The intention of this post is to explain how to perform basic configuration of CUPS server and Clients for browsing printers available over the network when this does not work properly on CentOS/RHEL 7.
CUPS Server Configuration
1. Check that cups packages are installed
# rpm -qa | grep cups cups-client-1.6.3-35.el7.x86_64 cups-filesystem-1.6.3-35.el7.noarch cups-filters-libs-1.0.35-22.el7.x86_64 cups-filters-1.0.35-22.el7.x86_64 cups-1.6.3-35.el7.x86_64 cups-libs-1.6.3-35.el7.x86_64 ghostscript-cups-9.07-28.el7_4.2.x86_64
if not available in the system then install it:
# yum install cups Installed: cups.x86_64 1:1.6.3-35.el7 Dependency Installed: avahi-glib.x86_64 0:0.6.31-19.el7 bc.x86_64 0:1.06.95-13.el7 cairo.x86_64 0:1.14.8-2.el7 cups-client.x86_64 1:1.6.3-35.el7 cups-filesystem.noarch 1:1.6.3-35.el7 cups-filters.x86_64 0:1.0.35-22.el7 cups-filters-libs.x86_64 0:1.0.35-22.el7 fontconfig.x86_64 0:2.10.95-11.el7 fontpackages-filesystem.noarch 0:1.44-8.el7 ghostscript.x86_64 0:9.07-28.el7_4.2 ghostscript-cups.x86_64 0:9.07-28.el7_4.2 ghostscript-fonts.noarch 0:5.50-32.el7 jbigkit-libs.x86_64 0:2.0-11.el7 lcms2.x86_64 0:2.6-3.el7 libICE.x86_64 0:1.0.9-9.el7 libSM.x86_64 0:1.2.2-2.el7 libX11.x86_64 0:1.6.5-1.el7 libX11-common.noarch 0:1.6.5-1.el7 libXau.x86_64 0:1.0.8-2.1.el7 libXdamage.x86_64 0:1.1.4-4.1.el7 libXext.x86_64 0:1.3.3-3.el7 libXfixes.x86_64 0:5.0.3-1.el7 libXfont.x86_64 0:1.5.2-1.el7 libXrender.x86_64 0:0.9.10-1.el7 libXt.x86_64 0:1.1.5-3.el7 libXxf86vm.x86_64 0:1.1.4-1.el7 liberation-fonts-common.noarch 1:1.07.2-16.el7 liberation-mono-fonts.noarch 1:1.07.2-16.el7 libfontenc.x86_64 0:1.1.3-3.el7 libjpeg-turbo.x86_64 0:1.2.90-5.el7 libpng.x86_64 2:1.5.13-7.el7_2 libtiff.x86_64 0:4.0.3-27.el7_3 libusbx.x86_64 0:1.0.21-1.el7 libwayland-client.x86_64 0:1.14.0-2.el7 libwayland-server.x86_64 0:1.14.0-2.el7 libxcb.x86_64 0:1.12-1.el7 libxshmfence.x86_64 0:1.2-1.el7 mesa-libEGL.x86_64 0:17.2.3-8.20171019.el7 mesa-libGL.x86_64 0:17.2.3-8.20171019.el7 mesa-libgbm.x86_64 0:17.2.3-8.20171019.el7 mesa-libglapi.x86_64 0:17.2.3-8.20171019.el7 openjpeg-libs.x86_64 0:1.5.1-17.el7 pixman.x86_64 0:0.34.0-1.el7 poppler.x86_64 0:0.26.5-17.el7_4 poppler-data.noarch 0:0.4.6-3.el7 poppler-utils.x86_64 0:0.26.5-17.el7_4 qpdf-libs.x86_64 0:5.0.1-3.el7 urw-fonts.noarch 0:2.4-16.el7 xorg-x11-font-utils.x86_64 1:7.5-20.el7 Complete!
2. Start cups and cups-browsed services:
# systemctl enable cups # systemctl start cups
# systemctl enable cups-browsed.service # systemctl start cups-browsed.service
3. Edit the cups configuration file “/etc/cups/cupsd.conf” to allow other servers to connect to printers on this master server. The following is a cups configuration file from an CentOS/RHEL 7 server.
# grep -v '#' /etc/cups/cupsd.conf MaxLogSize 0 LogLevel warn Listen *:631 Listen /var/run/cups/cups.sock Browsing On BrowseLocalProtocols all DefaultAuthType Basic WebInterface Yes <Location /> Order allow,deny Allow all </Location> <Location /admin> Order allow,deny </Location> <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny </Location> <Policy default> JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default <Limit Create-Job Print-Job Print-URI Validate-Job> Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Cancel-Job CUPS-Authenticate-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> <Policy authenticated> JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default <Limit Create-Job Print-Job Print-URI Validate-Job> AuthType Default Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Cancel-Job CUPS-Authenticate-Job> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy>
To configure CUPS to listen on all network interfaces, change:
Listen localhost:631
to
Listen *:631
To configure cups to listen on specific network interface just use the IP address instead:
Listen 10.157.100.45:631
To allow clients on the same subnet where the master server is located add “Allow @LOCAL” to the bottom of the <Location /> stanza:
<Location /> # Allow shared printing Order allow,deny Allow @LOCAL </Location>
but if we need all clients to access this master server use “Allow all” instead:
<Location /> # Allow shared printing Order allow,deny Allow all </Location>
By default, cups configuration file is setup to send out broadcast packets with printer sharing information, make sure the following parameter exist on it.
Browsing On BrowseLocalProtocols cups dnssd
If not needed set it to “Browsing Off“.
4. Start the avahi-daemon service. If not available then install it.
# yum -y install avahi # systemctl enable avahi-daemon # systemctl start avahi-daemon
Check that the server is now running properly
# systemctl status avahi-daemon ● avahi-daemon.service - Avahi mDNS/DNS-SD Stack Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2018-07-24 13:15:02 EDT; 3 days ago Main PID: 635 (avahi-daemon) Status: "avahi-daemon 0.6.31 starting up." CGroup: /system.slice/avahi-daemon.service ├─635 avahi-daemon: running [gerald-vmol7.local] └─646 avahi-daemon: chroot helper Jul 24 13:15:01 ol7-master avahi-daemon[635]: Registering HINFO record with values 'X86_64'/'LINUX'. Jul 24 13:15:01 ol7-master avahi-daemon[635]: Server startup complete. Host name is gerald-vmol7.local. Local service cookie is 3732296456. Jul 24 13:15:02 ol7-master systemd[1]: Started Avahi mDNS/DNS-SD Stack. Jul 24 13:15:07 ol7-master avahi-daemon[635]: Joining mDNS multicast group on interface eth0.IPv4 with address 10.157.10.122. Jul 24 13:15:07 ol7-master avahi-daemon[635]: New relevant interface eth0.IPv4 for mDNS. Jul 24 13:15:07 ol7-master avahi-daemon[635]: Registering new address record for 10.157.10.122 on eth0.IPv4. Jul 24 13:15:09 ol7-master avahi-daemon[635]: Registering new address record for fe80::221:f6ff:feb0:3f6e on eth0.*. Jul 24 13:15:13 ol7-master avahi-daemon[635]: Joining mDNS multicast group on interface virbr0.IPv4 with address 192.168.122.1. Jul 24 13:15:13 ol7-master avahi-daemon[635]: New relevant interface virbr0.IPv4 for mDNS. Jul 24 13:15:13 ol7-master avahi-daemon[635]: Registering new address record for 192.168.122.1 on virbr0.IPv4.
5. Start the cups-browsed service.
# systemctl enable cups-browsed Created symlink from /etc/systemd/system/multi-user.target.wants/cups-browsed.service to /usr/lib/systemd/system/cups-browsed.service.
# systemctl start cups-browsed Check that the service is now runnning
# systemctl status cups-browsed ● cups-browsed.service - Make remote CUPS printers available locally Loaded: loaded (/usr/lib/systemd/system/cups-browsed.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2018-07-27 15:20:03 EDT; 2s ago Main PID: 14388 (cups-browsed) CGroup: /system.slice/cups-browsed.service └─14388 /usr/sbin/cups-browsed Jul 27 15:20:03 ol7-master systemd[1]: Started Make remote CUPS printers available locally. Jul 27 15:20:03 ol7-master systemd[1]: Starting Make remote CUPS printers available locally...
6. Start the cups service.
# systemctl start cups Check that the service is now running
# systemctl status cups ● cups.service - CUPS Printing Service Loaded: loaded (/usr/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-07-27 15:20:03 EDT; 33s ago Main PID: 14387 (cupsd) CGroup: /system.slice/cups.service └─14387 /usr/sbin/cupsd -f Jul 27 15:20:03 ol7-master systemd[1]: Started CUPS Printing Service. Jul 27 15:20:03 ol7-master systemd[1]: Starting CUPS Printing Service...
7. Either configure the firewall to allow outside access to port 631 and 5353 or stop it.
To add rule:
# iptables -A OUTPUT -p tcp -m tcp --dport 631 -j ACCEPT # iptables -A INPUT -p tcp --dport 631 -j ACCEPT # iptables -A OUTPUT -p tcp -m tcp --dport 5353 -j ACCEPT # iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
To stop firewall:
# systemctl stop firewalld # systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Jul 30 12:49:58 ol7-master systemd[1]: Starting firewalld - dynamic firewall daemon... Jul 30 12:49:59 ol7-master systemd[1]: Started firewalld - dynamic firewall daemon. Jul 30 12:54:48 ol7-master systemd[1]: Stopping firewalld - dynamic firewall daemon... Jul 30 12:54:49 ol7-master systemd[1]: Stopped firewalld - dynamic firewall daemon.
8. Add the printer over CUPS web interface on the Master server:
Open a web browser, enter the URI in the following format “https://localhost:631/” and go to Administration tab. The IP or hostname of the Master cups server can be used instead.
In the Administration tab, choose ‘Add a New Printer’ and then select Other Network Printers: Internet Printing Protocol (http) used in our test case. Then hit Continue.
Enter the device URI on Connection box, like in the example bellow and then hit Continue.
Where “10.157.138.57” is the IP of the networked printer and 631 the port used by cups to establish the connection. Enter the corresponding information required about the printer like in the example below and click on Continue.
In the next page select the printer vendor or PPD (Postscript Printer Description) file if required and hit Add Printer
Finish the printer configuration with the respective settings.
9. Now check that printer is discovered on Master cups server
# lpstat -t scheduler is running no system default destination device for TestPrinter08-SP5210SR: http://10.157.138.57:631/ipp/ device for TestPrinter09-SP5210SR: http://10.157.138.61:631/ipp/ TestPrinter08-SP5210SR accepting requests since Mon 30 Jul 2018 12:46:47 PM EDT TestPrinter09-SP5210SR accepting requests since Mon 03 Sep 2018 03:53:53 PM EDT printer TestPrinter08-SP5210SR is idle. enabled since Mon 30 Jul 2018 12:46:47 PM EDT printer TestPrinter09-SP5210SR is idle. enabled since Mon 03 Sep 2018 03:53:53 PM EDT
Notice our recently added printer and previous printer discovered in the past
TestPrinter08-SP5210SR accepting requests since Mon 30 Jul 2018 12:46:47 PM EDT TestPrinter09-SP5210SR accepting requests since Mon 03 Sep 2018 03:53:53 PM EDT
CUPS Client Configuration
1. Check that cups packages are installed
# rpm -qa | grep cups cups-libs-1.6.3-35.el7.x86_64
If not installed proceed to install the package
