Windows 電腦上的 CUPS 共用印表機有驗證和 SSL 連線問題

Question 1

經過一周的努力解決這個問題，我找到了一個解決方法。

在 Windows 10 1903 更新中，新增具有驗證的印表機時出現問題。您必須先設定端口，甚至在添加印表機之前，然後，您就可以毫無問題地添加它。您可以編輯和運行的好腳本就在這裡

或者您可以透過配置暫存器手動新增它，請參閱第二個連結。成功新增連接埠和印表機後（不會要求您提供憑證），進入印表機設定、連接埠設定並使用提供的憑證設定連接埠。沒有它們，您將無法列印。

其次，您必須在無需身份驗證的情況下授予對每個位置的存取權限，甚至是 cupsd.conf 中的「/」和「/printers」。之後，建立策略限制<Limit Get-Printer-Attributes>並且根本不需要身份驗證。然後在<Limit Cancel-Job CUPS-Authenticate-Job>和中啟用身份驗證<Limit Create-Job Print-Job Print-URI Validate-Job>。

如果您嘗試使用自簽名證書，請點擊鏈接 Windows 中新增自簽名證書。不要忘記將此憑證新增至“受信任的根第 3 方憑證”

當您將 IPP 印表機新增至 Windows 時，您必須面對更多一些有問題的來源 Windows 下的 Cups 驗證問題 Windows 下的 Cups 驗證問題

我的 cupsd.conf（匿名）

LogLevel debug
PageLogFormat
MaxLogSize 0

SSLPort 636
SSLListen *:636

Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All

DefaultAuthType Basic

WebInterface yes


DefaultEncryption required

ServerKey /etc/cups/ssl/server.key
ServerCertificate /etc/cups/ssl/server.crt

ServerAlias hostname.my_domain.net


# Restrict access to the server...
<Location />
  Order allow,deny
  Allow 192.168.X1.*
  Allow 192.168.X2.*
  Allow localhost 
</Location>

<Location /printers>
  Order allow,deny
  Allow 192.168.X1.*
  Allow 192.168.X2.*
  Allow localhost
</Location>


# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow localhost
  Deny all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Allow localhost
  Order allow,deny
</Location>

# Restrict access to log files...
<Location /admin/log>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow localhost
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
    Allow all
    AuthType Basic
    Require user @SYSTEM cups_print
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
    AuthType Basic
    Order deny,allow
  </Limit>

  <Limit Get-Printer-Attributes>
    Order allow,deny
    Allow all
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Basic
    Require user @SYSTEM cups_print
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Basic
    Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
    Order deny,allow
  </Limit>

  <Limit Get-Printer-Attributes>
    Order allow,deny
    Allow all
   </Limit>


  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Answer

經過一周的努力解決這個問題，我找到了一個解決方法。

在 Windows 10 1903 更新中，新增具有驗證的印表機時出現問題。您必須先設定端口，甚至在添加印表機之前，然後，您就可以毫無問題地添加它。您可以編輯和運行的好腳本就在這裡

新增印表機 https 和 auth 的說明

修改暫存器並新增連接埠的腳本

或者您可以透過配置暫存器手動新增它，請參閱第二個連結。成功新增連接埠和印表機後（不會要求您提供憑證），進入印表機設定、連接埠設定並使用提供的憑證設定連接埠。沒有它們，您將無法列印。

其次，您必須在無需身份驗證的情況下授予對每個位置的存取權限，甚至是 cupsd.conf 中的「/」和「/printers」。之後，建立策略限制<Limit Get-Printer-Attributes>並且根本不需要身份驗證。然後在<Limit Cancel-Job CUPS-Authenticate-Job>和中啟用身份驗證<Limit Create-Job Print-Job Print-URI Validate-Job>。

如果您嘗試使用自簽名證書，請點擊鏈接 Windows 中新增自簽名證書。不要忘記將此憑證新增至“受信任的根第 3 方憑證”

當您將 IPP 印表機新增至 Windows 時，您必須面對更多一些有問題的來源 Windows 下的 Cups 驗證問題 Windows 下的 Cups 驗證問題

我的 cupsd.conf（匿名）

LogLevel debug
PageLogFormat
MaxLogSize 0

SSLPort 636
SSLListen *:636

Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All

DefaultAuthType Basic

WebInterface yes


DefaultEncryption required

ServerKey /etc/cups/ssl/server.key
ServerCertificate /etc/cups/ssl/server.crt

ServerAlias hostname.my_domain.net


# Restrict access to the server...
<Location />
  Order allow,deny
  Allow 192.168.X1.*
  Allow 192.168.X2.*
  Allow localhost 
</Location>

<Location /printers>
  Order allow,deny
  Allow 192.168.X1.*
  Allow 192.168.X2.*
  Allow localhost
</Location>


# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow localhost
  Deny all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Allow localhost
  Order allow,deny
</Location>

# Restrict access to log files...
<Location /admin/log>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow localhost
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
    Allow all
    AuthType Basic
    Require user @SYSTEM cups_print
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
    AuthType Basic
    Order deny,allow
  </Limit>

  <Limit Get-Printer-Attributes>
    Order allow,deny
    Allow all
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Basic
    Require user @SYSTEM cups_print
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Basic
    Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
    Order deny,allow
  </Limit>

  <Limit Get-Printer-Attributes>
    Order allow,deny
    Allow all
   </Limit>


  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Question 2

警告

對於cups 2.2.1 及更高版本，cupsd.conf 中使用的ServerCertificate 和ServerKey 指令已被撤銷。

除非指令 CreateSelfSignedCerts 在 cups-files.conf 中設定為“no”，否則 cups 使用名稱 ${HOSTNAME}.crt 和 ${HOSTNAME}.key 產生自己的自簽名證書

憑證的預設路徑仍然是 cups_root + ssl 目錄，但可以使用 cups-files.conf 中的指令 ServerKeyChain 進行更改。

因此，如果您有自己的憑證（自簽署或權威簽署），則必須將它們複製到名稱為${HOSTNAME}.crt 和${HOSTNAME}.key 的ssl 目錄，否則連接埠631 上的https 連接將會失敗，並且/var/log/cups/error.log 包含許多行抱怨無法讀取證書檔案。

Answer

警告

對於cups 2.2.1 及更高版本，cupsd.conf 中使用的ServerCertificate 和ServerKey 指令已被撤銷。

除非指令 CreateSelfSignedCerts 在 cups-files.conf 中設定為“no”，否則 cups 使用名稱 ${HOSTNAME}.crt 和 ${HOSTNAME}.key 產生自己的自簽名證書

憑證的預設路徑仍然是 cups_root + ssl 目錄，但可以使用 cups-files.conf 中的指令 ServerKeyChain 進行更改。

因此，如果您有自己的憑證（自簽署或權威簽署），則必須將它們複製到名稱為${HOSTNAME}.crt 和${HOSTNAME}.key 的ssl 目錄，否則連接埠631 上的https 連接將會失敗，並且/var/log/cups/error.log 包含許多行抱怨無法讀取證書檔案。

Windows 電腦上的 CUPS 共用印表機有驗證和 SSL 連線問題

答案1

答案2

相關內容