Linux can ALMOST print to shared XP printer

Hi all,
I’m so close but seemingly stuck.
Linux box can see and access all shares on Windows box.
Windows box can see and access all shares on Linux box.
Have defined an lpd printer in cups pointing to the Windows printer.
The printer is marked “shared” in Windows.
When printing from Linux box, the test page DOES print at the Windows printer ONLY IF I drop the firewall on the Windows side. Firewall on the Linux side can be up or down. Printing Linux=>Windows works only if the Windows Firewall is down.

I’ve reviewed swerna’s tutorials which definitely helped me get to the point I’m at. And also checked out lots of other stuff online, but somehow I’m not finding the final answer regarding this Windows firewall issue.

In the Windows Firewall settings I have File and Printer Sharing enabled, which shows ports TCP 139, 445 open Scope Subnet and UDP 137, 138 open Scope Subnet, but that hasn’t helped me being able to print with the firewall in place.
So I manually Added Ports… I named them CUPS printing, one for 631 TCP and one for 631 UDP with the Scope of Any Computer (including those on the Internet) in the process of trying to get it working, but still only can print when the Firewall is down.

I have added some data below in case it helps.
NOTE that in the cups config I manually changed one thing. In the section below:

Restrict access to the server…

I added the line
Allow 192.168.5.*
thinking this would perhaps fix the problem but it didn’t.

Thanks in advance!

****** Windows ipconfig ********

Windows IP Configuration

    Host Name . . . . . . . . . . . . : Olive_Oil
    Primary Dns Suffix  . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : VIA PCI 10/100Mb Fast Ethernet Adapt

er
Physical Address. . . . . . . . . : 00-50-2C-A6-2B-9D
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.5.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.100
DNS Servers . . . . . . . . . . . : 68.87.72.134
68.87.77.134

******* cups config file ********

Administrator user group…

SystemGroup sys root

Only listen for connections from the local machine.

Listen *:631
Listen localhost:631
Listen /var/run/cups/cups.sock

Show shared printers on the local network.

Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseAddress @LOCAL

Default authentication type, when authentication is required…

DefaultAuthType Basic

Restrict access to the server…

<Location />
Allow @LOCAL
Order allow,deny
Allow 127.0.0.2
Allow 192.168.5.*
</Location>

Restrict access to the admin pages…

<Location /admin>
Encryption Required
Order allow,deny
</Location>

Restrict access to configuration files…

<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

Set the default printer/job policies…

<Policy default>

Job-related operations must be done by the owner or an administrator…

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

All administration operations require an administrator to authenticate…

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

All printer operations require a printer operator to authenticate…

<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

Only the owner or an administrator can cancel or authenticate a job…

<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

DefaultPolicy default

easy is a very relaxed policy

<Policy easy>

Job-related operations must be done by the owner or an administrator…

<Limit All>
Satisfy any
Order allow,deny
</Limit>
</Policy>

paranoid is a very restricted policy

<Policy paranoid>

Job-related operations must be done by the owner

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER
Allow from 127.0.0.0/8
Order deny,allow
</Limit>

All administration operations require an administrator to authenticate…

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>

All printer operations require a printer operator to authenticate…

<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>

Only the owner or an administrator can cancel or authenticate a job…

<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER
Allow from 127.0.0.0/8
Order deny,allow
</Limit>

<Limit All>
Require user @OWNER @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
</Policy>

End of “$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $”.

2009-07-24,19:33:47 modify_cupsd_conf Allow @LOCAL

2009-07-24,19:33:48 modify_cupsd_conf BrowseAddress @LOCAL

2009-07-24,19:33:48 modify_cupsd_conf Browsing On

2009-07-24,19:33:49 modify_cupsd_conf Listen all

On Fri August 21 2009 08:06 pm, SomeSuSEUser wrote:

>
> Hi all,
> I’m so close but seemingly stuck.
> Linux box can see and access all shares on Windows box.
> Windows box can see and access all shares on Linux box.
> Have defined an lpd printer in cups pointing to the Windows printer.
> The printer is marked “shared” in Windows.
> When printing from Linux box, the test page DOES print at the Windows
> printer ONLY IF I drop the firewall on the Windows side. Firewall on
> the Linux side can be up or down. Printing Linux=>Windows works only if
> the Windows Firewall is down.
>
> I’ve reviewed swerna’s tutorials which definitely helped me get to the
> point I’m at. And also checked out lots of other stuff online, but
> somehow I’m not finding the final answer regarding this Windows firewall
> issue.
>
> In the Windows Firewall settings I have File and Printer Sharing
> enabled, which shows ports TCP 139, 445 open Scope Subnet and UDP 137,
> 138 open Scope Subnet, but that hasn’t helped me being able to print
> with the firewall in place.
> So I manually Added Ports… I named them CUPS printing, one for 631
> TCP and one for 631 UDP with the Scope of Any Computer (including those
> on the Internet) in the process of trying to get it working, but still
> only can print when the Firewall is down.
>
<snip>
SomeSuSEUser;

Try opening TCP:515, no guarantee on this. See:
http://technet.microsoft.com/en-us/library/cc728404(WS.10).aspx
and you will know as much as I on Windows LPD/LPR.

All of our printers hang out on Windows machines, but we print through Samba.
In CUPS ( http://localhost:631/ ) just set the URI as:


smb://<servername>/<printersharename>

servername = netbios name of the windows print server (in your case Olive_Oil)

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

P.V. you 'da man!
I read the page, but I swear this stuff is mostly well over my head. I’m just lucky to understand it enough to bang my way through most of the time.
But I created a new entry in the Windows Firewall Exceptions tab for Port 515. Scope set to “My network (subnet) only” which I presume to be the safer option.
And bingo the pending job printed immediately!

I further went on to delete the line I created in the cups configuration file and restarted that server, then deleted the two ports 631 I created in the Exceptions tab and tested again. All working great!
No need to keep open ports or entries that don’t help.

BTW I opted for the LPD printer setup in swerdna’s tutorial as he mentioned that Samba isn’t needed or used with that option. So I thought maybe that would take a set of complications out of the loop.

I hope this thread is useful to someone else down the road.

Thanks again…

On Sat August 22 2009 12:16 am, SomeSuSEUser wrote:

>
> P.V. you 'da man!
> I read the page, but I swear this stuff is mostly well over my head.
> I’m just lucky to understand it enough to bang my way through most of
> the time.
> But I created a new entry in the Windows Firewall Exceptions tab for
> Port 515. Scope set to “My network (subnet) only” which I presume to be
> the safer option.
> And bingo the pending job printed immediately!
>
> I further went on to delete the line I created in the cups
> configuration file and restarted that server, then deleted the two ports
> 631 I created in the Exceptions tab and tested again. All working
> great!
> No need to keep open ports or entries that don’t help.
>
> BTW I opted for the LPD printer setup in swerdna’s tutorial as he
> mentioned that Samba isn’t needed or used with that option. So I
> thought maybe that would take a set of complications out of the loop.
>
> I hope this thread is useful to someone else down the road.
>
> Thanks again…
>
>
SomeSuSEUser;

Congratulations, you are now on your way to being a network wizard. You just
need a Windows 200x server named “Bluto” to compete with Popeye for the hand
of Olive Oil.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

hmmm… I’ve got this old DEC Alpha server box laying out in the garage… been hauling it around for like 10 years thinking one day I’d play with that just for fun… seems like to me like THAT might qualify as a Bluto… maybe I’ll try out Ubuntu… :nerd: