这是关于我的本地服务器设置的最后一点,它已经让我抓狂好几天了。
我找到了如何正确限制我的位置(仍然很宽松,但仅用于调试)并使用限制的方法。必须将组 adm 添加到 cups-files.conf,因为无论出于什么原因,处于 lpadmin 组中都不足以让 CUPS 限制管理员远程访问,这很奇怪,但现在可以正常工作了。
但在过去 3 天里,我一直在苦苦思索 Windows 无法添加我的 CUPS 服务器共享的打印机,因为无法找到它们。我非常确定这与我的系统在服务器站点上的设置有关,因为只需通过 avahi 和 CUPS 本身提供的功能,无需在服务器上运行 samba-common 即可实现这一点。
这是我的 cupsd.conf
LogLevel warn
PageLogFormat
MaxLogSize 0
# Allow remote access
Port 631
SSLPort 631
# SSLOptions [DenyDH] [DenyRC4] [DenySSL3] [DenyCBC] [DenyTLS1.0]
Listen 0.0.0.0:631
SSLListen 0.0.0.0:631
# Share local printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
HostNameLookups On
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Required
ServerCertificate /etc/cups/ssl/dcsrv01.fritz.box_crt.pem
ServerKey /etc/cups/ssl/dcsrv01.fritz.box_key.pem
ServerName dcsrv01.fritz.box
ServerAlias *
<Location />
# Allow shared printing and remote administration...
Encryption Required
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
# Allow remote administration...
Encryption Required
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
Encryption Required
AuthType Default
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/log>
Encryption Required
AuthType Default
Require user @SYSTEM
Order allow,deny
# Allow remote access to the log files...
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy kerberos>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
我是不是在这儿干了蠢事?老实说,我有点不知所措。
答案1
要从 Windows 系统打印到 IPP 打印机,您需要在系统上启用“Internet 打印客户端”功能。
此处最佳答案的第一部分概述了在 Windows 7 上启用此功能,但这适用于所有当前支持的 Windows PC 和服务器版本:https://superuser.com/a/301421
答案2
将 CUPS(IPP)打印机连接到没有 SAMBA 的 Windows 10:
到目前为止,Samsba 仍然无法工作,但有不同的方法可以通过 cups + windows 客户端设置安全打印。
- 在 Windows 中启用 Windows 功能 IPP
- 通过其 ip 地址和 ipp 方案将打印机添加到 cups。
ipp://<printer_ip>/ipp/print请理解,如果您还需要通过 ipp 从 cups 服务器安全地转发到打印机,则需要使用 ipps,但您的打印机必须同时支持 ipp 和 ipps。 - 创建本地 PKI 或使用现有 PKI 为运行 cups 的服务器创建密钥和 crt。
- 使用 cups 激活所有 ssl 恶作剧。
- 现在转到 Windows 客户端并通过“通过主机名或 IP 地址识别”添加打印机
- 进入:
https://username:password@<cupsfqdn>:631/printers/<printer_name> - 选择司机
- 完毕
不知何故,Samsba 共享仍然无法在我的设置下工作,但在此之前我至少可以通过这种方式打印。