See below: On Thu 14 June 2007 08:34, Johannes Meixner wrote: > Hello, > > On Jun 6 23:15 [EMAIL PROTECTED] wrote (shortened): > > How should a CUPS Printer on a workstation be configured, that prints to > > the OpenSUSE 10.2 CUPS Server? > > There is no "one single way" but there is a recommended way, see > http://en.opensuse.org/SDB:CUPS_in_a_Nutshell > "Configuring CUPS in the Network" > > > As a SMB Printer it is easily done on the OpenSUSE 10.2 workstation > > Note that printing via SMB requires a complete print system on the > Linux workstation (i.e. you cannot use a "client-only configuration" > on the workstation if it should also print via SMB), see > http://en.opensuse.org/SDB:Printing_via_SMB_%28Samba%29_Share_or_Windows_Sh >are > > > What is the procedure for printing from one OpenSuse 10.2 workplace to > > the OpenSUSE 10.2 CUPS Server without SAMBA? > > Normally the procedure is to do nothing ;-) > > Just let the cupsd run on the workstations as it comes out-of-the-box. > If then the cupsd on the workstations does not get the browsing > information from the CUPS server, check that the CUPS server > actually emits browsing information to the desired workstations > and that the cupsd on the workstations can receive it. > > In particular note that port 631 TCP and UDP must be allowed > in firewall settings, see > http://en.opensuse.org/SDB:CUPS_in_a_Nutshell > "The Spooler" > > In the YaST firewall module there are predefined "services" > for IPP (and also for Samba if you use Samba) so that it > should be easiest to use the YaST firewall module. > > Check if a firewall is active for a network zone in which > services should be used which require trusted users > (nobody lets arbitraty users print on his printer). > > By default the Suse firewall allows any access via a network > interface which belongs to the "internal zone" because this > zone is trusted by default. > > If the CUPS server and the client systems are in an internal > network and when you trust all what there is in your internal > network, your network interface must be set to be in the > "internal zone". > > It doesn't make sense to have a network setup in a trusted > internal network with a network interface which belongs to the > untrusted "external zone" (which is the default to be safe). > > > By the way: > > Up to Suse Linux 10.1 we had CUPS 1.1 and since openSUSE 10.2 we have > CUPS 1.2 which is not fully backward compatible with CUPS 1.1. > > For example RunAsUser is no longer supported so that since > openSUSE 10.2 / CUPS 1.2 the cupsd runs as root and therefore > we are back to its default "basic authentication" via system users > and system passwords (in /etc/shadow). Therefore > http://en.opensuse.org/SDB:Printer_Configuration_from_SUSE_LINUX_9.0_on > is partially outdated for openSUSE 10.2 > > Additionally by default cupsd in CUPS 1.2 listens only on internal > ("localhost") network interfaces (and a Unix domain socket) > in /etc/cups/cupsd.conf: > ------------------------------------------------------------ > # Only listen for connections from the local machine. > Listen localhost:631 > Listen /var/run/cups/cups.sock > ------------------------------------------------------------ > For a CUPS network server you must change it to listen > on the outer network too. > Either add someting like "Listen IP.of.your.server", see > http://localhost:631/help/ref-cupsd-conf.html?TOPIC=References&QUERY=#Liste >n or use YaST via "Other" -> "Change remote access" > and make sure that you use the firewall to protect your host > if it is accessible from any untrusted network. > > In case of an update it is recommended not to use an outdated > cupsd.conf from a CUPS 1.1 installation before but to start > from scratch with the original cupsd.conf from our CUPS 1.2 RPM. > > > Kind Regards > Johannes Meixner > -- > SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany > AG Nuernberg, HRB 16746, GF: Markus Rex
Thanx a lot Johannes! It is quite detailed. I will dig into the topic in the next few days and report back to the list. Scott's idea will also be checked. Al -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]