How you do guys deploy printers?

Aziz
Valued Contributor

Hello nice people!

I'm currently testing deploying printers using Casper, but I'm having a couple of issues.

Deploying printers added by Casper Admin = "Hold for Authentication"

Using the command line = "Printer Paused"

Error logs shows: E [14/May/2015:10:23:35 -0500] [Job 5] Connection refused)

Command I'm using:

/usr/sbin/lpadmin -p "name of printer" -E -v smb://printerserver-forIT.mydomain.com -P /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Resources/Generic.ppd

and

/usr/sbin/lpadmin -p "nameof-IT printer" -E -v smb://printserver-namehere -P /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Resources/Generic.ppd

These are network printers hosted on Windows Server 2012R2. Can someone shed some light on what I'm doing wrong?

1 ACCEPTED SOLUTION

Aziz
Valued Contributor

Solution:

Add printer by IP and use the CORRECT protocol.

HP's = HP Jet-direct - Socket

Everything else IPP.

Add to Casper Admin and deploy with no issues!

Thank you to everyone for your help and suggestions!

View solution in original post

29 REPLIES 29

Rayfield
New Contributor II

There's a printer capture feature in Casper Admin. It allows you to capture any printer that is installed on that computer and push it out to any other mac that's attached to Casper.

We've also set up smart groups for each classroom that needs a printer and have it deployed that way, so when we re-image over the summers the printers get added again without any extra configuration on our end.

Aziz
Valued Contributor

@rleatherwood

I'm also trying to automate it with Smart Groups, but I've tried your method and it results in "Hold for Authentication".

stevewood
Honored Contributor II
Honored Contributor II

@Abdiaziz Is there any reason why you're using the generic PPD file instead of the PPD for the specific printer? I have a feeling that is why you are receiving the "Hold for Authentication" message.

dferrara
Contributor II

@Abdiaziz Does your print server require authentication? I get that message in our environment if I'm not connecting as Guest:

smb://guest@printserver-namehere

Rayfield
New Contributor II

Yeah, we deploy all of ours as locally installed printers, we don't use a print server for our Macs.

Aziz
Valued Contributor

@stevewood

I tried using the PPD and get the same issue, "Hold for Authentication".

/usr/sbin/lpadmin -p “NAME-ofPRINTER” -E -v smb://PRINTESERVER-P /Library/Printers/PPDs/Contents/Resources/HP LaserJet 700 color MFP M775.gz

@dferrara

Sadly, that was a no go. It was stuck on 'Ready to Print'.

Adding it manually using the PPD and generic drivers works. What a headache.

Aziz
Valued Contributor

Alrighty, I've gotten the printers to be mapped properly, My new issue: it prompts the user for authentication (AD credentials). The problem with that is, in 2-3 months the printer will become "Paused" and the end-user will not know what to do and contact the HelpDesk. Any solutions around this?

As a side-note, adding the printer manually doesn't ask for any of this

Rayfield
New Contributor II

So if you use the Casper Admin to capture a printer and then deploy it through a policy you still get an authentication error? Also have you tried installing it as a local printer using the IP Address instead or a network printer hosted on a server?

As for the printing pausing we solved that by enabling Parental control and unchecking the box of "Limit Printer Administration" It seemed it was either that or make the user a local admin, but we didn't want our students to have administrator access.

But... if you're using AD I'm not sure if you can have parental controls set up on them.

mscottblake
Valued Contributor

@Abdiaziz The "Hold for Authentication" problem is related to authentication to the print server, that's why many people don't see it.

If your machines are bound to active directory, add -o auth-info-required=negotiate to the lpadmin statement. This will attempt to pass the kerberos information through to authenticate without having the need for the user to do so.

Also, to "unpause" all printers, use /usr/sbin/cupsenable $(lpstat -p | grep -w "printer" | awk '{print$2}')

Aziz
Valued Contributor

@mscottblake @rleatherwood

I've gotten around the "Hold for Authentication" by deploying the printer via IP. The weird thing is, it takes about ~30 seconds to print. For example, I hit "Print" and it stays on "Waiting to Print" for ~30 seconds then it finally prints. Any way to speed up that up?

mscottblake
Valued Contributor

@Abdiaziz I also noticed what looks like an error in the -v flag. It should be in the format of [protocol]://[printserver fqdn]/[printer shortname] aka smb://printerserver-forIT.mydomain.com/printername.

