- Jamf Nation Community
- Products
- Jamf Pro
- Re: lpadmin: Unauthorized / Windows printing / E...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
lpadmin: Unauthorized / Windows printing / Equitrac
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 04:19 AM
Hi
We have implemented Equitrac within our organisation to manage our printers and make use of Followme printing.
Iv'e rolled the print queues and drivers out using Casper but all of our users are complaining that they have to input their credentials when printing. Ive created a script below i was hoping would fix this
#! /bin/bash
#This script will make the below printer queues use A.D cached credentials to print
lpadmin -p BandW_Printer_cabot -o printer-op-policy=authenticated
lpadmin -p Colour_Printer_Cabot -o printer-op-policy=authenticated
lpadmin -p Colour_Printer_Cabot_Fiery -o printer-op-policy=authenticated
/usr/sbin/dseditgroup -o edit -n /Local/Default -a 'Domain Users' -t group lpadmin
exit
This does not seem to be working, has anyone else seen this when using equitrac?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 04:20 AM
I'm also getting Unauthorized when i run the script????? I though scripts run as root?
/usr/sbin/jamf is version 8.73
Executing Policy London update printer script...
Mounting smb://10.86.9.58/CasperShare$ to /Volumes/CasperShare$...
Running script London printers use AD cached credentials.sh...
Script exit code: 0
Script result: lpadmin: Unauthorized
lpadmin: Unauthorized
lpadmin: Unauthorized
Unmounting file server...
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2014 09:19 AM
Scripts do run as root, but I recall that lpadmin still requires a password to be passed to it. Been awhile though.
See here for more: https://jamfnation.jamfsoftware.com/discussion.html?id=4701
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-23-2015 08:21 AM
I had a similar issue but i took another way around it
i had a login trigger to uninstall all printers then reinstall the ones required (yay scripting)
to get rid of that error message, i needed to alter lpadmin group.
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
Then everybody can use the lpadmin command to add or remove printers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-18-2018 10:09 AM
We run equitrac with ricoh printers.
Our Macs started with beign bound to active directory...
We used lpd:// print queues to print... SMB never worked for us...
also in order for the printing to work, you have to install the lpd service on the print server.( it never worked until we did that ).
We have started unbinding our macs in our environment, and were printing just find... Something changed last week, and now unbound printing via lpd stopped working ( i should mention in our windows environm ent they had an issue also ).
TO resolve for the unbound macs, we had the change the print connections back to smb
very weird, and havent found the cause of this..... but thats my story
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-18-2018 04:52 PM
We use Equitrac in our org, and use SMB print queues on a Windows print server. We have our main equitrac entry installed via config profile. That entry is modified with lpadmin to negotiate, and will respect kerberos/cached auth (IE: not hit keychain) on 10.11+
Printer installed by config profile:
PrinterObject_Name: smb://equitrac.domain.org/Queue_Name
We have a couple equitrac queues dumped in by profile, and a script iterates over them:
declare -x awk="/usr/bin/awk"
declare -x grep="/usr/bin/grep"
declare -x logger="/usr/bin/logger"
declare -x lpadmin="/usr/sbin/lpadmin"
declare -x lpstat="/usr/bin/lpstat"
declare -x mkdir="/bin/mkdir"
declare -x perl="/usr/bin/perl"
# Query for any printers on Equitrac
SMBPRINTERS="$("$lpstat" -v | "$grep" "smb://equitrac" | "$perl" -p -e 's/device for (.*): smb.*/$1/g')"
for SMBPRINTER in $SMBPRINTERS; do
echo "Configuring printer: $SMBPRINTER for use with Kerberos authentication!"
"$lpadmin" -p "$SMBPRINTER" -o auth-info-required=negotiate
donePortion that adds respecting non-keychain auth:
lpadmin -p PrinterObject_Name -o auth-info-required=negotiateIf you're installing your printers via lpadmin scripting, rather than config profile (understandable, given the limitations of printer config profiles), you can roll this portion of the command into whatever you do when you add the printer, like:
lpadmin -p "$device_queue_name" -E -v smb://"${printer_svr_address}"/"${smb_queue_name}" -P "$printer_driver_path" -D "$printer_q_name" -o auth-info-required=negotiate