CTS 2301C (Unix/Linux Administration I) Project #8
Configuring Print Services


Due: by the start of class on the date shown on the syllabus


Setting up and maintaining a print service is a major task of a system administrator.  In some large organizations a full time printing administrator plans, configures, monitors, maintains, and troubleshoots the printing service, not to mention adding paper and toner when needed.  For background information on printing services see How Printing Works.  In this project you will set up your server to use the Windows networked printer located in the classroom as your server's default printer.

You will configure the CUPS print system on your server.  The default print system for some (older) Unix/Linux systems is LPR, LPRng, or SysV, and not CUPS (common Unix print system).  However, CUPS is the default on more modern Linux and Unix systems so that is the system you need to know.  A good source for documentation is www.cups.org.

In order to configure CUPS you will need to make sure the LPRng print system daemon (“lpd”) is configured not to start automatically.  In addition the various print system commands (such as lpr) have two versions, lpr.LPRng and lpr.cups.  The commands such as lpr are really symlinks on Fedora, to one set of commands or the other.  By default on your system the links may refer to the LPRng set of commands rather than the CUPS versions.  If so this must be changed so that the various user and administrator commands refer to the CUPS versions.  Finally the CUPS print server “cupsd” must be set to start automatically, and must be manually turned on now (if not already running) in order to configure any printers.

To complete your printer setup you will need to gather information about the actual printer to be used, and any networking configuration information.

Printing should work using either the lpr command, a “Printer” icon on the desktop, or a “print...” menu choice from some GUI application.  The default printer name historically (that is, for lp and lpr systems) is “lp”, so you can name your printer that.  However you can have several names (aliases) for each printer, by modifying the printer configuration file (/etc/printcap for LPR, /etc/cups/* for CUPS) directly.  (The current version of CUPS doesn't allow this functionality from the GUI tool yet, but there are command line tools you can use, or other GUI tools.)  In CUPS, printer names are not case-sensitive, and can contain any characters except white-space.

Beside the GUI interface (and the Red Hat GUI printtool), the CUPS print system can be configured through a number of command line utilities.  Printers, classes, and servers can be managed with lpadmin.  (Note the older LPRng command lpc doesn't do much with CUPS, but is provided with limited functionality.)  System default options for printers can be set using lpadmin and lpoptions.  Note that regular users can also use lpoptions, to set their own options that over-ride the system defaults.  Finally printing can be configured by directly editing the configuration files, /etc/printcap (the configured printers database) and the CUPS configuration files in /etc/cups/*.  It is not recommended to edit these files directly, especially /etc/printcap, as these files are re-written when the various administration utilities are used.

This project can only be completed at HCC.  Although some time may be provided in class to work on this project, it is likely you will need to schedule extra time outside of class to come to HCC and complete the printing setup.  (Do not try to print anything when the class is working on something else!)

Firewall Issues:

Many print servers use TCP, so your default firewall setup will work fine for that (allowing any outgoing TCP connection, and allowing the replies for open connections.)

A Windows print service may rely on some UDP services too, so to communicate with a Windows print server you may need to open additional firewall holes.  (You don't need to do this for our classroom setup, but you should understand how.)

Show/Hide SMB firewall configuration information (+/-)

To talk SMB to a Windows print server you may need to open firewall holes for ports TCP/445, and possibly ports UDP/137, UDP/138, and TCP/139 too.  This can be done by running the iptables command (which will open a hole until the next reboot):

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp -​-dport 445 -j ACCEPT

Or by editing the iptables configuration file.  On Fedora/Red Hat systems that is the file /etc/sysconfig/iptables.  Add the following near the middle somewhere to make a hole:

-A RH-Firewall-1-INPUT -p tcp -m tcp -​-dport 445 -j ACCEPT

Then restart iptables with:

/etc/init.d/iptables restart

Repeat if needed for the other three ports (137–139), used for older Windows servers.  To view the current list of iptables rules:

iptables -L -v -​-line-numbers

It might be easier just to turn off iptables or firewalld temporarily when testing out your printer setup:

/etc/init.d/iptables stop

If you still have trouble running a daemon, it may be an SE Linux issue.  If SE Linux is set to ldquo;Enforcing”,try running the service with it set to “Permissive”.  (The commands to use are getenforce and getenforce.)


Using the standard CUPS GUI administration tool, the information in your textbook, and the configuration information provided below, create a default printer setup for your computer that will print to the HP laser printer in our classroom.