# yum install cups-1.6.3-35 Installed: cups.x86_64 1:1.6.3-35.el7 Dependency Installed: avahi-glib.x86_64 0:0.6.31-19.el7 bc.x86_64 0:1.06.95-13.el7 cairo.x86_64 0:1.14.8-2.el7 cups-client.x86_64 1:1.6.3-35.el7 cups-filesystem.noarch 1:1.6.3-35.el7 cups-filters.x86_64 0:1.0.35-22.el7 cups-filters-libs.x86_64 0:1.0.35-22.el7 fontconfig.x86_64 0:2.10.95-11.el7 fontpackages-filesystem.noarch 0:1.44-8.el7 ghostscript.x86_64 0:9.07-28.el7_4.2 ghostscript-cups.x86_64 0:9.07-28.el7_4.2 ghostscript-fonts.noarch 0:5.50-32.el7 jbigkit-libs.x86_64 0:2.0-11.el7 lcms2.x86_64 0:2.6-3.el7 libICE.x86_64 0:1.0.9-9.el7 libSM.x86_64 0:1.2.2-2.el7 libX11.x86_64 0:1.6.5-1.el7 libX11-common.noarch 0:1.6.5-1.el7 libXau.x86_64 0:1.0.8-2.1.el7 libXdamage.x86_64 0:1.1.4-4.1.el7 libXext.x86_64 0:1.3.3-3.el7 libXfixes.x86_64 0:5.0.3-1.el7 libXfont.x86_64 0:1.5.2-1.el7 libXrender.x86_64 0:0.9.10-1.el7 libXt.x86_64 0:1.1.5-3.el7 libXxf86vm.x86_64 0:1.1.4-1.el7 liberation-fonts-common.noarch 1:1.07.2-16.el7 liberation-mono-fonts.noarch 1:1.07.2-16.el7 libfontenc.x86_64 0:1.1.3-3.el7 libjpeg-turbo.x86_64 0:1.2.90-5.el7 libpng.x86_64 2:1.5.13-7.el7_2 libtiff.x86_64 0:4.0.3-27.el7_3 libusbx.x86_64 0:1.0.21-1.el7 libwayland-client.x86_64 0:1.14.0-2.el7 libwayland-server.x86_64 0:1.14.0-2.el7 libxcb.x86_64 0:1.12-1.el7 libxshmfence.x86_64 0:1.2-1.el7 mesa-libEGL.x86_64 0:17.2.3-8.20171019.el7 mesa-libGL.x86_64 0:17.2.3-8.20171019.el7 mesa-libgbm.x86_64 0:17.2.3-8.20171019.el7 mesa-libglapi.x86_64 0:17.2.3-8.20171019.el7 openjpeg-libs.x86_64 0:1.5.1-17.el7 pixman.x86_64 0:0.34.0-1.el7 poppler.x86_64 0:0.26.5-17.el7_4 poppler-data.noarch 0:0.4.6-3.el7 poppler-utils.x86_64 0:0.26.5-17.el7_4 qpdf-libs.x86_64 0:5.0.1-3.el7 urw-fonts.noarch 0:2.4-16.el7 xorg-x11-font-utils.x86_64 1:7.5-20.el7 Complete!
2. Edit the configuration file /etc/cups/cups-browsed.conf and add the required configuration directives, some of the following are the ones available:
BrowsePoll BrowseAllow BrowseLocalProtocols BrowseRemoteProtocols BrowseProtocols
Prior to CentOS/RHEL 7, these directives were used under /etc/cups/cupsd.conf but on CentOS/RHEL 7 and latest these are no longer working on it but in the file /etc/cups/cups-browsed.conf. For more information about the available directives use the man pages of cups-browsed.conf, “# man cups-browsed.conf”.
# vi /etc/cups/cups-browsed.conf <<< IN THIS TEST WE JUST ADDED BrowseAllow 10.157.10.122 IN WHICH THE IP IS OUR CUPS SERVER >>>
# cat /etc/cups/cups-browsed.conf | grep -v '#' BrowseRemoteProtocols dnssd cups BrowseAllow 10.157.10.122
3. Start the cups service
# systemctl enable cups.service # systemctl start cups.service
4. Start the avahi-daemon service. If not available then install it:
# yum -y install avahi # systemctl enable avahi-daemon # systemctl start avahi-daemon
5. Start the cups-browsed service
# systemctl enable cups-browsed # systemctl start cups-browsed
6. Use lpstat command to test that browsing works as expected:
# lpstat -t scheduler is running no system default destination device for TestPrinter08-SP5210SR: ipps://ol7-master.local:631/printers/TestPrinter08-SP5210SR device for TestPrinter09-SP5210SR: ipps://ol7-master.local:631/printers/TestPrinter09-SP5210SR TestPrinter08-SP5210SR accepting requests since Mon 03 Sep 2018 04:19:49 PM EDT TestPrinter09-SP5210SR accepting requests since Mon 03 Sep 2018 04:19:49 PM EDT printer TestPrinter08-SP5210SR is idle. enabled since Mon 03 Sep 2018 04:19:49 PM EDT printer TestPrinter09-SP5210SR is idle. enabled since Mon 03 Sep 2018 04:19:49 PM EDT
or
# lpstat -v device for TestPrinter08-SP5210SR: ipps://ol7-master.local:631/printers/TestPrinter08-SP5210SR device for TestPrinter09-SP5210SR: ipps://ol7-master.local:631/printers/TestPrinter09-SP5210SR
For more information on lpstat refer to the man pages, “# man lpstat”. Now your CUPS master and client servers are configured and ready to use.