Howto: Cups Printing in pfSense 2.0

kevev

User is root or admin. Both work. Password should be the same for admin and root unless you changed them.

cupsd.conf:

DefaultEncryption Never
LogLevel warn
SystemGroup wheel
# Allow remote access
Port 631
Listen /var/run/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @LOCAL
BrowseLocalProtocols CUPS
DefaultAuthType Basic
 <location># Allow shared printing and remote administration...
  Order allow,deny
  Allow @LOCAL</location> 
 <location admin=""># Allow remote administration...
  Order allow,deny
  Allow @LOCAL</location> 
 <location admin="" conf="">AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow @LOCAL</location> 
 <policy default=""><limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM
    Order deny,allow</limit> 
  <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 
  <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 
  <limit cups-authenticate-job="">Require user @OWNER @SYSTEM
    Order deny,allow</limit> 
  <limit all="">Order deny,allow</limit></policy> 
 <policy authenticated=""><limit create-job="" print-job="" print-uri="">AuthType Default
  Order deny,allow</limit> 
  <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cups-move-job="" cups-get-document="">AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow</limit> 
  <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default
  Require user @SYSTEM
  Order deny,allow</limit> 
  <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 
  <limit cancel-job="" cups-authenticate-job="">AuthType Default
      Require user @OWNER @SYSTEM
      Order deny,allow</limit> 
  <limit all="">Order deny,allow</limit></policy> 
BrowseWebIF Yes

hanbaoxu

Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CF

kevev

@hanbaoxu:

Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CF

Nice find!

daverowland

@kevev:

@hanbaoxu:

Found this article for pfSense 2.1: http://www.buildyourown.info/router/cups-printing-pfsense.html
Works perfect on pfSense 2.1 x86 CF

Nice find!

This was a good find however slightly dated as Cups is now updated a fair bit. I did try and work out how to update it but struggled as i could add to a package that was already on the machine. Is there a pkg upgrade command in FreeBSD?

I have been on the web interface 631, search printers work but didn't show mine but other printers but "Add printer" just asks for my login passwords and then returns me to the main page. urgh… not what I was hoping for.

tumbler

nice one!
working fine with my hp 1100 and a prolific interface on v2.1.3
a few remarks;

1>
i used this as the "echo -e" line screwed up my rule somehow

echo "[system=10]" >/etc/devfs.rules
echo "add path 'unlpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'ulpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'lpt*' mode 0660 group cups" >> /etc/devfs.rules
echo "add path 'usb/0.2.*' mode 0660 group cups" >> /etc/devfs.rules

2> i had to check to remove blanc lines as in :
"Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications

Reprocess-Job Cancel-Current-Job S"

Amit

Hello everyone
I am new On mac , I have one issue
I have to write one virtual printer driver ,when i click on print job then I have to open one my application on print .
How can i do that??
Please refer me anything

w0w

I want to add my config tricks into this topic
instead of using default rc.conf create and use rc.conf.local in /etc/
if you have some stupid printer like HP 10xx LaserJet series - for example -1020, you will need to upload the frimware to the printer every time it is connected / turned on.
So I am running another one startup script, that checks devd.conf on startup and adds some code to it from manually created devd.conf.local (that is not processed by default! you can use any name whatever you want for this file)


#!/bin/sh

if  /usr/bin/sed -n '/sihp1020.dl/p' /etc/devd.conf | /usr/bin/grep -e sihp1020.dl | /usr/bin/grep -v grep > /dev/null ; then
	echo "not needed to modify"
	else
	cat /etc/devd.conf.local >> /etc/devd.conf | /etc/rc.d/devd restart | cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/ulpt0
fi

exit 0

devd.conf.local :


# firmware for HP Laserjet 1020 printer
attach 100 {
	 device-name "ulpt[0-9]+";
        match "vendor" "0x03f0";
        match "product" "0x2b17";
        action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/$device-name";

};

This check applied needed configuration to devd.conf every pfsense upgrade, even 2.2.

Now if you want to make your CUPS working on 2.2 you will need to install new CUPS package, 1.7.3. But before, if you have an USB printer, you will need to start ulpt.ko module that is not included in pfsense anymore. I have requested ulpt to be included, waiting for answer.
Download the same version of freebsd (boot CD only) that pfsense 2.2 using and extract ulpt.ko from it. Put it into the /boot/kernel/ and place the
following line in loader.conf:

ulpt_load="YES"
restart your pfsense to check if printer is detected.
Next you will need to install CUPS
type in shell:

pkg install

and tell 'y'es once when it asks you
then type:
pkg install CUPS
after that it should install CUPS 1.7.3 on your firewall
if you have had CUPS installed before then configuration remains and should work.
Unfortunately my 1020 is not printing with this version of CUPS, but I did not researched it deeply now. The CUPS itself is running and allows to configure printers.

w0w

Got it running on 2.2
Remember the devfs.rules are not usable in PFsense 2.2, because /etc/rc.d/devfs is missing, you need to copy it manually from original freebsd distribution or better use some script looking like "chmod -R 0777 ulpt0"
Since freebsd 10.x devd chaged it's default behaviour you'd better use /usr/local/etc/devd some printer.conf
with "new" format that looks different from previous versions.


