我在 Windows 10 或 7 中连接打印机时遇到问题。在我的 Debian 中,无论是基本身份验证类型还是 HTTPS,一切都运行良好。我创建了用户 cups_print 并使用 passwd 命令为他分配密码。我尝试禁用身份验证和 TLS/SSL,没有它们,Windows 站可以连接到 HP P1006,该 HP P1006 连接到运行 CUPS 的 Raspi。我也尝试过 Require valid-user,但使用此选项我可以使用任何凭据进行打印,例如用户名:“aa”密码:“randompassword”。我还尝试在进行 SSL 连接时监听端口 631,但在 Windows 上没有任何成功,Linux 使用每个选项都可以正常工作。
我尝试在 Windows 中通过以下方式设置 ipp url:
https://192.168.X.132:632/打印机/HP_LaserJet_P1006
https://cups_print:[电子邮件保护]:632/打印机/HP_LaserJet_P1006
https://[电子邮件保护]:632/打印机/HP_LaserJet_P1006
http://[电子邮件保护]:631/打印机/HP_LaserJet_P1006
http://192.168.X.132:631/打印机/HP_LaserJet_P1006
http://cups_print:[电子邮件保护]:631/打印机/HP_LaserJet_P1006
我还尝试添加打印机,在 cupsd.conf 配置为无需身份验证后,然后启用选项重新启动它,然后通过端口编辑向 Windows 提供凭据。同样没有任何成功。我可以通过 Web 界面在任何 Windows 站点上访问 cups 配置。这似乎是 Windows 的问题,如果不是,您能否提出任何解决方案,我希望我的家庭网络中的一切都安全无虞。
我附上了我的 cupsd.conf 文件的一部分
# Show troubleshooting information in error_log.
LogLevel debug
PageLogFormat
MaxLogSize 0
Port 631
Listen localhost:631
Listen /run/cups/cups.sock
Listen 192.168.X.X:631
Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Required
SSLPort 632
SSLListen *:632
<Location />
Order allow,deny
Allow 192.168.X.*
Allow 192.168.X.*
Allow localhost
#Allow all
Require user cups_print
#Require user @SYSTEM cups_print
</Location>
<Location /printers>
Order allow,deny
Allow 192.168.X.*
Allow 192.168.X.*
Allow localhost
#Allow all
AuthType Basic
Require user cups_print
#Require user @SYSTEM cups_print
答案1
经过一周的努力解决这个问题后,我找到了一个解决办法。
在 Windows 10 1903 更新中,添加带有身份验证的打印机时出现问题。您必须先设置端口,甚至在添加打印机之前,之后您就可以毫无问题地添加它。您可以编辑和运行的漂亮脚本在这里
或者您可以通过配置寄存器手动添加它,请参阅第二个链接。成功添加端口和打印机后(不会要求您提供任何凭据),转到打印机设置、端口设置并使用提供的凭据配置端口。没有它们,您将无法打印。
其次,您必须在 cupsd.conf 中授予对每个位置的访问权限,无需身份验证,甚至包括“/”和“/printers”。之后,创建策略限制<Limit Get-Printer-Attributes>
,并且根本不需要在那里进行身份验证。然后在<Limit Cancel-Job CUPS-Authenticate-Job>
和中启用身份验证<Limit Create-Job Print-Job Print-URI Validate-Job>
。
如果您尝试使用自签名证书,请点击链接 在 Windows 中添加自签名证书。不要忘记将此证书添加到“受信任的根第三方证书”中
当您将 IPP 打印机添加到 Windows 时,您必须面对更多存在问题的来源 Windows 上的 Cups 身份验证问题 Windows 上的 Cups 身份验证问题
我的 cupsd.conf(匿名)
LogLevel debug
PageLogFormat
MaxLogSize 0
SSLPort 636
SSLListen *:636
Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All
DefaultAuthType Basic
WebInterface yes
DefaultEncryption required
ServerKey /etc/cups/ssl/server.key
ServerCertificate /etc/cups/ssl/server.crt
ServerAlias hostname.my_domain.net
# Restrict access to the server...
<Location />
Order allow,deny
Allow 192.168.X1.*
Allow 192.168.X2.*
Allow localhost
</Location>
<Location /printers>
Order allow,deny
Allow 192.168.X1.*
Allow 192.168.X2.*
Allow localhost
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow localhost
Deny all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Allow localhost
Order allow,deny
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
Allow all
AuthType Basic
Require user @SYSTEM cups_print
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
AuthType Basic
Order deny,allow
</Limit>
<Limit Get-Printer-Attributes>
Order allow,deny
Allow all
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Basic
Require user @SYSTEM cups_print
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Basic
Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
Order deny,allow
</Limit>
<Limit Get-Printer-Attributes>
Order allow,deny
Allow all
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
答案2
警告
对于 cups 2.2.1 及更高版本,cupsd.conf 中使用的 ServerCertificate 和 ServerKey 指令已被撤销。
除非在 cups-files.conf 中将指令 CreateSelfSignedCerts 设置为“no”,否则 cups 将使用名称 ${HOSTNAME}.crt 和 ${HOSTNAME}.key 生成自己的自签名证书
证书的默认路径仍然是 cups_root + ssl 目录,但可以使用 cups-files.conf 中的指令 ServerKeyChain 进行更改。
因此,如果您有自己的证书(自签名或权威签名),则必须将它们复制到 ssl 目录中,名称为 ${HOSTNAME}.crt 和 ${HOSTNAME}.key,否则端口 631 上的 https 连接将失败,并且 /var/log/cups/error.log 包含多行抱怨无法读取证书文件的内容。