Howto: Cups Printing in pfSense 2.0
-
http://en.wikipedia.org/wiki/Attack_surface
Ok, But still no answer to my question :)
I should have missed something during installation or not?
It seems that the easiest way to buy a print server but he needs a place, one more outlet for additional power adapter and so on. -
You have samba on this also? I'm just looking at my CUPs settup and comparing.
(for making system changes, I'd think you would need to use the pfsense root username and password)
-
no i have no samba…
and all login-password pairs which come to mind dont fits.. -
I'm not sure - When I setup CUPs on this system, I don't remember needing to do anything with passwords, but that linux and not BSD. I did need to configure CUPs to allow guest printing via IPP without usernames or pass.
-
well, maybe you can help me with another issues?
- It seems strange that when i plug printer to usb port i have only one message:
kernel: ugen0.2: <samsung> at usbus0</samsung>I guess that normally there should be something like this
ugen2.2: <samsung> at usbus2 ulpt0: <samsung 0="" 2="" samsung="" ml-2010,="" class="" 0,="" rev="" 1.10="" 1.00,="" addr=""> on usbus2</samsung></samsung>- my devfs.rules seems to be correct:
[2.0.1-RELEASE][admin@pfsense.ncat.routerpc]/dev(41): ls -l total 3 <...> lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen0.1 -> usb/0.1.0 lrw-rw---- 1 root cups 9 Sep 16 01:59 ugen0.2 -> usb/0.2.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen1.1 -> usb/1.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen2.1 -> usb/2.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen3.1 -> usb/3.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen4.1 -> usb/4.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen4.2 -> usb/4.2.0 lrwxr-xr-x 1 root wheel 6 Aug 2 22:51 urandom -> random <...>3)additionally i installed SpliX with pkg_add and now it is also seems to work ok:
/usr/local(17): lpinfo --make-and-model 'Samsung ML-2010' -m samsung/ml2010.ppd Samsung ML-2010, SpliX V. 2.0.0/usr/local/share/cups/model(36): ls -l total 21 drwxr-xr-x 2 root wheel 512 Sep 15 20:02 dell -rw-r--r-- 1 root wheel 9645 Jun 30 2010 pxlcolor.ppd -rw-r--r-- 1 root wheel 9453 Jun 30 2010 pxlmono.ppd drwxr-xr-x 2 root wheel 1024 Sep 15 20:02 samsung drwxr-xr-x 2 root wheel 512 Sep 15 20:02 xerox4)Is lpinfo -v output correct?
/usr/local(18): lpinfo -v Password for root on localhost? network http network ipp network lpd network socketI can't add printer using lpadmin. Maybe smth wrong with the command:
/usr/local(21): lpadmin -E -p net_printer -v file:/dev/usb/0.2.0 -m "samsung/ml2010.ppd Samsung ML-2010, SpliX V. 2.0.0" -L "ML-2015 home router" -E lpadmin: Unable to connect to server: Bad file descriptorAnd i can't add printer using Web interface: http://clip2net.com/s/5L6TRv (sorry for Russian language)
-
Nope - Never used pfsense with CUPs. I'm not sure what to recommend for you and I'm also not sure if its recommended.
-
Your issue with the password may be Chrome browser if you are using it. I just tested and that browser will not allow loading the "Add Printer" screen. Try Firefox or IE.
If you are using a USB-to-LTP adapter like me you should see the device:
[2.0.2-RELEASE][root@router.localdomain]/root(62): ls /dev/|grep lpt
ulpt0
unlpt0[2.0.2-RELEASE][root@router.localdomain]/root(63): lpinfo -v
Password for root on localhost?
network http
network ipp
network lpd
network socket
direct usb:/dev/ulpt0
direct usb:/dev/unlpt0well, maybe you can help me with another issues?