# hp
#   hp1020
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x03f0";
	match "product"		"0x2b17";
	action "cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/1.2.1 &&
        chmod -R 0666 ulpt0";
};

Also remember that cups.conf uses new format and you also need to modify cups-files.conf to enable URI for file devices
(FileDevice Yes).

cupsd.conf sample, don't forget to remove "Allow all" after successful configuration


#
# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $"
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Only listen for connections from the local machine.
Listen localhost:631
Listen 192.168.2.1:631
Port 631
Listen /var/run/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

# Restrict access to the server...
 <location>Order allow,deny
Allow all</location> 

# Restrict access to the admin pages...
 <location admin="">Order allow,deny
Allow all</location> 

# Restrict access to configuration files...
 <location admin="" conf="">AuthType Default
  Require user @SYSTEM
  Order allow,deny
Allow all</location> 

# Set the default printer/job policies...
 <policy default=""># Job/subscription privacy...
  JobPrivateAccess all
  JobPrivateValues none
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <limit create-job="" print-job="" print-uri="" validate-job="">Order deny,allow
Allow all</limit> 

  <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">Require user @OWNER @SYSTEM
    Order deny,allow
Allow all</limit> 

  # All administration operations require an administrator to authenticate...
  <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 

  # All printer operations require a printer operator to authenticate...
  <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 

  # Only the owner or an administrator can cancel or authenticate a job...
  <limit cancel-job="" cups-authenticate-job="">Require user @OWNER @SYSTEM
    Order deny,allow</limit> 

  <limit all="">Order deny,allow</limit></policy> 

# Set the authenticated printer/job policies...
 <policy authenticated=""># Job/subscription privacy...
  JobPrivateAccess all
  JobPrivateValues none
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <limit create-job="" print-job="" print-uri="" validate-job="">AuthType Default
    Order deny,allow</limit> 

  <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" reprocess-job="" cancel-current-job="" suspend-current-job="" resume-job="" cancel-my-jobs="" close-job="" cups-move-job="" cups-get-document="">AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
Allow all</limit> 

  # All administration operations require an administrator to authenticate...
  <limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default
    Require user @SYSTEM
    Order deny,allow
Allow all</limit> 

  # All printer operations require a printer operator to authenticate...
  <limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" restart-printer="" shutdown-printer="" startup-printer="" promote-job="" schedule-job-after="" cancel-jobs="" cups-accept-jobs="" cups-reject-jobs="">AuthType Default
    Require user @SYSTEM
    Order deny,allow</limit> 

  # Only the owner or an administrator can cancel or authenticate a job...
  <limit cancel-job="" cups-authenticate-job="">AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow</limit> 

  <limit all="">Order deny,allow</limit></policy> 

#
# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $".
#

yashiharu

[2.2.6-RELEASE][admin@localhost]/etc/rc.d: /usr/local/etc/rc.d/run_cups.sh
/usr/local/etc/rc.d/run_cups.sh: /etc/rc.d/devfs: not found
Starting cupsd.

Message from syslogd@localhost at Feb 23 16:14:39 …
localhost cupsd: Unable to read "/usr/local/etc/cups/cupsd.conf" due to errors.
/usr/local/etc/rc.d/cupsd: WARNING: failed to start cupsd

there's no devfs in /etc/rc.d

any advise?

w0w

yashiharu IDK what you do wrong. It works for me.
Maybe this is missing
rc.conf.local -> into etc

cupsd_enable="YES"
devfs_enable="YES"
devfs_system_ruleset="system"

For pfsense 2.3 -> /usr/local/etc/pkg/repos rename it to something else
pkg update
pkg install CUPS
pkg install foo2zjs if needed

For USB printers like HP1020 you don't need ulpt anymore.

Configure CUPS using CUPS config files.

Example of additional printer configuration HP1020, not in CUPS, you may not needed if you have other. There is also other ways to upload printer firmware if needed.

/usr/local/etc/devd
hp1020.conf


# hp
#   hp1020
notify 100 {
	match "system"		"USB";
	match "subsystem"	"DEVICE";
	match "type"		"ATTACH";
	match "vendor"		"0x03f0";
	match "product"		"0x2b17";
	action "/usr/local/etc/devd/hp1020.sh";
};

and

hp1020.sh

#!/bin/sh

# Starting CUPS and other things
chmod -R 0777 /dev/usb/4.2.1
sleep 5
cat /usr/local/share/foo2zjs/firmware/sihp1020.dl > /dev/usb/4.2.1
sleep 5
/usr/local/etc/rc.d/cupsd restart
exit 0

rc.conf.local -> into etc

cupsd_enable="YES"
devfs_enable="YES"
devfs_system_ruleset="system"

Place into /usr/local/etc/rc.d/
run.sh


#!/bin/sh

# Starting CUPS and other things

/usr/local/etc/rc.d/cupsd restart

exit 0

Not sure if it's needed now:
Place loader.conf.local into boot if not already there


devfs_enable="YES"

Restart firewall and check if CUPS is running. If it is running you can try configure your printer via CUPS web interface.
For it now works selecting local connection at usb://HP/LaserJet%201020?serial=FN1F99H

/usr/local/etc/pkg/repos rename it to something else or delete, rename you renamed repos back to repos ;)
Check if pfsense update shows that you are on the last version or shows new if exists.
Every pfsense update you will need to reinstall CUPS package, I think without re-configuration.

c4bcons

I've got a sg-4860 … the process doesn't work for me at all.

the setenv command doesn't work if I run it from the command shell - error message is "sh: setenv: not found"
I add setenv to /root/.tcshrc then save the file, reboot and the setenv line has disappeared

I have to admit to being inexperienced with bsd, I have run linux for quite a few years now …. can anyone point me in the right direction please? BTW, I have o/s 2.4.2_1

thank you