effect. At this point we turned off in
the firewall both the IPP client and server protocols. Turning off the IPP
server seemed to have the wished effect (the web page on port 631 of the
server showed ONLY the network printers defined there), but caused a
disaster on all the clients (who could not see any printer).
However after reopening the firewall, with the same cupsd.conf above we
continue seeing only the correct network printers, despite the fact the
moron machines may still be on.
In fact our sysman got hold of one of those and had it properly
configured (which in principle is what we do NOT want to do, we want
simply not see them) ... the others do not show up on the web page on port
631 ... and therefore we cannot do any more test).
Could it be that our cupsd.conf is correct, but there was some cache
somewhere that the turning off and back on of the firewall has cleared ?
--
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------
Do not blame ME, I did NOT vote Berlusconi.
------------------------------------------------------------------------
More information about the cups
mailing list