Home Forums OS X Server and Client Discussion Active Directory Printing to Windows 2003 Server printer keeps asking for credentials

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 13, 2008 at 5:00 am #372672
    cashxx
    Participant

    Hi,

    I am running 10.5.2 with all available updates and to my understanding it has CUPS 1.3.6 installed going by the CUPS local webpage (127.0.0.1:631). On our network I add a printer that is hosted by a WIndows 2003 server and when trying to print to it I am asked to authenticate again.

    From looking around the net I understand that Windows KDC is trying to send a ticket larger than 2k and cups can’t handle that. To my understanding this was fixed in 1.3.4 version of CUPS. As I said above it looks like 10.5.2 is running CUPS 1.3.6 so why am I still being asked for credentials?

    I have Kerberos enabled for CUPS and the cupsd.conf file shows the DefaultAuthType Negotiate now.

    I have also tried adding AuthType Default to the Send Document section but still no luck.

    Anyone have any clues how I can fix this so it just uses Kerberos and stops asking for authentication?

    Thanks,

    Dan

    May 13, 2008 at 5:14 am #372673
    larkost
    Participant

    Have you actually tried getting a Kerberos ticket to make sure that you are setup correctly? Kerberos requires that you be setup for the KDC domain. Have you also paid attention to the CUPS documentation saying that only IPP connections can use Kerberos at this point?

    May 13, 2008 at 5:26 am #372674
    cashxx
    Participant

    Ahhhh…..maybe that is the problem then…..I missed that little piece of the puzzle about IPP connections can only use Kerberos at this point.

    But yea when I login I get a ticket from AD and stuff so that seems to be working ok. I’m just trying to add a printer shared by Windows 2003 that shows up under the Default browse section which it won’t use IPP so that looks like the issue then. I didn’t see that. Hmmmm well that kinda sucks I wonder when that will get fully implemented!

    Thanks,

    Dan

    July 30, 2008 at 3:57 pm #373570
    oranki
    Participant

    AFAIK it should work so that client uses the ‘negotiate’ protocol against CUPS which in turn delegates the credentials to the appropriate spooler backend (smbspool). This doesn’t work in Win2003 R2 and later due to some issues regarding ticket sizes, or so I recall reading somewhere, dunno if it works at all.

    Anyway, try this: [url]https://www.afp548.com/forum/viewtopic.php?showtopic=21668[/url]

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.