Howto: Cups Printing in pfSense 2.0

kevev

Adding CUPS to PFSense 2.0

If you are using a local LPT(parallel port) printer, make sure the port is enabled in the BIOS.

Steps:

Install CUPS:

Add correct repo:
setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

Add this line to /root/.tcshrc if you don't want to run it every time you login to the shell to install packages.

Install CUPS + dependencies:
pkg_add -r cups

Replace CUPS config:
Replace the config file (/usr/local/etc/cups/cupsd.conf) with the text between the hash(#) symbols below.

#########################################
DefaultEncryption Never
LogLevel warn
SystemGroup wheel

Allow remote access

Port 631
Listen /var/run/cups.sock

Enable printer sharing and shared printers.

Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @LOCAL
BrowseLocalProtocols CUPS
DefaultAuthType Basic
<location># Allow shared printing and remote administration…
Order allow,deny
Allow @LOCAL</location>
<location admin=""># Allow remote administration...
Order allow,deny
Allow @LOCAL</location>
<location admin="" conf="">AuthType Default
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL</location>
<policy default=""><limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" <br="">Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow</limit>
<limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="" cups-get-devices="">AuthType Default
Require user @SYSTEM
Order deny,allow</limit>
<limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" <br="">Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow</limit>
<limit cups-authenticate-job="">Require user @OWNER @SYSTEM
Order deny,allow</limit>
<limit all="">Order deny,allow</limit></policy>
<policy authenticated=""><limit create-job="" print-job="" print-uri="">AuthType Default
Order deny,allow</limit>
<limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" <br="">Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow</limit>
<limit cups-add-modify-printer="" cups-delete-printer="" cups-add-modify-class="" cups-delete-class="" cups-set-default="">AuthType Default
Require user @SYSTEM
Order deny,allow</limit>
<limit pause-printer="" resume-printer="" enable-printer="" disable-printer="" pause-printer-after-current-job="" hold-new-jobs="" release-held-new-jobs="" deactivate-printer="" activate-printer="" <br="">Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow</limit>
<limit cancel-job="" cups-authenticate-job="">AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow</limit>
<limit all="">Order deny,allow</limit></policy>
BrowseWebIF Yes
#########################################

This will allow anyone on the local network to access the Web GUI, cancel print jobs, and connect to the printer/s.

Create the startup script (/usr/local/etc/rc.d/run_cups.sh) for CUPS using the code between the hash(#) symbols below:

#########################################

#!/bin/sh

Allow time for devfs to initialize.

sleep 5

This will allow LPT(parallel port) printers.

echo -e "[system=10] \nadd path 'unlpt*' mode 0660 group cups\nadd path 'ulpt*' mode 0660 group cups\nadd path 'lpt*' mode 0660 group cups" > /etc/devfs.rules

Restart devfs so it can read new config.

/etc/rc.d/devfs restart

Allow time for devfs to initialize.

sleep 5

Now let's start CUPS!

/usr/local/etc/rc.d/cupsd onestart

#########################################

The 2 sleep commands make sure that devfs has initialized properly.
If you have problems where LPT port is not available or permission denied, extend the timeouts and reboot.

Make the script executable:
chmod 755 /usr/local/etc/rc.d/run_cups.sh

Change this line in /etc/defaults/rc.conf :

devfs_system_ruleset=""

to:

devfs_system_ruleset="system"

Disable CUPS during reboot by adding "/usr/local/etc/rc.d/cupsd stop" to /etc/rc.reboot right before the line that says "# If PLATFORM is pfSense then remove":

example:
sleep 1

/usr/local/etc/rc.d/cupsd stop

If PLATFORM is pfSense then remove

Disable CUPS during shutdown by adding "/usr/local/etc/rc.d/cupsd stop" to /etc/rc.shutdown right before the line that says "# If PLATFORM is pfSense then remove":

example:
export PATH

/usr/local/etc/rc.d/cupsd stop

If PLATFORM is pfSense then remove

Start CUPS(or just reboot):

/usr/local/etc/rc.d/run_cups.sh

Add the printer in Windows:
Add a network printer and enter the address manually http://192.168.x.1:631/printers/PRINTER_QUE_NAME

use the "Queue Name" on the Web GUI from the "Printers" tab. The rest of the setup should be easy.

Note: I know this is a messy way to do things, but since I am more familiar with Linux than BSD, and I am short on time this is how I did it. Enjoy :)

kevev

2.0 –> 2.0.1
Instructions:

Change this line in /etc/defaults/rc.conf :

devfs_system_ruleset=""

to:

devfs_system_ruleset="system"

Disable CUPS during reboot by adding "/usr/local/etc/rc.d/cupsd stop" to /etc/rc.reboot right before the line that says "# If PLATFORM is pfSense then remove":

example:
sleep 1

/usr/local/etc/rc.d/cupsd stop

If PLATFORM is pfSense then remove

Disable CUPS during shutdown by adding "/usr/local/etc/rc.d/cupsd stop" to /etc/rc.shutdown right before the line that says "# If PLATFORM is pfSense then remove":

example:
export PATH

/usr/local/etc/rc.d/cupsd stop

If PLATFORM is pfSense then remove

Start CUPS(or just reboot):

/usr/local/etc/rc.d/run_cups.sh

catfish99

I couldn't get the repository you mention in your post to work. Seems the URL has changed to the following:

setenv PACKAGESITE http://ftp-archive.freebsd.org/mirror/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/8.1-RELEASE/packages/Latest/

@kevev:

repo:
setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

kevev

@catfish99:

I couldn't get the repository you mention in your post to work. Seems the URL has changed to the following:

setenv PACKAGESITE http://ftp-archive.freebsd.org/mirror/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/8.1-RELEASE/packages/Latest/

@kevev:

repo:
setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

Thank You for the new link. I can't update my post, but maybe a Moderator can do it.

Micro

Hi Kevev,
Thanks for your tutorial.
I've installed cups on my pfsense box and I still have one question.
I assume it is not possible to access cups web interface as pfsense web interface is already listening port 80.
I tried by typing http://[pfsense_box_LAN_IP]:631, http://[pfsense_box_LAN_IP]:631/admin, http://[pfsense_box_LAN_IP]:8000, but I'm not able to access the web gui of cups.
I opened the port 631 on LAN interface but still not good.
So how do you configure the printers ?
I tried to use /usr/sbin/lpadmin command line tool but it seems it is not present in my pfsense box.

For information, I have a HP Deskjet 940C connected to the LAN subnet through a HP jetdirect print server and I would like to make this printer accessible from my iPad.

Thanks for your support.

Micro.

kevev

@Micro:

Hi Kevev,
Thanks for your tutorial.
I've installed cups on my pfsense box and I still have one question.
I assume it is not possible to access cups web interface as pfsense web interface is already listening port 80.
I tried by typing http://[pfsense_box_LAN_IP]:631, http://[pfsense_box_LAN_IP]:631/admin, http://[pfsense_box_LAN_IP]:8000, but I'm not able to access the web gui of cups.
I opened the port 631 on LAN interface but still not good.
So how do you configure the printers ?
I tried to use /usr/sbin/lpadmin command line tool but it seems it is not present in my pfsense box.

For information, I have a HP Deskjet 940C connected to the LAN subnet through a HP jetdirect print server and I would like to make this printer accessible from my iPad.

Thanks for your support.

Micro.

Hey Micro, it should just work. Run through all the steps again including my update instructions in step 2. The url should be http://lan-ip:631 or https://lan-ip:631 whichever you use.

You could also try connecting via ssh to the lan ip. I use putty in Windows. See if you can telnet to port 631. If that works then it is a firewall issue on the pfsense box.

login as: root
Using keyboard-interactive authentication.
Password:
*** Welcome to pfSense 2.0.1-RELEASE-pfSense (i386) on pfsense-router ***

WAN (wan) -> rl0 -> "WAN IP Redacted" (DHCP)
LAN (lan) -> xl0 -> 192.168.1.1

Logout (SSH only) 8) Shell
Assign Interfaces 9) pfTop
Set interface(s) IP address 10) Filter Logs
Reset webConfigurator password 11) Restart webConfigurator
Reset to factory defaults 12) pfSense Developer Shell
Reboot system 13) Upgrade from console
Halt system 14) Disable Secure Shell (sshd)
Ping host

Enter an option: 8

telnet localhost 631

Trying 127.0.0.1…
Connected to localhost.
Escape character is '^]'.

SeanyC

This Tutorial is fantastic and helped me set up CUPS on my system.
However, When I copy and pasted the recommended .conf file, I received syntax errors for line 33 and similar lines.

For some reason what should be 1 line…

… is split into 2 with a blank line in between.


 <limit send-document="" send-uri="" hold-job="" release-job="" restart-job="" purge-jobs="" set-job-attributes="" create-job-subscription="" renew-subscription="" cancel-subscription="" get-notifications="" <br="">Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document></limit>

Once I resolved this, I had no more issues.

miles267

Followed these instructions to the letter with pfsense 2.0.1 release. However I cannot access CUPS over HTTPS only HTTP. When I check the CUPS admin error log, it includes this:

E [01/Oct/2012:10:54:06 -0500] Unable to create SSL server key file "/usr/local/etc/cups/ssl/server.key" - No such file or directory

If I manually create the /usr/local/etc/cups/ssl/ folder the error persists even still.

Any assistance would be appreciated. Thank you.

giggetto

Hi,
I installed cups on pfsense 2.0.1 as described above, but I have always these errors:

22/Dec/2012:10:03:59 +0100] Unable to create directory "/var/spool/cups" - No such file or directory
E [22/Dec/2012:10:03:59 +0100] Unable to create directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:03:59 +0100] Unable to open spool directory "/var/spool/cups": No such file or directory
E [22/Dec/2012:10:03:59 +0100] Unable to open temporary directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:03:59 +0100] Unable to create certificate file /var/run/cups/certs/0 - No such file or directory
X [22/Dec/2012:10:12:02 +0100] kevent() returned Bad file descriptor
E [22/Dec/2012:10:12:02 +0100] Unable to create job cache file "/var/cache/cups/job.cache" - No such file or directory
E [22/Dec/2012:10:12:55 +0100] Unable to create directory "/var/spool/cups" - No such file or directory
E [22/Dec/2012:10:12:55 +0100] Unable to create directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:12:55 +0100] Unable to open spool directory "/var/spool/cups": No such file or directory
E [22/Dec/2012:10:12:55 +0100] Unable to open temporary directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:12:55 +0100] Unable to create certificate file /var/run/cups/certs/0 - No such file or directory
X [22/Dec/2012:10:20:25 +0100] kevent() returned Bad file descriptor
E [22/Dec/2012:10:20:25 +0100] Unable to create job cache file "/var/cache/cups/job.cache" - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to create directory "/var/spool/cups" - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to create directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to open spool directory "/var/spool/cups": No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to open temporary directory "/var/spool/cups/tmp" - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to create certificate file /var/run/cups/certs/0 - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to create certificate file /var/run/cups/certs/0 - No such file or directory
E [22/Dec/2012:10:34:59 +0100] Unable to create certificate file /var/run/cups/certs/0 - No such file or directory

If I manually create the directories then cups works well, but when I reboot pfsense I have the same errors.
Any help would be appreciated.
Thank you.

garg_art2002

@catfish99:

I couldn't get the repository you mention in your post to work. Seems the URL has changed to the following:

setenv PACKAGESITE http://ftp-archive.freebsd.org/mirror/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/8.1-RELEASE/packages/Latest/

@kevev:

repo:
setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/

I have a nanobsd implementation and can not get this or any other "setenv PACKAGESITE" to work for me. Is there another trick in the Nanobsd world? Picture of my install is also attached…
Many thanks.
Anil Garg

ncat

Is it possible to use USB printer? My CUPS finds nothing =( printer at

kernel: ugen0.2: <samsung> at usbus0</samsung>

kevev

@ncat:

Is it possible to use USB printer? My CUPS finds nothing =( printer at
kernel: ugen0.2: <samsung> at usbus0</samsung>

Did you read the instructions given by the cups package after install? It may help.
Read the part about "USB printer" at the bottom. I have not tried this so I do not know if it will work.
Good luck.