That printer is attached to a Windows server.  You could therefore use the SMB protocol to connect to the Windows server.  In order to connect to the Windows server and use the printer, you would need to provide your HCC network username and password.  However this printer is networked, so we will bypass the Windows server and send print jobs to the printer directly.  Samba isn't required.  Nonetheless, you will do some of the steps needed to setup for a Windows-attached printer, for the learning experience.

Answer all of the following questions, and perform the following tasks:

Part I — Configure Your Host to Use CUPS

  1. Check if SE Linux is currently in enforcing mode.  If so, you need to change that to permissive mode, since CUPS on Fedora has known problems running under SE Linux.  Use the commands getenforce and setenforce.  If the default is enforcing, for the classroom computer is should be safe enough to change that, so it boots in permissive mode.  Edit the file /etc/selinux/config to change that.  (The correct fix is to change SE Linux's policy, but you don't know how to do that yet.)
  2. Check which, if any, print system is running on your system now.  Run the “ps -ef”.  Is either cupsd or lpd running now?  If lpd is running you must stop it.  (Note that Fedora 10 and newer uses CUPS and not lprNG.)  Exactly what command did you use to stop this service?
  3. Are lpd or CUPS services configured to start automatically?  Use the chkconfig and systemctl command(s) to find out; if using systemd, find the cups.service file and look in the “[Install]” section for the value of the “WantedBy” directive.
  4. If necessary, update the configuration of CUPS to start automatically in all standard run-levels (System V init) or standard targets (systemd init).  Use chkconfig or systemctl to do this.  In which run-levels or targets is CUPS now configured to start?
  5. If your system is configured to run a different print system such as LPRng you must turn that off and switch to using CUPS.
    1. The standard command line printing utilities such as /usr/bin/lpr and others are actually symlinks (or symbolic links or soft links).  The reason is that there are often two versions of these commands, one set for the LPRng print system and one for the CUPS print system.  To facilitate the switching from one system to another Red Hat (including Fedora) has adopted the alternatives system.  For example the lpr symlink points to another symlink, /etc/alternatives/print, which in turn points to either /usr/bin/lpr.LPRng or to /usr/bin/lpr.cups What is the ultimate command (e.g., non-symlink) executed on your system now for the /usr/bin/lpr command?
    2. If needed you must switch the links from LPRng to CUPS.  To switch all the printing related symlinks at once you should use the alternatives --config print command.  Here's a sample session:
      [root@YborStudent root]# cd /etc/alternatives
      [root@YborStudent alternatives]# ls -l print
      lrwxrwxrwx    1 root     root           17 Apr 10  2003 print -> /usr/bin/lpr.LPRng
      [root@YborStudent alternatives]# alternatives --config print
      There are 2 programs which provide 'print'.
       Selection    Command
        1           /usr/bin/lpr.cups
      *+ 2           /usr/bin/lpr.LPRng
      Enter to keep the default[*], or type selection number: 1
      [root@YborStudent alternatives]# ls -l print
      lrwxrwxrwx    1 root     root           17 Nov  6 19:09 print -> /usr/bin/lpr.cups
      [root@YborStudent alternatives]# 
  6. Next you must determine how you will connect to the printer.  In real life this can be a direct connection (e.g., using a cable from the printer directly to a parallel port on your host, usually /dev/lp0), or by forwarding the print job to another print server that manages the printer (this may be a Windows/SMB print service, a CUPS service, or something else).

    In some cases the printer contains its own internal printer server; this is called a networked printer.  Many Hewlett-Packard (“HP”) models contain a print server known as a “Jet Direct” card.  CUPS can control local printers and talk to remote print servers to forward print jobs, but it will need the correct driver to talk to that printer.  CUPS calls these drivers “back-ends”.  You need to determine how your host will communicate to the printer or remote print server, and make certain the correct back-end is installed.

    Fortunately for you, the current version of CUPS pre-installs many commonly used back-ends for you.  However, you still need to know which back-end to use.

    In order for CUPS to be able to use Samba's SMB to communicate with Windows servers, you must verify the smb backend for CUPS is installed.  (Note this isn't required for our class printer, but you can go through these steps anyway, for the experience.)  Run the command “ls /usr/lib/cups/backend”.  Which backends are your version of CUPS configured to use?  If smb is not listed, you can add it if you've installed the Samba package, by running the following commands:

    which smbspool  # This command verifies you have samba installed on
                    # your system.  If this doesn't locate the file you
                    # must install the samba packages before proceeding.
    ln -s `which smbspool` /usr/lib/cups/backend/smb
  7. Your system is now set to use CUPS the next time you boot.  But before you can proceed to configure and use printing, you must turn on CUPS print service now which can be done without rebooting.  What command did you use?  Run the “ps -ef” again.  Is CUPS running?  (Look for the actual command of cupsd, which you can determine by examining the systemd unit file for that service.)  Examine the system log with the command “tail -50 /var/log/messages”.  What messages (if any) appear related to printing?