Note the printer name in that string is not the name the users see, but the name the OS uses.

Rayfield
New Contributor II

@Abdiaziz

Weird, our computers print instantly.

The correct drivers are on the deployed computer?

Does it also take 30 seconds to print from the original computer before it's deployed?

Are you using the LPD Protocol?

Aziz
Valued Contributor

Solution:

Add printer by IP and use the CORRECT protocol.

HP's = HP Jet-direct - Socket

Everything else IPP.

Add to Casper Admin and deploy with no issues!

Thank you to everyone for your help and suggestions!

lwindram
Contributor

I found that managing printers using Casper Admin was too much of a headache & settled on adding them all using lpadmin scripts. Ideally I would have one script for each Make / Model combination, and feed the specifics in through parameters, but I haven't found time for that yet.

It is a multi-stage process:

1.) create an EA to determine if the driver is installed ( I only verify the components related to the individual printer )
2.) create a smart group based on the driver EA.
3.) deploy the drivers via policy. I include a recon to adjust the driver smart group.
4.) create a smart group to determine if the printer is already installed.
5.) scope a script based on smart group membership to add the printer (automated for some printers, Self Service for others). The policy includes a recon to update the smart groups.

Some "gotchas" include printer sharing, which is enabled on a per printer basis when installed this way, although disabled on a systemwide basis. It is also important to have the correct driver files. If any are missing, the printer will install anyways, but will show up as a local raw printer.

An example script:

#!/bin/bash

###############################
#
# Variables
#
###############################

# Set the appropriate values below
# PPD is the location of the printer-specific PPD file *this should be installed locally prior to running the script
# SysPrinter is the printer name
# DispPrinter is the printer display name (this appears in the Printers list)
# Addr is the IPV4 Path to printer (http://xx.xx.xx.xx/) 
# Bldg is the physical campus location of the printer

PPD='/Library/Printers/PPDs/Contents/Resources/RICOH Aficio SP 4100N.gz'
SysPrinter="HS-KITCHEN"
DispPrinter="HS Kitchen"
Addr="lpd://xx.xx.xx.xx/"
Bldg="GRCHS"

###############################
#
# Script
#
###############################

lpadmin -p $SysPrinter -v $Addr -D "$DispPrinter" -L $Bldg -m "$PPD" -E 

# The following options must be manually commented in/out
# If a Ricoh SP4100 then do not uncomment any options

# If a Ricoh C5502 then uncomment the following line
# lpadmin -p $SysPrinter -o LargeCapacityTray=Installed -o PageSize=Letter -o Duplex=DuplexNoTumble -o ColorModel=Gray -o Finisher=FinKINGB

# If a Ricoh MP6002 then uncomment the following line
# lpadmin -p $SysPrinter -o PageSize=Letter -o Duplex=DuplexNoTumble -o Finisher=FinEUPHRATESE

exit

Rayfield
New Contributor II

We use LPD for everything including our HP's. Though we don't have many HP printer models in the district with our Macs.

Just out of curiosity what OS are you using? We did have an issue with out older HP 1505 Printers a few years back with 10.6 or 10.7 where it did take forever to print now that I think of it.

mscottblake
Valued Contributor

@Abdiaziz While IPP works, just make sure you are aware of the problems of using the manual approach. If you are sending to the print server, the jobs are queued in order. It also provides a central location that would need changed if the IP of the printer were to change. Sending straight to IP negates all positives of running a print server in the first place.

Aziz
Valued Contributor

@rleatherwood

Shortly after posting that response, I was testing out LDP with the HP printers and it works fine. I'll be testing the LPD protocol a little bit more, looks promising though!

OS: OS X 10.10.3

Aziz
Valued Contributor

@mscottblake

The print server is mainly for uniFLOW Secureprint (everywhere but classrooms). Classrooms do not need the added benefits of a queue and I'm also aware of the problems I might have to face. IP address won't be a problem since we give our printers static IP's and if they are changed, I would be notified via email.

ndelgrande
New Contributor

We use a Canon system. One printer assigned to all Macs. When a user prints, it hits the print server and stays there. Then the users can go to any printer in the company, swipe their badge, and their print job is printed. If they end up not following through with the printing, the print job is purged after 12 hours. Saves a ton on printing (It also allows you to track who is printing the most). I highly recommend it or something similar if you want to save money on printing.

