CUPS queues don't work with Wide Area Bonjour...help!

Julian Daniel jdaniel at smcdsb.on.ca
Wed Jan 4 22:17:14 PST 2012


I'm completely flummoxed!

My school board is installing new switches in all our schools, and moving from a single flat VLAN to multiple - one for printers, one for server, one for client workstations. Printing queues advertised with Bonjour worked fine on the old network, but multiple VLANs breaks all that since Bonjour is in the unrouteable multicast range (which makes sense, since it's not meant to work outside of the local network). I have old Tiger servers at the schools, running on hardware that doesn't do VLANs (old G4 towers), so advertising queues with Bonjour using the school server can't get me by.

I've set up BIND (DNS) to show my CUPS IPP print queues from a central Lion workstation (elemprtsrv01.example.com) in the school's subnet (10.159.40.0/22; academic-wrd.scd.example.com) as follows (my domain substituted with example.com for anonymity) - the relevant section snipped from the rest of the zone file:


$ORIGIN academic-wrd.scd.example.com.
;
; Wide Area Bonjour Browsing
;
b._dns-sd._udp                    IN PTR          @
lb._dns-sd._udp                    IN PTR          @
db._dns-sd._udp                    IN PTR          @
;
; Wide Area Bonjour Printing
;
SCD-234-Q._printer._tcp          IN          SRV          0          0  631          elemprtsrv01.example.com.
;
_printer._tcp                                         IN PTR          SCD-234-Q._printer._tcp
_cups._sub._ipp._tcp                     IN PTR          SCD-234-Q._printer._tcp
_ipp._tcp                                                   IN PTR          SCD-234-Q._printer._tcp
_universal._sub._ipp._tcp           IN PTR          SCD-234-Q._printer._tcp
;
SCD-234-Q._printer._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=printers/SCD234Q" "note=2nd Floor Workroom" "ty=Xerox WorkCentre 5755, EXAMPLE Student 2.2" "product=(EXAMPLE-22STUD-XeroxWC5775)" "printer-state=3" "printer-type=0x80B0F6" "Transparent=T" "Binary=T" "Fax=F" "Punch=T" "Bind=F" "Sort=T" "Scan=F" "Duplex=T" "Staple=T" "Copies=T" "Collate=T" "Color=F" "pdl=application/pdf,application/postscript,application/octet-stream,image/jpeg ,image/png" )


The relevant section of the /etc/cupsd.conf file on elemprtsrv01 (10.100.1.73) looks like this:


ServerAlias elemprtsrv01.example.com
ServerAlias printerserver.academic-wrd.scd.example.com
MaxLogSize 20m
MaxCopies 100
LogLevel debug2
SystemGroup admin
SystemGroupAuthKey system.print.admin
# Allow remote access
#Port 631
Listen 10.100.1.73:631
Listen 127.0.0.1:631
Browsing On
BrowseOrder deny,allow
BrowseRemoteProtocols cups
BrowseLocalProtocols cups dnssd
DefaultEncryption Never
DefaultAuthType Basic
WebInterface Yes
BrowseWebIF No
MaxClients 1000
RootCertDuration 300
<Location />
  # Allow remote access...
  Order deny,allow
  Allow all
  AuthType None
</Location>
<Location /rss>
  Order deny,allow
  Allow all
</Location>
<Location /printers>
  Order deny,allow
  Allow all
  AuthType None
  Encryption Never
</Location>
<Location /jobs>
  Order deny,allow
  Allow all
  AuthType None
  Encryption Never
</Location>

If I use Bonjour Browser on the print server network and on the school's academic-wrd.scd.example.com subnet, I see identical info to that provided by my DNS records - in other words, Wide Area Bonjour (WAB) appears to be working and providing the necessary details.

When I try to add a printer on a school workstation, the WAB printer appears...though the PPD ("(EXAMPLE-22STUD-XeroxWC5775)" should match SCD234Q.ppd from the server queue) doesn't get imported from the server and I get a Generic Printer Description instead. When I try to print on the client, I see promising notes about connecting to the print server, but then it always pauses the queue. Here's the relevant section from /etc/cups/ppd/SCD234Q.ppd:


*Manufacturer: "Xerox"
*ModelName: "Xerox WorkCentre 5775"
*ShortNickName: "Xerox WorkCentre 5775"
*NickName: "Xerox WorkCentre 5755, EXAMPLE Student 2.2"
*PCFileName: "XRWC5775EXAMPLESTUD22.PPD"
*Product: "(EXAMPLE-22STUD-XeroxWC5775)"
*PSVersion: "(3010.106) 3000"


In the CUPS error log, I get this annoying encryption error, which no else appears to have had, according to the usual search engines:

d [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient(lis=0x7fc585200470(13)) Clients=0
D [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient: 20 from 10.159.40.174:631 (IPv4)
d [04/Jan/2012:21:47:41 -0500] cupsdAddSelect(fd=20, read_cb=0x102d74b81, write_cb=0x0, data=0x7fc584034400)
d [04/Jan/2012:21:47:41 -0500] cupsdReadClient(con=0x7fc584034400(20)) con->http.error=0 con->http.used=0, con->http.state=0 con->data_encoding=HTTP_ENCODE_LENGTH, con->data_remaining=0, con->file=-1
d [04/Jan/2012:21:47:41 -0500] cupsdReadClient: Saw first byte 02, auto-negotiating SSL/TLS session...
d [04/Jan/2012:21:47:41 -0500] encrypt_client(con=0x7fc584034400(20))
D [04/Jan/2012:21:47:41 -0500] get_cdsa_certificate: Looking for certs for "elemprtsrv01.example.com"...
E [04/Jan/2012:21:47:51 -0500] Unable to encrypt connection from 10.159.40.174 - unknown error -1=ffffffffffffffff (-1)
D [04/Jan/2012:21:47:51 -0500] cupsdCloseClient: 20
D [04/Jan/2012:21:47:51 -0500] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
d [04/Jan/2012:21:47:51 -0500] cupsdRemoveSelect(fd=20)
d [04/Jan/2012:21:47:51 -0500] cupsdCheckJobs: 0 active jobs, sleeping=0, reload=0


OK, so here's the annoying bit: if I manually configure the queue on a Snow Leopard (or higher) client by going into System Preferences, adding an IP printer with IPP protocol (elemprtsrv01.example.com, queue name /printers/SCD234Q) then it works. With Leopard or Tiger, the PPD doesn't load from the server, and the generic PPD is substituted automatically.

If I manually add "ServerName elemprtsrv01.example.com" to /etc/cups/client.conf on the client machine, then it shows all the server queues and magically works too - even on Leopard and Tiger.

The problem is that I DON'T want to have all the server queues appearing on every workstation, since it'll cause mahem when the students discover all the queues and print to other schools for kicks. WAB was supposed to solve that for me by advertising only the queues that were meant to be accessed by that subnet (they'd all be there on the server, but only a real techie would know how to access them, since they weren't advertised).

Why don't the WAB queues work? Why do I get an encryption error with them?

How do I get the server's PPD to download automatically to the client? (this is especially useful for printers with customized PPDs set up with the proper settings for that printer...and for the Xerox copiers that are using accounting codes present in the server's PPD)

Any help would be very much appreciated!




More information about the cups mailing list