This page shows how to setup a print server on a CentOS 6.4 64-bit machine.
You must have a CentOS machine already set up in accordance with the the Install CentOS 6 guide.
You must first follow these steps to install SAMBA.
This is a copy of our working print server 'printer' /etc/samba/smb.conf file.
[global]
unix charset = UTF-8
dos charset = CP932
workgroup = EXAMPLE-DOMAIN
netbios name = PRINTER
server string = Samba Server Version %v
interfaces = lo eth0 172.16.0.0/24
hosts allow = hosts allow = 127. 172.16.
log file = /var/log/samba/log.%m
max log size = 50
security = share
passdb backend = tdbsam
load printers = yes
cups options = raw
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes
su - cd /etc/pki/tls/certs openssl genrsa -out server.key 2048 openssl req -new -x509 -days 1825 -key server.key -out server.crt -subj "/C=GB/ST=County/L=City/O=Company/OU=IT/CN=`hostname -s`" chmod 400 server*
yum -y install cups cups-libs
su - vi /etc/cups/cupsd.conf
Line 18
Listen localhost:631
to
Listen 631
From line 31
# Restrict access to the server... <Location /> Order allow,deny Allow 172.16.0.0/16 </Location> # Restrict access to the admin pages... <Location /admin> Order allow,deny Allow 172.16.0.0/16 </Location> # Restrict access to configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny Allow 172.16.0.0/16 </Location>
Add to the end of the file
ServerCertificate /etc/pki/tls/certs/server.crt ServerKey /etc/pki/tls/certs/server.key
Here is a copy of our working /etc/cups/cupsd.conf file
MaxLogSize 0
#
# "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $"
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
# Administrator user group...
SystemGroup sys root
# Only listen for connections from the local machine.
Listen 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Restrict access to the server...
<Location />
Order allow,deny
Allow 172.16.0.0/16
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow 172.16.0.0/16
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.16.0.0/16
</Location>
# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
Allow 172.16.0.0/16
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
#
# End of "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $".
#
ServerCertificate /etc/pki/tls/certs/server.crt
ServerKey /etc/pki/tls/certs/server.key
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT service iptables save service iptables restart
su - chkconfig cups on service cups start
This is just random stuff we have as notes for adding CUPS printers.
cupsctl --share-printers cupsctl --share-printers --remote-any cupsctl BrowseRemoteProtocols=cups iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT service iptables save service iptables restart