- It seems strange that when i plug printer to usb port i have only one message:
kernel: ugen0.2: <samsung> at usbus0</samsung>I guess that normally there should be something like this
ugen2.2: <samsung> at usbus2 ulpt0: <samsung 0="" 2="" samsung="" ml-2010,="" class="" 0,="" rev="" 1.10="" 1.00,="" addr=""> on usbus2</samsung></samsung>- my devfs.rules seems to be correct:
[2.0.1-RELEASE][admin@pfsense.ncat.routerpc]/dev(41): ls -l total 3 <...> lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen0.1 -> usb/0.1.0 lrw-rw---- 1 root cups 9 Sep 16 01:59 ugen0.2 -> usb/0.2.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen1.1 -> usb/1.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen2.1 -> usb/2.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen3.1 -> usb/3.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen4.1 -> usb/4.1.0 lrwxr-xr-x 1 root wheel 9 Aug 2 22:51 ugen4.2 -> usb/4.2.0 lrwxr-xr-x 1 root wheel 6 Aug 2 22:51 urandom -> random <...>3)additionally i installed SpliX with pkg_add and now it is also seems to work ok:
/usr/local(17): lpinfo --make-and-model 'Samsung ML-2010' -m samsung/ml2010.ppd Samsung ML-2010, SpliX V. 2.0.0/usr/local/share/cups/model(36): ls -l total 21 drwxr-xr-x 2 root wheel 512 Sep 15 20:02 dell -rw-r--r-- 1 root wheel 9645 Jun 30 2010 pxlcolor.ppd -rw-r--r-- 1 root wheel 9453 Jun 30 2010 pxlmono.ppd drwxr-xr-x 2 root wheel 1024 Sep 15 20:02 samsung drwxr-xr-x 2 root wheel 512 Sep 15 20:02 xerox4)Is lpinfo -v output correct?
/usr/local(18): lpinfo -v Password for root on localhost? network http network ipp network lpd network socketI can't add printer using lpadmin. Maybe smth wrong with the command:
/usr/local(21): lpadmin -E -p net_printer -v file:/dev/usb/0.2.0 -m "samsung/ml2010.ppd Samsung ML-2010, SpliX V. 2.0.0" -L "ML-2015 home router" -E lpadmin: Unable to connect to server: Bad file descriptorAnd i can't add printer using Web interface: http://clip2net.com/s/5L6TRv (sorry for Russian language)
-
Thank you for help. IE also wants login and password.
Opera - same thing.
Could you share your cupsd.conf (/usr/local/etc/cups.cupsd.conf)?As for interface - I use usb, not usb-to-lpt converter (ls /dev/|grep lpt shows nothing)
Maybe I should specify login and pass for cups group? Or what group? Ooohh… :( -
User is root or admin. Both work. Password should be the same for admin and root unless you changed them.
cupsd.conf:
DefaultEncryption Never LogLevel warn SystemGroup wheel # Allow remote access Port 631 Listen /var/run/cups.sock # Enable printer sharing and shared printers. Browsing On BrowseOrder allow,deny BrowseAllow all BrowseRemoteProtocols CUPS BrowseAddress @LOCAL BrowseLocalProtocols CUPS DefaultAuthType Basic <location># Allow shared printing and remote administration... Order allow,deny Allow @LOCAL</location> <location admin=""># Allow remote administration... Order allow,deny Allow @LOCAL</location> <location admin="" conf="">AuthType Default Require user @SYSTEM # Allow remote access to the configuration files... Order allow,deny Allow @LOCAL</location> <policy default=""><limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM Order deny,allow</limit> <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default Require user @SYSTEM Order deny,allow</limit> <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default Require user @SYSTEM Order deny,allow</limit> <limit cups-authenticate-job="">Require user @OWNER @SYSTEM Order deny,allow</limit> <limit all="">Order deny,allow</limit></policy> <policy authenticated=""><limit create-job="" print-job="" print-uri="">AuthType Default Order deny,allow</limit> <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">AuthType Default Require user @OWNER @SYSTEM Order deny,allow</limit> <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default Require user @SYSTEM Order deny,allow</limit> <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default Require user @SYSTEM Order deny,allow</limit> <limit cancel-job="" cups-authenticate-job="">AuthType Default Require user @OWNER @SYSTEM Order deny,allow</limit> <limit all="">Order deny,allow</limit></policy> BrowseWebIF Yes -
Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CF -
Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CFNice find!
-
Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CFNice find!
This was a good find however slightly dated as Cups is now updated a fair bit. I did try and work out how to update it but struggled as i could add to a package that was already on the machine. Is there a pkg upgrade command in FreeBSD?
I have been on the web interface 631, search printers work but didn't show mine but other printers but "Add printer" just asks for my login passwords and then returns me to the main page. urgh… not what I was hoping for.
