Home Forums OS X Server and Client Discussion Active Directory SMB print with Kerberos

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • January 24, 2012 at 11:15 pm #381566
    Confusion
    Participant

    Hi there, I am deploying a printer Via MCX which works fine. however the machines are using an LDAP kerberos authentication setup. If i manually set kerberos on the machine using the following steps it works fine.
    [CODE]
    Open “http://localhost:631/printers” in Safari.
    For each printer you wish to share using Kerberos:
    Click the printer name in the list.
    Choose “Set Default Options” from the “Administration” pop-up menu.
    Click “Policies”.
    Choose “Kerberos” from the “Operation Policy:” pop-up menu.
    Click “Set Default Options”.[/CODE]

    The problem i have is I can’t do this on each machine manually.
    This setting is not held in the PPD for that printer. I have set the option, copied the PPD from /etc/cups/ppd and then created a new printer using this PPD but the option is not enabled.

    I can see that when you enable this option it is writing to and then deleting the following files
    /var/spool/cups/cache/printername.png
    /var/spool/cups/cache/printername.data.N
    /var/spool/cups/cache/printername.png-psHg
    /var/spool/cups/cache/printername.data

    I am sure this is what is setting the option but i can’t see anything in lpadmin or lpoptions that would allow this to be set via the command line.

    Any Ideas?

    January 25, 2012 at 4:11 pm #381569
    raulcuza
    Participant

    Have you tried using cupsctl? [url]http://www.cups.org/documentation.php/kerberos.html[/url]

    This changes DefaultAuthType in /etc/cups/cupsd.conf, but it still doesn’t allow Kerberos based printing.

    I am going to use opensnoop while following your steps to see what gets changed.

    January 25, 2012 at 8:44 pm #381571
    raulcuza
    Participant

    I followed the steps that were laid out above and I still got an authentication window despite having a valid kerberos ticket.

    Did you do anything else custom to get it to work? Are you using Windows AD as the KDC or your own LDAP?

    January 27, 2012 at 1:53 am #381576
    Confusion
    Participant

    The machines are bound to AD and our own ldap
    They are using ldap as authentication so that NFS homes will work.
    Due to this smb printing will not work by default and needs that Kerberos option enabled.

    I found a whitepaper from apple that has the following
    lpadmin -p printername -o auth-info-required=negotiate

    however it is not enabling the option either.

    January 27, 2012 at 4:09 am #381578
    Confusion
    Participant

    okay it looks as though the command that i said DOES in fact set kerberos even though it does not show it through the cups page.
    I have confirmed printing is working and is authenticating correctly.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.