Part II — Determining Printer Information

Previously this printer was managed by a Windows print server called dmtec2.  In January 2007 the printer in DTEC-461 was moved to a new subnet (i.e., network LAN).  In April 2014, it was moved to yet another LAN.  While in theory it is still possible to connect via Samba and the dmtec2 Windows print server, in practice the firewall between dmtec2 and our classroom LAN makes such access difficult from our classroom.  Fortunately, it is possible to connect directly to the printer, so that's what you will do for this project.

But how to connect?  It would depend on the type of print server installed in that printer (if any) and it's configuration.  It is useful to know how to figure out this sort of information, as this type of situation occurs more frequently than you might suspect.

  1. Make a visual inspection of the printer in the classroom.

    A physical examination of this printer should tell you:

    • It is an HP LaserJet, model P4015tn.
    • It has an Ethernet cable sticking out the back rather than a serial, USB, or other direct connect cable.  (This implies this is a networked printer, but that is not guaranteed.)
    • The front panel shows “PCL”, so this printer supports PCL.  (A PostScript printer would be your default guess, especially if the LCD display shows “PostScript” or “PS”.  Even if nothing showed, you can guess PostScript first and if that doesn't work try PCL next.)
    • There are some buttons on the front panel.  It is likely that one of them will cause the printer to print a page with useful information.  Reading the manual for this model printer tells us you can do this by printing a “Configuration” page (which will include the printer's IP address).  At the product control panel, press “Menu”, Then press the down-arrow to highlight “INFORMATION”, and then press “OK”.  Press the down-arrow to highlight “PRINT CONFIGURATION”, and then press “OK”.
  2. Print the configuration page(s) using the above method.  Examine these pages to determine:
    • What (if any) is the IP address of this printer?
    • Does this printer support “PostScript”?  (This often is shown as “PS”.)
    • How many pages have been printed on this printer?
  3. To start with, we only know the IP address of this printer.  The first step should be to verify that IP address (that is, verify you can access the printer from your host), and to see which network “ports” are accepting connections.  The “port numbers” of open ports will indicate which types of print servers (if any) are available on this printer.

    After making sure the printer is powered on, run “nmap Printer's IP address”.  (You may have to install nmap first.)  What port(s) are open on the printer?

  4. Next you must determine what type of print server is available, by looking up the port number(s) to see which service(s) they represent.  This can be done with grep for the port numbers on the file /etc/services.  You can also Google for information with a query similar to “port number 12345”.  What type of print servers are available (if any) on this printer?
  5. This information is needed to pick the appropriate backend when configuring CUPS: LPR, LPRng, CUPS (which uses IPP), SMB, Netware print service, JetDirect, etc.  If more than one protocol is supported you need to choose one supported by CUPS.  Which backend will you use for this printer?  (There is no one answer for this; you can use any print service that is supported by both the printer and your print server (CUPS).  I used the JetDirect protocol myself but you can try the others if you wish.)

Part III — Configuring CUPS

Note that every so often, the CUPS GUI changes.  So the steps shown here may not exactly match what you see.

Now configure the printer and print a test page, using the following steps.  (See the Troubleshooting Hints below if you have a problem.)

  1. To start the CUPS GUI configuration utility, launch a web browser (such as Firefox, Opera, or Konqueror).  Enter the URL http://localhost:631/Do not use the Red Hat printer configuration tools.  What version of CUPS is installed?  (HINT:  Click the “Help” button for on-line documentation.)
  2. In the screen that first appears, click on the “Printers” tab to view the screen that shows your configured printers.  This should show “No printers” for now.
  3. Click on the “Administration” tab, then click the “Add Printer” button to begin a wizard to add a printer.  Note you will need to provide the root password for your system to configure printing.
  4. You will be guided to enter lots of information on several pages, including the backend to use, the protocol data (including any required username and password), a printer name, location, and description.  (Use the information provided below when entering this information.)  The order that you are asked for this information varies with the version of CUPS you use.  What information id you enter?  (Most importantly, what did you name your printer?)
  5. On one screen you will choose the “Device” for your printer:  a serial port, a parallel (printer) port, an LPR networked connection, a USB port, etc.  You can select only the devices for which you have a backend installed.  Scroll through the list that appears and you should see a choice for the type of print server controlling the printer.  (If it doesn't appear on your system, make sure networking is up and running!)  enter the device for the protocol you decided to use (from among the ones supported by the printer).

