[cups.general] CUPS queues don't work with Wide Area Bonjour...help!

Michael Sweet msweet at apple.com
Wed Jan 4 22:53:02 PST 2012


Julian,

The issue you are having is caused by problems in the Mac OS X SSL support - temporarily at least you can turn off authentication for remote addresses to allow printing to work.


On Jan 4, 2012, at 10:17 PM, Julian Daniel wrote:

> I'm completely flummoxed!
> 
> My school board is installing new switches in all our schools, and moving from a single flat VLAN to multiple - one for printers, one for server, one for client workstations. Printing queues advertised with Bonjour worked fine on the old network, but multiple VLANs breaks all that since Bonjour is in the unrouteable multicast range (which makes sense, since it's not meant to work outside of the local network). I have old Tiger servers at the schools, running on hardware that doesn't do VLANs (old G4 towers), so advertising queues with Bonjour using the school server can't get me by.
> 
> I've set up BIND (DNS) to show my CUPS IPP print queues from a central Lion workstation (elemprtsrv01.example.com) in the school's subnet (10.159.40.0/22; academic-wrd.scd.example.com) as follows (my domain substituted with example.com for anonymity) - the relevant section snipped from the rest of the zone file:
> 
> 
> $ORIGIN academic-wrd.scd.example.com.
> ;
> ; Wide Area Bonjour Browsing
> ;
> b._dns-sd._udp                    IN PTR          @
> lb._dns-sd._udp                    IN PTR          @
> db._dns-sd._udp                    IN PTR          @
> ;
> ; Wide Area Bonjour Printing
> ;
> SCD-234-Q._printer._tcp          IN          SRV          0          0  631          elemprtsrv01.example.com.
> ;
> _printer._tcp                                         IN PTR          SCD-234-Q._printer._tcp
> _cups._sub._ipp._tcp                     IN PTR          SCD-234-Q._printer._tcp
> _ipp._tcp                                                   IN PTR          SCD-234-Q._printer._tcp
> _universal._sub._ipp._tcp           IN PTR          SCD-234-Q._printer._tcp
> ;
> SCD-234-Q._printer._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=printers/SCD234Q" "note=2nd Floor Workroom" "ty=Xerox WorkCentre 5755, EXAMPLE Student 2.2" "product=(EXAMPLE-22STUD-XeroxWC5775)" "printer-state=3" "printer-type=0x80B0F6" "Transparent=T" "Binary=T" "Fax=F" "Punch=T" "Bind=F" "Sort=T" "Scan=F" "Duplex=T" "Staple=T" "Copies=T" "Collate=T" "Color=F" "pdl=application/pdf,application/postscript,application/octet-stream,image/jpeg ,image/png" )
> 
> 
> The relevant section of the /etc/cupsd.conf file on elemprtsrv01 (10.100.1.73) looks like this:
> 
> 
> ServerAlias elemprtsrv01.example.com
> ServerAlias printerserver.academic-wrd.scd.example.com
> MaxLogSize 20m
> MaxCopies 100
> LogLevel debug2
> SystemGroup admin
> SystemGroupAuthKey system.print.admin
> # Allow remote access
> #Port 631
> Listen 10.100.1.73:631
> Listen 127.0.0.1:631
> Browsing On
> BrowseOrder deny,allow
> BrowseRemoteProtocols cups
> BrowseLocalProtocols cups dnssd
> DefaultEncryption Never
> DefaultAuthType Basic
> WebInterface Yes
> BrowseWebIF No
> MaxClients 1000
> RootCertDuration 300
> <Location />
>  # Allow remote access...
>  Order deny,allow
>  Allow all
>  AuthType None
> </Location>
> <Location /rss>
>  Order deny,allow
>  Allow all
> </Location>
> <Location /printers>
>  Order deny,allow
>  Allow all
>  AuthType None
>  Encryption Never
> </Location>
> <Location /jobs>
>  Order deny,allow
>  Allow all
>  AuthType None
>  Encryption Never
> </Location>
> 
> If I use Bonjour Browser on the print server network and on the school's academic-wrd.scd.example.com subnet, I see identical info to that provided by my DNS records - in other words, Wide Area Bonjour (WAB) appears to be working and providing the necessary details.
