CTS 2301 (Unix/Linux Administration I) Project #8
Configuring Print Services

Setting up and maintaining a print service is a major task of a system administrator.  In some large organizations a full time printing administrator plans, configures, monitors, maintains, and troubleshoots the printing service, not to mention adding paper and toner when needed.  For background information on printing services see How Printing Works.  In this project you will set up your server to use the Windows networked printer located in the classroom as your server's default printer.

You will configure the CUPS print system on your server.  The default print system for some (older) Unix/Linux systems is LPR, LPRng, or SysV, and not CUPS (common Unix print system).  However, CUPS is the default on more modern Linux and Unix systems so that is the system you need to know.  A good source for documentation is www.cups.org.

In order to configure CUPS you will need to make sure the LPRng print system daemon (lpd) is configured not to start automatically in any run-level.  In addition the various print system commands (such as lpr) have two versions, lpr.LPRng and lpr.cups.  The commands such as lpr are really symlinks on Fedora, to one set of commands or the other.  By default on your system the links may refer to the LPRng set of commands rather than the CUPS versions.  If so this must be changed so that the various user and administrator commands refer to the CUPS versions.  Finally the CUPS print server cupsd must be set to start automatically in the standard run-levels, and must be manually turned on now (if not already running) in order to configure any printers.

To complete your printer setup you will need to gather information about the actual printer to be used, and any networking configuration information.

Printing should work using either the lpr command, a Printer icon on the desktop, or a print... menu choice from some GUI application.  The default printer name historically (that is, for lp and lpr systems) is lp, so you can name your printer that.  However you can have several names (aliases) for each printer, by modifying the printer configuration file (/etc/printcap for LPR, /etc/cups/* for CUPS) directly.  (The current version of CUPS doesn't allow this functionality from the GUI tool yet, but there are command line tools you can use, or other GUI tools.)  In CUPS, printer names are not case-sensitive, and can contain any characters except white-space.

Beside the GUI interface (and the Red Hat GUI printtool), the CUPS print system can be configured through a number of command line utilities.  Printers, classes, and servers can be managed with lpadmin.  (Note the older LPRng command lpc doesn't do much with CUPS, but is provided wil limited functionality.)  System default options for printers can be set using lpadmin and lpoptions.  Note that regular users can also use lpoptions, to set their own options that over-ride the system defaults.  Finally printing can be configured by directly editing the configuration files, /etc/printcap (the configured printers database) and the CUPS configuration files in /etc/cups/*.  It is not recommended to edit these files directly, especially /etc/printcap, as these files are re-written when the various administration utilities are used.

This project can only be completed at HCC.  Although some time may be provided in class to work on this project, it is likely you will need to schedule extra time outside of class to come to HCC and complete the printing setup.  (Do not try to print anything when the class is working on something else!)

Many print servers use TCP, so your default firewall setup will work fine for that (allowing any outgoing TCP connection, and allowing the replies for open connections.)  However Windows print service may rely on some UDP services too, so to talk with a Windows print server you may have to open additional firewall holes.

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp -​-dport 445 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp -​-dport 445 -j ACCEPT

/etc/init.d/iptables restart

iptables -L -v -​-line-numbers

/etc/init.d/iptables stop

Using the standard CUPS GUI administration tool,b the information in your textbook, and the\ configuration information provided below, create a default printer setup for your computer that will print to the HP laser printer in our classroom.  That printer is attached to a Windows server.  You may need to use the SMB protocol (also known as CIFS) to connect to the Windows server.  In order to connect to the Windows server and use the printer, you will need to provide your HCC network username and password.  However this printer is networked, so we will bypass the Windows server and send print jobs to the printer directly.  Nonetheless, you will do some of the steps needed to setup for a Windows-attached printer, for the learning experience.

Answer all of the following questions, and perform the following tasks:

1. Check which, if any, print system is running on your system now.  Run the ps -ef.  Is either cupsd or lpd running now?  If lpd is running you must stop it.  Exactly what command did you use to stop this service?
2. In which run-levels (if any) are lpd and CUPS services configured to start automatically?  Use the chkconfig command to find out.
3. If necessary, update the configuration of CUPS to start automatically in all standard run-levels.  Use chkconfig to do this.  In which run-levels is CUPS now configured to start?
4. If your system is configured to run a different print system such as LPRng you must turn that off and switch to using CUPS.
   Show/Hide LPR-to-CUPS directions (+/-)
   1. The standard command line printing utilities such as /usr/bin/lpr and others are actually symlinks (or symbolic links or soft links).  The reason is that there are often two versions of these commands, one set for the LPRng print system and one for the CUPS print system.  To facilitate the switching from one system to another Red Hat (including Fedora) has adopted the alternatives system.  For example the lpr symlink points to another symlink, /etc/alternatives/print, which in turn points to either /usr/bin/lpr.LPRng or to /usr/bin/lpr.cups.  What is the ultimate command (e.g., non-symlink) executed on your system now for the /usr/bin/lpr command?
   2. If needed you must switch the links from LPRng to CUPS.  To switch all the printing related symlinks at once you should use the alternatives --config print command.  Here's a sample session:
      

      [root@YborStudent root]# cd /etc/alternatives
      [root@YborStudent alternatives]# ls -l print
      lrwxrwxrwx    1 root     root           17 Apr 10  2003 print -> /usr/bin/lpr.LPRng
      [root@YborStudent alternatives]# alternatives --config print
      
      There are 2 programs which provide 'print'.
      
       Selection    Command
      -----------------------------------------------
        1           /usr/bin/lpr.cups
      *+ 2           /usr/bin/lpr.LPRng
      
      Enter to keep the default[*], or type selection number: 1
      [root@YborStudent alternatives]# ls -l print
      lrwxrwxrwx    1 root     root           17 Nov  6 19:09 print -> /usr/bin/lpr.cups
      [root@YborStudent alternatives]# 
      

5. Next you must determine how you will connect to the printer.  In real life this can be a direct connection (e.g., using a cable from the printer directly to a parallel port on your host, usually /dev/lp0), or by forwarding the print job to another print server that manages the printer (this may be a Windows/SMB/CIFS print service, a CUPS service, or something else).

   In some cases the printer contains its own internal printer server; this is called a networked printer.  Many Hewlett-Packard (HP) models contain a print server known as a Jet Direct card.  CUPS can control local printers and talk to remote print servers to forward print jobs, but it will need the correct driver to talk to that printer.  CUPS calls these drivers back-ends.  You need to determine how your host will communicate to the printer or remote print server, and make certain the correct back-end is installed.

   Fortunately for you the current version of CUPS pre-installs many commonly used back-ends for you.  However you still need to know which back-end to use.

   Show/Hide SMB back-end setup directions (+/-)

   In order for CUPS to be able to use Samba's SMB to communicate with Windows servers, you must verify the smb backend for CUPS is installed.  Run the command ls /usr/lib/cups/backend.  Which backends is your version of CUPS configured to use?  If smb is not listed you must add it by running the following commands:

   which smbspool  # This command verifies you have samba installed on
                   # your system.  If this doesn't locate the file you
                   # must install the samba packages before proceeding.
   ln -s `which smbspool` /usr/lib/cups/backend/smb
   

6. Your system is now set to use CUPS the next time you boot.  But before you can proceed to configure and use printing you must turn on CUPS print service now, which can be done without rebooting.  What command did you use?  Run the ps -ef again.  Is CUPS running?  (Look for the actual command of cupsd.)  Examine the system log with the command tail -50 /var/log/messages.  What messages (if any) appear related to printing?

In the past this printer was managed by a Windows print server called dmtec2.  In January 2007 the printer in DTEC-461 was moved to a new subnet (i.e., network LAN).  While in theory it is still possible to connect via Samba and the dmtec2 Windows print server, in practice the firewall between dmtec2 and our classroom LAN seems to prevent such access from our classroom.  Fortunately it is possible to connect directly to the printer.

But how to connect?  It would depend on the type of print server installed in that printer (if any) and it's configuration.  It is useful to know how to figure out this sort of information, as this type of situation occurs more frequently then you might suspect.

7. Make a visual inspection of the printer in the classroom .

   A physical examination of this printer should tell you:

   • It is an newer HP LaserJet model P4015tn.
   • It has an Ethernet cable sticking out the back, rather than a serial, USB, or other direct connect cable.  (This implies this is a networked printer, but that is not guaranteed.)
   • The front panel shows PCL, so this printer supports PCL.  (A PostScript printer would be the default guess, especially if the LCD display shows PostScript or PS.  Even if nothing showed you can guess PostScript first and if that doesn't work try PCL next.)
   • There are some buttons on the front panel.  It is likely that one of them will cause the printer to print a page with useful information.  Reading the manual for this model printer tells us you can do this by printing a Configuration page (which will include the printer's IP address).  At the product control panel, press Menu, Then press the down-arrow to highlight INFORMATION and then press OK.  Press the down-arrow to highlight PRINT CONFIGURATION and then press OK.
8. Print a configuration page using the above method.  Examine this page to determine:
   • What (if any) is the IP address of this printer?
   • Does this printer support PostScript?
   • How many pages have been printed on this printer?
9. To start with we only know the IP address of this printer.  The first step should be to verify that IP address (that is, verify you can access the printer from your host), and to see which network ports are accepting connections.  The port numbers of open ports will indicate which type of print server (if any) is available on this printer.

