======Install CUPS======
This page shows how to setup a print server on a CentOS 6.4 64-bit machine.

=====Prerequisites=====
You must have a CentOS machine already set up in accordance with the the [[linux:install_centos6|Install CentOS 6]] guide.
=====Install SAMBA=====
You must first follow [[Install_SAMBA| these steps]] to install SAMBA.

This is a copy of our working print server 'printer' /etc/samba/smb.conf file.
<code>[global]
        unix charset = UTF-8
        dos charset = CP932
        workgroup = EXAMPLE-DOMAIN
        netbios name = PRINTER
        server string = Samba Server Version %v
        interfaces = lo eth0 172.16.0.0/24
        hosts allow = hosts allow = 127. 172.16.
        log file = /var/log/samba/log.%m
        max log size = 50
        security = share
        passdb backend = tdbsam
        load printers = yes
        cups options = raw

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = yes
        writable = no
        printable = yes</code>

=====Generate SSL Certificate=====
<code>su -
cd /etc/pki/tls/certs

openssl genrsa -out server.key 2048
openssl req -new -x509 -days 1825 -key server.key -out server.crt -subj "/C=GB/ST=County/L=City/O=Company/OU=IT/CN=`hostname -s`"
chmod 400 server*</code>

=====Install CUPS=====
<code>yum -y install cups  cups-libs</code>

=====Edit CUPS=====
<code>su -
vi /etc/cups/cupsd.conf</code>

Line 18
<code>Listen localhost:631</code>
to
<code>Listen 631</code>

From line 31
<code>
# Restrict access to the server...
<Location />
  Order allow,deny
  Allow 172.16.0.0/16
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow 172.16.0.0/16
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow 172.16.0.0/16
</Location></code>

Add to the end of the file
<code>ServerCertificate /etc/pki/tls/certs/server.crt
ServerKey /etc/pki/tls/certs/server.key</code>

Here is a copy of our working /etc/cups/cupsd.conf file
<code>MaxLogSize 0
#
# "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $"
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Administrator user group...
SystemGroup sys root


# Only listen for connections from the local machine.
Listen 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow 172.16.0.0/16
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow 172.16.0.0/16
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow 172.16.0.0/16
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow 172.16.0.0/16
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI>
    AuthType Default
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

#
# End of "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $".
#
ServerCertificate /etc/pki/tls/certs/server.crt
ServerKey /etc/pki/tls/certs/server.key</code>

=====Open Firewall=====
<code>iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
service iptables save
service iptables restart</code>

=====Start CUPS=====
<code>su -
chkconfig cups on
service cups start</code>
https://server:631/admin

=====Add CUPS Printer=====
This is just random stuff we have as notes for adding CUPS printers.
<code>cupsctl --share-printers
cupsctl --share-printers --remote-any
cupsctl BrowseRemoteProtocols=cups
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT service iptables save service iptables restart</code>