> 
> When I try to add a printer on a school workstation, the WAB printer appears...though the PPD ("(EXAMPLE-22STUD-XeroxWC5775)" should match SCD234Q.ppd from the server queue) doesn't get imported from the server and I get a Generic Printer Description instead. When I try to print on the client, I see promising notes about connecting to the print server, but then it always pauses the queue. Here's the relevant section from /etc/cups/ppd/SCD234Q.ppd:
> 
> 
> *Manufacturer: "Xerox"
> *ModelName: "Xerox WorkCentre 5775"
> *ShortNickName: "Xerox WorkCentre 5775"
> *NickName: "Xerox WorkCentre 5755, EXAMPLE Student 2.2"
> *PCFileName: "XRWC5775EXAMPLESTUD22.PPD"
> *Product: "(EXAMPLE-22STUD-XeroxWC5775)"
> *PSVersion: "(3010.106) 3000"
> 
> 
> In the CUPS error log, I get this annoying encryption error, which no else appears to have had, according to the usual search engines:
> 
> d [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient(lis=0x7fc585200470(13)) Clients=0
> D [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient: 20 from 10.159.40.174:631 (IPv4)
> d [04/Jan/2012:21:47:41 -0500] cupsdAddSelect(fd=20, read_cb=0x102d74b81, write_cb=0x0, data=0x7fc584034400)
> d [04/Jan/2012:21:47:41 -0500] cupsdReadClient(con=0x7fc584034400(20)) con->http.error=0 con->http.used=0, con->http.state=0 con->data_encoding=HTTP_ENCODE_LENGTH, con->data_remaining=0, con->file=-1
> d [04/Jan/2012:21:47:41 -0500] cupsdReadClient: Saw first byte 02, auto-negotiating SSL/TLS session...
> d [04/Jan/2012:21:47:41 -0500] encrypt_client(con=0x7fc584034400(20))
> D [04/Jan/2012:21:47:41 -0500] get_cdsa_certificate: Looking for certs for "elemprtsrv01.example.com"...
> E [04/Jan/2012:21:47:51 -0500] Unable to encrypt connection from 10.159.40.174 - unknown error -1=ffffffffffffffff (-1)
> D [04/Jan/2012:21:47:51 -0500] cupsdCloseClient: 20
> D [04/Jan/2012:21:47:51 -0500] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
> d [04/Jan/2012:21:47:51 -0500] cupsdRemoveSelect(fd=20)
> d [04/Jan/2012:21:47:51 -0500] cupsdCheckJobs: 0 active jobs, sleeping=0, reload=0
> 
> 
> OK, so here's the annoying bit: if I manually configure the queue on a Snow Leopard (or higher) client by going into System Preferences, adding an IP printer with IPP protocol (elemprtsrv01.example.com, queue name /printers/SCD234Q) then it works. With Leopard or Tiger, the PPD doesn't load from the server, and the generic PPD is substituted automatically.
> 
> If I manually add "ServerName elemprtsrv01.example.com" to /etc/cups/client.conf on the client machine, then it shows all the server queues and magically works too - even on Leopard and Tiger.
> 
> The problem is that I DON'T want to have all the server queues appearing on every workstation, since it'll cause mahem when the students discover all the queues and print to other schools for kicks. WAB was supposed to solve that for me by advertising only the queues that were meant to be accessed by that subnet (they'd all be there on the server, but only a real techie would know how to access them, since they weren't advertised).
> 
> Why don't the WAB queues work? Why do I get an encryption error with them?
> 
> How do I get the server's PPD to download automatically to the client? (this is especially useful for printers with customized PPDs set up with the proper settings for that printer...and for the Xerox copiers that are using accounting codes present in the server's PPD)
> 
> Any help would be very much appreciated!
> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair





More information about the cups mailing list