Skip to main content

Hi



We have implemented Equitrac within our organisation to manage our printers and make use of Followme printing.
Iv'e rolled the print queues and drivers out using Casper but all of our users are complaining that they have to input their credentials when printing. Ive created a script below i was hoping would fix this



#! /bin/bash



#This script will make the below printer queues use A.D cached credentials to print



lpadmin -p BandW_Printer_cabot -o printer-op-policy=authenticated
lpadmin -p Colour_Printer_Cabot -o printer-op-policy=authenticated
lpadmin -p Colour_Printer_Cabot_Fiery -o printer-op-policy=authenticated
/usr/sbin/dseditgroup -o edit -n /Local/Default -a 'Domain Users' -t group lpadmin



exit



This does not seem to be working, has anyone else seen this when using equitrac?

I'm also getting Unauthorized when i run the script????? I though scripts run as root?



/usr/sbin/jamf is version 8.73
Executing Policy London update printer script...
Mounting smb://10.86.9.58/CasperShare$ to /Volumes/CasperShare$...
Running script London printers use AD cached credentials.sh...
Script exit code: 0
Script result: lpadmin: Unauthorized
lpadmin: Unauthorized
lpadmin: Unauthorized
Unmounting file server...

Scripts do run as root, but I recall that lpadmin still requires a password to be passed to it. Been awhile though.



See here for more: https://jamfnation.jamfsoftware.com/discussion.html?id=4701

I had a similar issue but i took another way around it
i had a login trigger to uninstall all printers then reinstall the ones required (yay scripting)
to get rid of that error message, i needed to alter lpadmin group.



/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin



Then everybody can use the lpadmin command to add or remove printers.

We run equitrac with ricoh printers.
Our Macs started with beign bound to active directory...
We used lpd:// print queues to print... SMB never worked for us...
also in order for the printing to work, you have to install the lpd service on the print server.( it never worked until we did that ).



We have started unbinding our macs in our environment, and were printing just find... Something changed last week, and now unbound printing via lpd stopped working ( i should mention in our windows environm ent they had an issue also ).



TO resolve for the unbound macs, we had the change the print connections back to smb



very weird, and havent found the cause of this.....
but thats my story

We use Equitrac in our org, and use SMB print queues on a Windows print server. We have our main equitrac entry installed via config profile. That entry is modified with lpadmin to negotiate, and will respect kerberos/cached auth (IE: not hit keychain) on 10.11+



Printer installed by config profile:
PrinterObject_Name: smb://equitrac.domain.org/Queue_Name



We have a couple equitrac queues dumped in by profile, and a script iterates over them:



declare -x awk="/usr/bin/awk"

declare -x grep="/usr/bin/grep"

declare -x logger="/usr/bin/logger"

declare -x lpadmin="/usr/sbin/lpadmin"

declare -x lpstat="/usr/bin/lpstat"

declare -x mkdir="/bin/mkdir"

declare -x perl="/usr/bin/perl"

# Query for any printers on Equitrac

SMBPRINTERS="$("$lpstat" -v | "$grep" "smb://equitrac" | "$perl" -p -e 's/device for (.*): smb.*/$1/g')"



for SMBPRINTER in $SMBPRINTERS; do

    echo "Configuring printer: $SMBPRINTER for use with Kerberos authentication!"

    "$lpadmin" -p "$SMBPRINTER" -o auth-info-required=negotiate 

done


Portion that adds respecting non-keychain auth:



lpadmin -p PrinterObject_Name -o auth-info-required=negotiate


If you're installing your printers via lpadmin scripting, rather than config profile (understandable, given the limitations of printer config profiles), you can roll this portion of the command into whatever you do when you add the printer, like:



lpadmin -p "$device_queue_name" -E -v smb://"${printer_svr_address}"/"${smb_queue_name}" -P "$printer_driver_path" -D "$printer_q_name" -o auth-info-required=negotiate

Reply


Terms & ConditionsCookie settings