    Note that newer versions of CUPS may have a network printer discovery function, and this may auto-detect our printer.  If so, you can use that to automatically configure the printer.  However, you should practice the steps needed when a printer isn't automatically discovered on the network.  So continue the steps below for manually configuring your printer.  (If you give up at some point and use the auto-detected configuration, make sure you note all the relevant information in your journal.)

  6. Another screen asks for the URI (similar to a URL).  For example, if using the SMB backend/protocol (and you're not), this URI would be of the form: smb://username:password@domain/server/share where the username and password are your valid HCC network user ID and password.  The remaining parts of the URI can be found in the table provided below.  For a JetDirect print server at IP address the correct back-end is called “AppSocket/HP JetDirect”, and the correct URI is “socket://” or “socket://”, with the correct IP address of course.  What URI did you use?
  7. On the last screens enter the make and model of the printer.  That will select the appropriate PPD file to use.  (Fedora ships with a large set of PPD files.)  Which PPD files (print drivers) shown on the list would be considered as possible PPDs to use for the current classroom printer?
  8. Previously we had an ancient LaserJet III Si.  Some work with Google and the HP website tells us this is a long discontinued printer.  In fact CUPS doesn't include a PPD (driver) for it anymore.  Worse, the only PPD drivers for this printer that are readily available appear to be commercial (not for free).

    If you try to use a printer unsupported with the current version of CUPS, you can find an different installation of CUPS you may be able to copy the PPD file needed.  (You can try to find a free one on the Internet using Google; maybe you'll have more luck than I did!)  If no exact matching PPD file is available you need to use the nearest match.  Which PPD files (print drivers) show on the list that you would consider as possible PPDs to use for a LaserJet III Si printer?  (Don't forget to consider the non-HP “generic” PPD files available, such as one for any “PostScript 3 printer” or for any “PCL 6 printer”.)

    Of course the real answer is not to use a 15+ year old printer, or to pay for the correct PPD, or to write (or hire a consultant to write) a custom PPD.  If no models listed seem a reasonable choice, choose a generic “PostScript” printer.

  9. When finished with the CUPS setup, try to print a test page from CUPS, using the command in the “Maintenance” drop-down list of commands that shows on the printer page.  (Make sure no one else is using the printer when you try this!)  If this fails to work, modify the printer by choosing a different PPD file.  Which PPD file did you ultimately use?  (Please recycle any extra used paper!)
  10. Log in with your regular user (non-root) account.  (Remember you can simply switch to a virtual console for this!)  Use the lpr command to print a copy of your system's /etc/passwd file.  You can use the pr command to format the printing of the /etc/passwd file, including a page header with the date and your name in it.  You can either pipe the output of pr into lpr, or use special lpr options to set a header.  See the lpr and pr man pages for details.  What error message(s) did you get when you tried this?
  11. The reason the previous step results in an error is that you haven't yet set a default printer to use.  Try printing again, this time using the correct command line option to select your printer.  What was the exact command line you used?
  12. Now set your printer as your (not system wide, just your non-root login user account) default printer.  That and other default settings can be set using the lpoptions command.  What was the exact command used to set your default printer?  In what file is that option recorded?
  13. Finally, set a system-wide default printer.  While you could do that from the command line using lpoptions (changes made using this command as root don't set the root user's defaults but the system-wide defaults), go back to the CUPS web page, select your printer from the “Printers” tab, and make it the default using the “Administration” drop-down list of commands.  What file gets modified when you set system-wide CUPS defaults this way?  Verify the default works by printing something.  (As before, make sure no one else is printing when you try this, and remember to recycle and not discard used paper.)

Part IV — Printer Maintenance

The last step is to determine a maintenance schedule, and to order the correct supplies (replacement parts for the printer elements that wear out after a certain number of pages have been printed, toner, cleaning supplies, etc.) in a timely fashion.

  1. Find the user manual for this printer.  If you can't locate one, you will need to use on-line information found with Google.  (If you can't find the data for some old printer, you should locate data for a similar model and use that.)  What Google search term(s) did you use?

    After trying to locate the information you may come to the Hewlett-Packard support site for this printer.  You should be able to find manuals describing the use and setup of the printer, and maintenance information.  (In reality, older printer models may not have the information available. You can try the Internet Archive and try to locate an archived version of the information you need.)

