- Jamf Nation Community
- Products
- Jamf Pro
- Papercut authentication via AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Papercut authentication via AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-18-2012 07:59 AM
Does anyone have experience distributing papercut printers (running on a Windows print server) via Casper to Macs? The problem I am having is with authentication on our AD domain. On the Windows computers, a user logs in using AD credentials, and is not prompted again for a username password when they print. When I setup the printer on a Mac (not distributed through Casper) it does not require secondary authentication. But, the Casper distributed printer does prompt for authentication. I've found the line in the printers.conf file which controls this: "AuthInfoRequired negotiate" vs "AuthInfoRequired username,password". Does anyone have any thoughts on why Casper changes this setting when distributing the printer?
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-18-2012 10:28 AM
So sounds like you are using ipp printers on OSX instead of smb queues.
We got around this by not requiring authentication with CUPS but relying on the PaperCut Client to authenticate instead.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-18-2012 10:28 AM
So sounds like you are using ipp printers on OSX instead of smb queues.
We got around this by not requiring authentication with CUPS but relying on the PaperCut Client to authenticate instead.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-18-2012 12:24 PM
We are using smb queues, but were hopping to avoid the Papercut client. On the windo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-18-2012 12:25 PM
We are using smb queues, but were hopping to avoid the Papercut client. On the windows side, the AD credentials pass through to the Papercut server, so there is no need for a 2nd authentication.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-19-2012 07:51 AM
Are you using the advanced printer setup for the smb queues? I had to use "windows printer via spoolss" (URL format smb://server/sharename) You will need to avoid spaces in the share name as well. When trying to print the first time from a deployed printer it put my print job on hold. If you resume the print job it will ask for authentication and charge that AD account in Papercut. On subsequent prints it would go automatically provided I checked the "Remember in key chain" box. I don't know if that's the best solution but it works.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-19-2012 05:21 PM
@ccsdcasper
All you need to do is kerberise the printer queues (provided that you use AD for computer authentication)
https://jamfnation.jamfsoftware.com/discussion.html?id=4075
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-30-2013 06:40 PM
We just finished automating deployment of PaperCut printers to our Macs.
PPD sits on PaperCut server, so we can curl it to Mac:
/usr/bin/curl http://papercut-app-server.domain.com:8080/printer-ppd.txt > "$3"/private/tmp/printer-ppdThen we use lpadmin to set up the printer, tweak for your printer:
/usr/sbin/lpadmin -p PrintQueueName -v smb://print-server.domain.com/PrintQueueName -E -P /private/tmp/printer-ppd -D "Our fancy printer" -L "Our office" -o Feature1='Option1' -o Feature2='Option2' -o Feature3='Option3'Set up (above) works fine...however, users are getting password prompts, which isn't what we expected...since all Macs are joined to the domain, and all users are AD users (mobile accounts).
Users are prompted for password, which they can add to their keychain...this shouldn't be happening, we expected users' cached AD credentials to be passed to the PaperCut application server. :(
I confirmed we are running PaperCut MF version 12.5 or 13.x (waiting on version confirmation), on Windows Server 2008 R2, and is not Kerberised.
We are working with the vendor, but have hit a brick wall with users being prompted for credentials...we want to avoid the PaperCut Client <g> so hoping for some useful input or ideas.
TIA
Don
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-30-2014 06:35 AM
Of course I forgot to follow up on this thread...
PaperCut + OS X + SSO = bliss
https://jamfnation.jamfsoftware.com/discussion.html?id=7082
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Hi Don, just found this thread about good old Papercut and Jamf, but the follow up that posted doesn't seem to exist anymore...
I'm trying to get my passwords to sync between Jamf Connect / Local and Papercut so Users don't have to manually update them every 90 days...
