Printer Hold for Authentication

Can you connect to the queues via SMB?

Open “System Preference/Printers and Scanners”
Add printer by clicking the + sign
Alt click on printer menubar, select “Customise Menubar” and drag “Advanced” to menu bar.

Click “Advanced”
Type: Windows printer via spools
Device: Another Device
URL: smb://(queue Name)
Name: "Printer Name" Location: Use: select software;
Click “Add”

In Terminal:
sudo lpadmin -p "printername from above" -o auth-info-required=username,password
sudo lpadmin -p "printername from above" -o auth-info-required=username,password

I have added the printer through the Advanced tab and connected to the queue through smb:// however still getting the issue. This was done manually on the machine. however, in our through JAMF the script we use ends with "auth-info-required=negotiate" but this would not be going out to this particular machine as its not in the correct department.

Hmm...maybe reset the print system first (system prefs/Printers (alt click and reset print system)?
I've only used: sudo lpadmin -p "printername from above" -o auth-info-required=username,password sucessfully.
So is the printer added sucessfully and prints but then starts asking? You said it happens after a couple of hours?

Try the following:

Remove any entries for the the printer or print server in the keychain then try again since it worked the first time. If not then delete the keychain entries, remove the printer and modify and run the following. If you're using Jamf Connect/NoMAD/Enterprise Connect - sign into that first for best results.

/usr/sbin/lpadmin -p "Exact Print Queue Name" -o printer-is-shared="False" -E -v smb://"FQDN.Print.Server/Printer" /Library/Printers/PPDs/Contents/Resources/"PrinterDriver" -D "Printer Display Name" -o auth-info-required=negotiate

Pay mind to anything in quotes since those require specificity.

Hi Both,

I have tired both commands above which add the printer successfully like it has done originally. This printed as expected for a couple hours then i get the "Hold For Authentication" in the Print Queue again and this will not ask for the credentials again. This all works for Users who actually use their network accounts with no issues it just seems to occur when users are using a local account on the Mac

Did the user click remeber login details for keychain? Could it be that the local account details differ from the AD and therefore fails when it tries to print again (since you said local account and not mobile).

The User has clicked to remember credentials and i have checked that these are stored in the keychain. The Local accounts username does differ from their AD Username. I believe this is where the issue may be.

Have a look at this one; https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_domain

I'd say take a look at your Ticket Viewer app and see if you have a Kerberos ticket and when it is expiring. This may be why its only lasting a few hours.

If the printer is kerberized as @r... is alluding to above then the job should be sending as the AD user. If your kerberos ticket checks out and it still doesn't work then I just would install & configure NoMAD.