-
nice one!
working fine with my hp 1100 and a prolific interface on v2.1.3
a few remarks;1>
i used this as the "echo -e" line screwed up my rule somehowecho "[system=10]" >/etc/devfs.rules
echo "add path 'unlpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'ulpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'lpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'usb/0.2.*' mode 0660 group cups" >> /etc/devfs.rules2> i had to check to remove blanc lines as in :
"Job-Subscription Renew-Subscription Cancel-Subscription Get-NotificationsReprocess-Job Cancel-Current-Job S"
-
Hello everyone
I am new On mac , I have one issue
I have to write one virtual printer driver ,when i click on print job then I have to open one my application on print .
How can i do that??
Please refer me anything -
I want to add my config tricks into this topic
instead of using default rc.conf create and use rc.conf.local in /etc/
if you have some stupid printer like HP 10xx LaserJet series - for example -1020, you will need to upload the frimware to the printer every time it is connected / turned on.
So I am running another one startup script, that checks devd.conf on startup and adds some code to it from manually created devd.conf.local (that is not processed by default! you can use any name whatever you want for this file)#!/bin/sh if /usr/bin/sed -n '/sihp1020.dl/p' /etc/devd.conf | /usr/bin/grep -e sihp1020.dl | /usr/bin/grep -v grep > /dev/null ; then echo "not needed to modify" else cat /etc/devd.conf.local >> /etc/devd.conf | /etc/rc.d/devd restart | cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/ulpt0 fi exit 0devd.conf.local :
# firmware for HP Laserjet 1020 printer attach 100 { device-name "ulpt[0-9]+"; match "vendor" "0x03f0"; match "product" "0x2b17"; action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/$device-name"; };This check applied needed configuration to devd.conf every pfsense upgrade, even 2.2.
Now if you want to make your CUPS working on 2.2 you will need to install new CUPS package, 1.7.3. But before, if you have an USB printer, you will need to start ulpt.ko module that is not included in pfsense anymore. I have requested ulpt to be included, waiting for answer.
Download the same version of freebsd (boot CD only) that pfsense 2.2 using and extract ulpt.ko from it. Put it into the /boot/kernel/ and place the
following line in loader.conf:ulpt_load="YES"
restart your pfsense to check if printer is detected.
Next you will need to install CUPS
type in shell:pkg install
and tell 'y'es once when it asks you
then type:
pkg install CUPS
after that it should install CUPS 1.7.3 on your firewall
if you have had CUPS installed before then configuration remains and should work.
Unfortunately my 1020 is not printing with this version of CUPS, but I did not researched it deeply now. The CUPS itself is running and allows to configure printers. -
Got it running on 2.2
Remember the devfs.rules are not usable in PFsense 2.2, because /etc/rc.d/devfs is missing, you need to copy it manually from original freebsd distribution or better use some script looking like "chmod -R 0777 ulpt0"
Since freebsd 10.x devd chaged it's default behaviour you'd better use /usr/local/etc/devd some printer.conf
with "new" format that looks different from previous versions.# hp # hp1020 notify 100 { match "system" "USB"; match "subsystem" "DEVICE"; match "type" "ATTACH"; match "vendor" "0x03f0"; match "product" "0x2b17"; action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/1.2.1 && chmod -R 0666 ulpt0"; };Also remember that cups.conf uses new format and you also need to modify cups-files.conf to enable URI for file devices
(FileDevice Yes).cupsd.conf sample, don't forget to remove "Allow all" after successful configuration
# # "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn # Only listen for connections from the local machine. Listen localhost:631 Listen 192.168.2.1:631 Port 631 Listen /var/run/cups.sock # Show shared printers on the local network. Browsing On BrowseLocalProtocols dnssd # Default authentication type, when authentication is required... DefaultAuthType Basic # Web interface setting... WebInterface Yes # Restrict access to the server... <location>Order allow,deny Allow all</location> # Restrict access to the admin pages... <location admin="">Order allow,deny Allow all</location> # Restrict access to configuration files... <location admin="" conf="">AuthType Default Require user @SYSTEM Order allow,deny Allow all</location> # Set the default printer/job policies... <policy default=""># Job/subscription privacy... JobPrivateAccess