  2. What element(s) of this printer need to be replaced?  How many pages can be printed before those element(s) need to be replaced?  (Assume you can't replace the whole printer. :-)
  3. Next determine when you need to replace those elements.  You can assume the printer was purchased new in 2008.  Given the age of the printer and the current page count, and the number of pages until the element(s) need to be replaced, estimate how many months before the printer is due for such replacement service.  (Assume the printer had correct service in the past.)
  4. Now go back to Google and determine where the replacement element(s) can be obtained and what they will cost.  Where can you obtain printer parts and supplies (such as toner) for this printer?  (You only need to list one source, but a better procedure is to fine three or more reliable sources and compare prices and services.  One way to determine good vendors is to use BizRate.com.)

To Be Turned In:

A printout of the CUPS test page that you produced, a printout of your /etc/passwd file, and a printout of your system journal entries describing in detail the printing setup on your system and the answers to the questions above.  Make sure your name is clearly printed at the top of each page and remember to staple all the pages together.

You can submit project questions to .  Please see your syllabus for more information about submitting projects.

Troubleshooting Hints:

Make sure no one else is printing a test page at the same time you are, since there is no way to tell whose setup worked and whose didn't when only one page prints!

If you ever need to use the SMB protocol to print to a Windows print server (and you won't for this project), you will not need to start the Samba daemon.  The Samba server is used to make your Linux system appear in the Network Neighborhood of other computers, as if it were another Windows server.  You don't need the server on the local system to be running to use SMB or the Samba client tools to print to a Windows server.  (You only would need this if you wanted to offer print services to Windows users.)

Be careful when entering in the information, it is easy to make a typo when entering the URIs.  One common problem is using the wrong type of slash (use forward slashes (“/”) not backslashes).  Some problems that can occur if using SMB include using a Windows account that was never activated (or that has been deactivated), using the wrong Windows password, using a Windows password that contains special characters (shell metacharacters such as *, ?, \, !, $, ', ", a space, etc.), and using a password that is too long.

To print to an HCC Windows printer you will need a valid HCC Windows network username and password.  You can learn your HCC network ID by using WebAdvisor.  Even if you are certain your HCC network ID and password are fine, you should walk to the open lab and attempt to log in using that username and password on one of the Windows computers.  If you have any problems with your HCC ID, consult with a lab tech.

A Windows Share name is the unique UNC (Universal Naming Convention) name of a shared resource such as a printer, in the form “//server_name/printer_name” or (as in our case) “//domain_name/server_name/printer_name”.

If the correct printer driver is selected the resulting printout should appear fine for either text or PostScript.  However your version of CUPS may not ship with the exact printer driver for some printer models.  To fix this you can upgrade the printing packages on your system which will (hopefully) include the correct printer driver.  If you can't find the one you need, experiment a bit with printer drivers for similar printers.  You will usually find one that works pretty well.  If all else fails you can use the generic “PostScript” or “PCL” printer.

If the first driver you select doesn't work and you go to change it, Using the standard CUPS GUI tool you must go through the wizard again.  All the old information is preserved so all you need to is to click “continue” at each step, until you come to the driver choice (where you will make a new selection).  However, for security reasons the username and password don't appear in the displayed “URI”.  I've learned that if you just click continue to get to the driver selection page, the information that is showing replaces the information that was stored.  In short, the username and password will vanish if you just hit “continue” on that page!  The fix is easy, just re-enter your username and password into the URI that shows.

If all else fails, after attempting to print a test page check the log files for errors, especially /var/log/cups/error.log.



Room DTEC 461 Printer Information

In the table below is the specific information needed to configure a printer on Linux for remote printing to the printer in room 461.  This printer is attached to a Windows server.  To use the Windows print server, you would need to use Samba and your HCC network user ID and password to use this printer via the Windows print server.  However it is not necessary to use that Windows print server; you can print directly to the printer.  But if multiple hosts print to the printer at the same time, it is difficult to know who printed what.

Most of the information used is case-sensitive, so be sure to enter it exactly as shown.  Some of the data in the table (shown in gray) would only be needed to connect to a Windows print server, and is for informational use only.

Table 1 - Printer Setup Information
Printer Namelp
Printer LocationDTEC-461
Printer Description LaserJet B&W, duplex, staples
IP Address10.142.255.2
Domain (Workgroup) Name ACADEMIC
Server Name DMTEC2
Share Name DTEC461
Printer Make HP (Hewlett-Packard)
Printer ModelLaserJet P4015tn (CB510a), (English or “en”)
Note:  if you don't see this exact model listed, try to find the closest match possible.  You may have to try more than one if the first driver you try doesn't work.