To enable printing with local printer you need to give group 'cups'
r/w access to printer device:

1) Add following to /etc/devfs.rules (create if it doesn't exist):

[system=10]
add path 'unlpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'lpt*' mode 0660 group cups

2) And following to /etc/rc.conf:

devfs_system_ruleset="system"

3) Restart devfs: /etc/rc.d/devfs restart

If your system supports 'devd' you can copy
$PREFIX/share/examples/cups/lpt-cupsd.conf to $PREFIX/etc/devd/

To enable printing under Gimp and MS-Windows clients do the following:

1) Uncomment application/octet-stream line in mime.types
2) Uncomment application/octet-stream line in mime.convs
3) Restart cupsd

If you are using libusb, it is important that no device driver, e.g.
ulpt(4) is attached to the device you wish to use. In this case please
ensure the cups user and group has read/write access to /dev/ugen*

If you are using a USB printer wtih FreeBSD 8.0 or later, you will
need to find the proper /dev/usb/* device pointed at by the /dev/ugen*
entry. Follow the instructions for devfs.rules as above, but append a
rule similar to the following for a printer attached as /dev/ugen0.2:

add path 'usb/0.2.*' mode 0660 group cups

kevev

If anyone is trying to do an embedded "CF" install on a read only filesystem, here are some steps:

1.) Remount the root filesystem read/write before installing/modifying anything.

mount -urw /

2.) Set the pkg_add temp directory to somewhere that has space.

setenv PKG_TMPDIR /tmp1
setenv TMPDIR /tmp1

Note: If you notice any of the pkg_add commands failing with error "Broken pipe" while installing
dependencies, you will need to install the dependencies manually. I would start with the last
package listed right before the error and install each manually, one at a time.

Update

This will not work with the Prolific Technology Inc. usb-to-parallel adapters as nanobsd does not seem to have the module/s for this chip.
I am not sure about other usb-to-parallel devices.

phreshjive

Running 2.1Beta, followed the instructions. When I try running /usr/local/etc/rc.d/run_cups.sh, it returns Command not found. Also rebooted. Still cannot connect to 631.

Checked the error log (/var/log/cups/error_log) which states: E [10/Apr/2013:22:37:15 -0400] Syntax error on line 33.

Anyone have a clue?

Edit: Solved my own problem… spaces are inserted which need to be deleted in various lines (e.g. 33, 42...). Sorry for bumping the thread)

Edit2: How would one go about upgrading to the latest version of CUPS?

ncat

when trying to add new printer - cups requires authentication. What credentials should I use? root + %system pass% Or %pfsense login% + %system pass% do not work…

kejianshi

http://en.wikipedia.org/wiki/Attack_surface

ncat

@kejianshi:

http://en.wikipedia.org/wiki/Attack_surface

Ok, But still no answer to my question :)
I should have missed something during installation or not?
It seems that the easiest way to buy a print server but he needs a place, one more outlet for additional power adapter and so on.

kejianshi

You have samba on this also? I'm just looking at my CUPs settup and comparing.

(for making system changes, I'd think you would need to use the pfsense root username and password)

ncat

no i have no samba…
and all login-password pairs which come to mind dont fits..

kejianshi

I'm not sure - When I setup CUPs on this system, I don't remember needing to do anything with passwords, but that linux and not BSD. I did need to configure CUPs to allow guest printing via IPP without usernames or pass.