   After turning on the printer run nmap Printer's IP address.  (You may have to install nmap first.  An easy way would be yum install nmap.)  What port(s) are open on the printer?

10. Next you must determine what type of print server is available, by looking up the port number(s) to see which service(s) they represent.  This can be done with grep for the port numbers on the file /etc/services.  You can also Google for information with a query similar to port number 12345.  What type of print servers are available (if any) on this printer?
11. This information is needed to pick the appropriate backend when configuring CUPS: LPR, LPRng, CUPS (which uses IPP), SMB (CIFS), Netware print service, JetDirect, etc.  If more than one protocol is supported you need to choose one supported by CUPS.  Which backend will you use for this printer?

Now configure the printer and print a test page.  (See the Troubleshooting Hints below if you have a problem.)

12. To start the CUPS GUI configuration utility, launch a web browser (such as Firfox, Opera, or Konqueror).  Enter the URL http://localhost:631/.  Do not use the Red Hat printer configuration tools.  What version of CUPS is installed?  (HINT:  Click the Help button for on-line documentation.)
13. In the screen that first appears, click Printers to view the screen that shows your configured printers.  This should show No printers for now, but below that is an Add Printer Button.
14. Click on the Add Printer button to begin a wizard to add a printer.  Note you will need to provide the root password for your system to configure printing.
15. First you will be guided to enter a printer name, location, and description.  (Use the information provided below when entering this information.)
16. On another screen you will choose the Device for your printer:  a serial port, a parallel (printer) port, an LPR networked connection, a USB port, etc.  Scroll through the list that appears and you should see a choice for the type of print server controlling the printer.  (If it doesn't appear on your system, make sure networking is up and running!)
17. Another screen asks for the URI (similar to a URL).  For example, with SMB this URI should be of the form: smb://username:password@domain/server/share where the username and password are your valid HCC network user ID and password.  The remaining parts of the URI can be found in the table provided below.  For a JetDirect print server at IP address 1.2.3.4 the correct back-end is called AppSocket/HP JectDirect, and the correct URI is socket://1.2.3.4 or socket://1.2.3.4:9100.  What URI did you use?
18. On the last screens enter the make and model of the printer.  That will select the appropriate PPD file to use, if the printer is supported by the default set of PPD files that ship with the Fedora version of CUPS.  (Fortunately HCC has replaced the old printer with the one you see in the classroom.)  Which PPD files (print drivers) shown on the list would consider as possible PPDs to use for the current classroom printer?
19. Previously we had an ancient LasterJet III Si.  Some work with Google and the HP website tells us this is a long discontinued printer.  In fact CUPS doesn't include a PPD (driver) for it anymore.  Worse, the only PPD drivers for this printer that are readily available appear to be commercial (not for free).

    If you try to use a printer unsupported with the current version of CUPS, you can find an old installation of CUPS you may be able to copy the PPD file needed.  (You can try to find a free one on the Internet using Google; maybe you'll have more luck than I did!)  If no exact matching PPD file is available you need to use the nearest match.  Which PPD files (print drivers) show on the list that you would consider as possible PPDs to use for a LaserJet III Si printer?  (Don't forget to consider the non-HP generic PPD files available.)

    Of course the real answer is not to use a 12+ year old printer, or to pay for the correct PPD, or to write (or hire a consultant to write) a custom PPD.  If no models listed seem a reasonable choice, choose a generic PostScript printer.

20. When finished with the CUPS setup, try to print a test page from CUPS.  (Make sure no one else is using the printer when you try this!)  If this fails to work completely, modify the printer by choosing a different PPD file.  Which PPD file did you ultimately use?  (Please recycle any extra used paper!)
21. Log in with your regular user (non-root) account.  (Remember you can simply switch to a virtual console for this!)  Use the lpr to print a copy of your system's /etc/passwd.  You can use the pr command to format the printing of the /etc/passwd file, including a page header with the date and your name in it.  You can either pipe the output of pr into lpr, or use special lpr options to set a header.  See the lpr and pr man pages for details.

