Skip to main content

Hello,



I'm having a annoying issue with printing to windows print server queue's
My Mac's are bound to AD. When the staff prints they get a pop up message that they need to authenticate with their AD credentials , which they enter.
This happens every time they print, they are understandably getting tried of doing that



When the printers were added , the default icon was selected and the printer queue was listed and picked that way



I have tried running the commands as suggested in other threads



cupsctl DefaultAuthType=Negotiate



lpadmin -p PRINTERNAME -o auth-info-required=negotiate



Ii've also logged into the web interface under advanced and tried the options authenticate & kerbos



The mac's keep asking for their AD credentials .



The Mac's are OS X 10.8.5
Printer server is a win2k8 & Xerox printers
Paper cut is installed on the print server



I'm missing something very obvious

I hate to post a response without a solution, but I have the same exact problems in our environment with 10.10, 10.9. 10.8 machines and a Windows 2012 Print Server.

I have the same issue, I can't seem to find a permeant solution. We currently use Canon's (NT-Ware) uniFLOW Secureprint, following the link (posted below), I was able to get rid of that popup for about two months before printers started pausing and users started complaining. Most of our students/faculty do not know how to reset the print system or re-add a printer when this happens, so we could't go with this solution. We were forced to use the client provide by NT-Ware (not the best client in the world) to get around this issue.



Temporary solution:



https://jamfnation.jamfsoftware.com/discussion.html?id=4075

sounds like kerberos is not working,
are the print servers in the same kerberos trusted realm?
can you connect without authentication (ie using a kerberos ticket) to a smb share on the print servers?

Hi, we've written up a guide on using kerberos with Windows print queues here

I believe that in addition to the machine needing to be bound to AD, the user account must also be an AD account (UID >= 1024).



Could that be it?

I have a document that will help with the issue. I will post the information first thing tomorrow morning when I get to my work computer.

@mscottblake
User account can be a local account, you just have to have a kerberos ticket so if you do something like kinit to get a kerberos ticket then you get SSO to enabled services

How are you creating your print queues? I've had this exclusively with smb print queues. However moving to LPD queues with the options you are using fixes it all. Means a lot of Windows server work to get that up and running.

assuming the print server is providing those print queues over LPD...



This is how I add SMB print queues



lpadmin -p "$device_queue_name" -E -v smb://"${printer_svr_address}"/"${smb_queue_name}" -P "$printer_driver_path" -D "$printer_q_name" -o auth-info-required=negotiate

Thank you everyone for the responses, sorry for the late reply , but there were a few other fires i had to deal with
I will try all the scripts and see if that helps 

lpadmin -p "Secureprint" -E -v smb://servername/printqueue -P "PATH-TO-PPD" -D "Secureprint" -o auth-info-required=negotiate


/Applications/UniFLOW/MomUd.ppd



/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Resources/Generic.ppd


Using this method adds the printer fine and also prints fine using AD credentials. The only issue is that uniFLOW (NT-Ware/Cannon software) doesn't recognize the price of a sheet of paper properly and automatically prints in color.



If only NT-Ware/Cannon could fix their software to recognize cost and color properly so we can avoid using the Mac Client would be amazing.

Reply


Terms & ConditionsCookie settings