Single Sign-On and the Corporate Directory, Part IV
One of the great things about CUPS is that the default settings for it allow it to discover other CUPS servers and the printers served by them. That means for Linux and OS X clients to use your new server, it's as easy as starting cupsd, waiting about 30 seconds, and you're off and running. Luckily, it's not much harder to get Windows clients up and running either, using Samba. Following are the required changes to the smb.conf file:
[global] ... load printers = Yes printing = cups printcap = cups printer admin = root [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = no read only = yes write list = root
The parameters in the global section enable CUPS printing support. The printers section makes all the printers listed in the printcap file automatically available to Windows clients. The print$ section turns on automatic driver download, or Point 'n' Print, for Windows clients. What this means is that Windows clients won't be required to install print drivers for each printer they install. When they initially connect to the printer, clients will download and install a set of generic CUPS print drivers, removing the need for the user or the administrator to worry about Windows print drivers. Save your changes and restart Samba.
Before Point 'n' Print is a reality, there are still a few more things to do. First, you should download the most recent stable CUPS drivers, version 1.1.16 as of this writing, from the Easy Software Products FTP server to your CUPS/Samba server. Untar the bundle and run the install script, cups-samba.install. If the installer puts the cups.hlp file in /usr/share/drivers, move it into /usr/share/cups/drivers with the rest of the drivers. Next, make sure the print driver share directory, /etc/samba/drivers, exists. Finally, you need to add the drivers to the Samba share. If you've removed the root Samba user out of LDAP, you'll need to re-add it for these next two steps, as you need to be a uid 0 user. Refer to Part III of this series [February 2006] if you're not sure how to do this:
# smbclient //localhost/print\$ -Uroot -c 'mkdir ↪W32X86; put /etc/cups/ppd/pr-laser.ppd ↪W32X86/pr-laser.ppd; put ↪/usr/share/cups/drivers/cupsdrvr.dll ↪W32X86/cupsdrvr.dll; put ↪/usr/share/cups/drivers/cupsui.dll ↪W32X86/cupsui.dll; put ↪/usr/share/cups/drivers/cups.hlp ↪W32X86/cups.hlp' # rpcclient localhost -Uroot -c 'adddriver ↪"Windows NT x86" "pr-laser:cupsdrvr.dll ↪:pr-laser.ppd:cupsui.dll:cups.hlp:NULL:RAW:NULL"'
These two commands refer specifically to the printer we added to LDAP above, pr-laser. You need to run these two commands for each printer served by your CUPS server that you want Windows clients to access. Adding these commands to the printer creation script might be a good idea if you have many printers.
Now, if you browse to your Samba/CUPS server from a Windows client, you'll see a Printers and Faxes share. If you choose that share, you'll see all the printers served via CUPS. If you right-click on a printer and choose Connect..., it automatically downloads and installs the drivers and connects to the printer, making it available to print from that client. That's it!
Up until now, LDAP administration has been done by hand-editing LDIF files and using the command-line OpenLDAP tools. Craig Swanson and Matt Lung give some excellent pointers in their “OpenLDAP Everywhere Revisited” article (see Resources) to some GUI utilities for managing LDAP, but they overlooked one that I think needs mentioning, GQ. Although GQ is not in active development, the 1.0 beta1 version has proved to be stable and extremely useful. If GQ keeps segfaulting, though, you probably need to apply a patch to util.c (see Resources). One of the great things about GQ is its support of SASL authentication. This allows us to make modifications to LDAP using the GUI. In addition, I've found that browsing the schema has shown me object classes and attributes I probably would never have found otherwise.
If you've been a sysadmin for more than five minutes, you know the power of scripting common tasks. LDAP administration can be rather wordy, so being able to script those common tasks is invaluable. Both Perl and Python have very powerful LDAP modules. You've already been introduced to the Perl interface from last month's article's smb-create-password.pl and smb-new-machine.pl, but Python's LDAP modules are just as useful. Perl also has interfaces for Kerberos and SASL. Instead of going into an API description of each of these modules, I'm going to show you how to use them while also showing you new and different ways to use LDAP and Kerberos.
Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report
August 27, 2015
12:00 PM CDT
DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.
Free to Linux Journal readers.Register Now!
- Hacking a Safe with Bash
- Django Models and Migrations
- Secure Server Deployments in Hostile Territory, Part II
- Huge Package Overhaul for Debian and Ubuntu
- Home Automation with Raspberry Pi
- The Controversy Behind Canonical's Intellectual Property Policy
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- KDE Reveals Plasma Mobile
- diff -u: What's New in Kernel Development