The last step is to determine a maintenance schedule, and to order the correct supplies (replacement parts for the printer elements that wear out after a certain number of pages have been printed, toner, cleaning supplies, etc.) in a timely fashion.

22. Find the user manual for this printer.  If you can't locate one, you will need to use on-line information found with Google.  (If you can't find the data for some old printer, you should locate data for a similar model and use that.)  What Google search term(s) did you use?

    After trying to locate the information you may come to the Hewlett-Packard support site for this printer.  You should be able to find manuals describing the use and setup of the printer, and maintenance information.

23. What element(s) of this printer may need to be replaced?  How many pages can be printed before those element(s) need to be replaced?  (Assume you can't replace the whole printer. :-)
24. Next determine when you need to replace those elements.  You can assume the printer was purchased new in 2008.  Given the age of the printer and the current page count, and the number of pages until the element(s) need to be replaced, estimate how many months before the printer is due for such replacement service.  (Assume the printer had correct service in the past.)
25. Now go back to Google and determine where the replacement element(s) can be obtained and what they will cost.  Where can you obtain printer parts and supplies (such as toner) for this printer?  (You only need to list one source, but a better procedure is to fine three or more reliable sources and compare prices and services.)

A printout of the CUPS test page (PostScript), a printout of your /etc/passwd file, and a printout of your system journal entries describing in detail the printing setup on your system and the answers to the questions above.  Make sure your name is clearly printed at the top of each page and remember to staple all the pages together.

You can submit project questions to .  Please see your syllabus for more information about submitting projects.

Make sure no one else is printing a test page at the same time you are, since there is no way to tell whose setup worked and whose didn't when only one page prints!

If you need to use the SMB protocol, you will not need to start the Samba daemon.  The Samba server is used to make your Linux system appear in the Network Neighborhood of other computers, as if it were another Windows server.  You don't need the server on the local system to be running to use SMB or the Samba client tools to print to a Windows server.  (You only would need this if you wanted to offer print services to Windows users.)

Be careful when entering in the information, it is easy to make a typo when entering the URIs.  Some common problems include: Using the wrong type of slash (use forward slashes (/) not backslashes).  Some problems that occur if using SMB include using a Windows account that was never activated (or that has been deactivated), using the wrong Windows password, using a Windows password that contains special characters (shell metacharacters such as *, ?, \, !, $, ', ", a space, etc.), and using a password that is too long.

To print to an HCC Windows printer you will need a valid HCC Windows network username and password.  You can learn your HCC network ID by using WebAdvisor.  Even if you are certain your HCC network ID and password are fine, you should walk to the open lab and attempt to log in using that username and password on one of the Windows computers.  If you have any problems with your HCC ID, consult with a lab tech.

A Windows Share name is the unique UNC (Universal Naming Convention) name of a shared resource such as a printer, in the form //server_name/printer_name or (as in our case) //domain_name/server_name/printer_name.

If the correct printer driver is selected the resulting printout should appear fine for either text or PostScript.  However your version of CUPS may not ship with the exact printer driver for some printer models.  To fix this you can upgrade the printing packages on your system, which will include the correct printer driver.  If you experiment a bit with the printer drivers for similar printers, you will usually find one that works pretty well.  If all else fails you can use the generic PostScript printer.

If the first driver you select doesn't work and you go to change it, Using the standard CUPS GUI tool you must go through the wizard again.  All the old information is preserved so all you need to is to click continue at each step, until you come to the driver choice (where you will make a new selection).  However, for security reasons the username and password don't appear in the displayed URI.  I've learned that if you just click continue to get to the driver selection page, the information that is showing replaces the information that was stored.  In short, the username and password will vanish if you just hit continue on that page!  The fix is easy, just re-enter your username and password into the URI that shows.

If all else fails, after attempting to print a test page check the log files for errors, especially /var/log/cups/error.log.

In the table below is the specific information needed to configure a printer on Linux for remote printing to the printer in room 461.  This printer is attached to a Windows server.  You will need to use Samba and your HCC network user ID and password to use this printer via the Windows print server.  However it is not necessary to use that Windows print server; you can print directly to the printer.

Most of the information used is case-sensitive, so be sure to enter it exactly as shown.  Some of the data in the table is for informational use only.