The few other unique printers and plotters are in Self Service.

Aziz
Valued Contributor

@ndelgrande2

We have uniFLOW Secureprint building wide except for classrooms. Only difference between us, jobs are cleared after 24 hours instead of 12.

ndelgrande
New Contributor

It's nice isn't it?

ndelgrande
New Contributor

I find that anytime printers pause or do what you are describing, it's all about the driver/PPD. Before we implemented uniFLOW, if I didn't use the exact UFRII US driver, I would get the same thing you are describing. How about just setting up the printer in the GUI? Is there problems there?

Aziz
Valued Contributor

@ndelgrande2

For OS X, we use the NT-Ware uniFLOW MacClient (all Canon). Classrooms usually have some kind HP printer. I'm liking it so far.

ndelgrande
New Contributor

HP printers are what you are having issues with?

ndelgrande
New Contributor

Before uniFLOW, I would just do straight IP printing to the printer directly. With HP printers, using socket://

We have removed most HP printers.

Chris_Hafner
Valued Contributor II

Am I the only that thought: "The same way girls do". Sorry, I just found it funny! In any event glad to know you've for a handle on this.

krispayne
Contributor

Hi I refined @lwindram's script. It now uses script parameters from the JSS.

GitHub Gist

#!/bin/bash

# Original: https://jamfnation.jamfsoftware.com/discussion.html?id=14467
# Useful script for deploying printers in a Casper Environment
# Originally by Lwindram on JAMF Nation forums
# https://jamfnation.jamfsoftware.com/viewProfile.html?userID=11026
# Edited to use JSS Script Parameters to make the script portable to all Models. Define $vars in JSS Policy.

# Variables

# PPD = $4 in JSS
ppd=$4

# CUPS Name = $5 in JSS
cupsName=$5

# Display Name = $6 in JSS
humanName=$6

# IP Address and Protocol = $7 in JSS
# Be sure to add the protocol in the paramters!
ip=$7

# Building Location = $8 in JSS
bldg=$8

# Duplex = $9 in JSS
duplex=$9

# Finisher = $10 in JSS
finisher=${10}

# $11
# var=${11}

# Script

lpadmin -p $cupsName -v $ip -D "$humanName" -L "$bldg" -m "$ppd" -E -o printer-is-shared=false -o Duplex="$duplex" -o PageSize=Letter -o Finisher="$finisher"

# man lpadmin
# -p = Named printer or class
# -v = device URI
# -D = textual description of destination
# -L = location of destination
# -m = model (ppd)
# -E (at end) enables device

# CUPS Options
# man lptoptions
# -o printer-is-shared=false disables sharing
# -o Duplex=None disables two-sided printing 
# -o Duplex=DuplexNoTumble enables two-sided printing long edge
# -o Duplex=DuplexTumble enables two-sided printing short edge

# Printer has Large Capacity Tray
# lpadmin -p $cupsName -o LargeCapacityTray=Installed

# Finishing options
# Finisher/Finisher: 
# NotInstalled 
# FinRUBICONB 
# FinVOLGABBK 
# FinVOLGAB 
# FinAMURBK 
# FinAMUR  = Finisher SR3140
# FinEUPHRATESE 
# FinKINGB
# lpadmin -p $cupsName -o Finisher=$finisher

exit

I took out the bottom portion as I'm still working out the model specifics. Our environment is pretty homogenous when it comes to printers, so the CUPS settings should be fairly straightforward. I deploy this through a Self Service policy. I'll keep updating the Gist as I add more options, but a bit of DDG'ing and reading the lpoptions -p $printername -l helps a ton!

chiguchi
New Contributor

@ndelgrande2 @Aziz I am trying to deploy the InstallUniflowMacClient.dmg. What are the steps you followed in your process to create the deployment package.

25CW25
New Contributor II

@Aziz, do you mind elaborate what you did with the HP Jet Direct? You mention of chooisng the correct protol. However, what do you enter under "Device URI"?

I cannot get IPP to work on one of the newer Xerox. It will keep say ready to print.

Update: nevermind, I figured to define a different protocol, just specified in Device URI. Example, instead of ipp://youripaddress, it would be socket://youripaddress, or ldp://youripaddress