all JobPrivateValues none SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... <limit create-job="" print-job="" print-uri="" validate-job="">Order deny,allow Allow all</limit> <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM Order deny,allow Allow all</limit> # All administration operations require an administrator to authenticate... <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default Require user @SYSTEM Order deny,allow</limit> # All printer operations require a printer operator to authenticate... <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default Require user @SYSTEM Order deny,allow</limit> # Only the owner or an administrator can cancel or authenticate a job... <limit cancel-job="" cups-authenticate-job="">Require user @OWNER @SYSTEM Order deny,allow</limit> <limit all="">Order deny,allow</limit></policy> # Set the authenticated printer/job policies... <policy authenticated=""># Job/subscription privacy... JobPrivateAccess all JobPrivateValues none SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... <limit create-job="" print-job="" print-uri="" validate-job="">AuthType Default Order deny,allow</limit> <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">AuthType Default Require user @OWNER @SYSTEM Order deny,allow Allow all</limit> # All administration operations require an administrator to authenticate... <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default Require user @SYSTEM Order deny,allow Allow all</limit> # All printer operations require a printer operator to authenticate... <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default Require user @SYSTEM Order deny,allow</limit> # Only the owner or an administrator can cancel or authenticate a job... <limit cancel-job="" cups-authenticate-job="">AuthType Default Require user @OWNER @SYSTEM Order deny,allow</limit> <limit all="">Order deny,allow</limit></policy> # # End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". # -
[2.2.6-RELEASE][admin@localhost]/etc/rc.d: /usr/local/etc/rc.d/run_cups.sh
/usr/local/etc/rc.d/run_cups.sh: /etc/rc.d/devfs: not found
Starting cupsd.Message from syslogd@localhost at Feb 23 16:14:39 …
localhost cupsd: Unable to read "/usr/local/etc/cups/cupsd.conf" due to errors.
/usr/local/etc/rc.d/cupsd: WARNING: failed to start cupsdthere's no devfs in /etc/rc.d
any advise?
-
yashiharu IDK what you do wrong. It works for me.
Maybe this is missing
rc.conf.local -> into etccupsd_enable="YES" devfs_enable="YES" devfs_system_ruleset="system"For pfsense 2.3 -> /usr/local/etc/pkg/repos rename it to something else
pkg update
pkg install CUPS
pkg install foo2zjs if neededFor USB printers like HP1020 you don't need ulpt anymore.
Configure CUPS using CUPS config files.
Example of additional printer configuration HP1020, not in CUPS, you may not needed if you have other. There is also other ways to upload printer firmware if needed.
/usr/local/etc/devd
hp1020.conf# hp # hp1020 notify 100 { match "system" "USB"; match "subsystem" "DEVICE"; match "type" "ATTACH"; match "vendor" "0x03f0"; match "product" "0x2b17"; action "/usr/local/etc/devd/hp1020.sh"; };and
hp1020.sh
#!/bin/sh # Starting CUPS and other things chmod -R 0777 /dev/usb/4.2.1 sleep 5 cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/4.2.1 sleep 5 /usr/local/etc/rc.d/cupsd restart exit 0rc.conf.local -> into etc
cupsd_enable="YES" devfs_enable="YES" devfs_system_ruleset="system"Place into /usr/local/etc/rc.d/
run.sh#!/bin/sh # Starting CUPS and other things /usr/local/etc/rc.d/cupsd restart exit 0Not sure if it's needed now:
Place loader.conf.local into boot if not already theredevfs_enable="YES"Restart firewall and check if CUPS is running. If it is running you can try configure your printer via CUPS web interface.
For it now works selecting local connection at usb://HP/LaserJet%201020?serial=FN1F99H/usr/local/etc/pkg/repos rename it to something else or delete, rename you renamed repos back to repos ;)
Check if pfsense update shows that you are on the last version or shows new if exists.
Every pfsense update you will need to reinstall CUPS package, I think without re-configuration. -
I've got a sg-4860 … the process doesn't work for me at all.
-
the setenv command doesn't work if I run it from the command shell - error message is "sh: setenv: not found"
-
I add setenv to /root/.tcshrc then save the file, reboot and the setenv line has disappeared
I have to admit to being inexperienced with bsd, I have run linux for quite a few years now …. can anyone point me in the right direction please? BTW, I have o/s 2.4.2_1
thank you
-
