我在 Windows 10 或 7 中連接印表機時遇到問題。我創建了用戶 cups_print 並使用 passwd 命令為其分配密碼。我嘗試停用身份驗證和 TLS/SSL,如果沒有它們,Windows 工作站可以連接到 HP P1006,該 HP P1006 連接到運行 CUPS 的 Raspi。我也嘗試過“需要有效用戶”,但使用此選項我可以使用任何憑證進行列印,例如用戶名:“aa”密碼:“randompassword”。我還嘗試在 Windows 上進行 SSL 連線時監聽連接埠 631,但沒有成功,Linux 的每個選項都可以正常運作。
我嘗試透過以下方式在 Windows 中設定 ipp url:
https://192.168.X.132:632/printers/HP_LaserJet_P1006
https://cups_print:[電子郵件受保護]:632/印表機/HP_LaserJet_P1006
https://[電子郵件受保護]:632/印表機/HP_LaserJet_P1006
http://[電子郵件受保護]:631/印表機/HP_LaserJet_P1006
http://192.168.X.132:631/printers/HP_LaserJet_P1006
http://cups_print:[電子郵件受保護]:631/印表機/HP_LaserJet_P1006
我還嘗試新增印表機,當cupsd.conf配置為無需身份驗證時,然後在選項開啟後重新啟動它,然後透過連接埠編輯向Windows提供憑證。再次沒有任何成功。我可以透過 Web 介面存取任何 Windows 工作站上的 cups 設定。這似乎是 Windows 的問題,如果不是,請您提出任何解決方案,我希望我的家庭網路中的所有內容都受到保護。
我附上部分 cupsd.conf 文件
# Show troubleshooting information in error_log.
LogLevel debug
PageLogFormat
MaxLogSize 0
Port 631
Listen localhost:631
Listen /run/cups/cups.sock
Listen 192.168.X.X:631
Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption Required
SSLPort 632
SSLListen *:632
<Location />
Order allow,deny
Allow 192.168.X.*
Allow 192.168.X.*
Allow localhost
#Allow all
Require user cups_print
#Require user @SYSTEM cups_print
</Location>
<Location /printers>
Order allow,deny
Allow 192.168.X.*
Allow 192.168.X.*
Allow localhost
#Allow all
AuthType Basic
Require user cups_print
#Require user @SYSTEM cups_print
答案1
經過一周的努力解決這個問題,我找到了一個解決方法。
在 Windows 10 1903 更新中,新增具有驗證的印表機時出現問題。您必須先設定端口,甚至在添加印表機之前,然後,您就可以毫無問題地添加它。您可以編輯和運行的好腳本就在這裡
或者您可以透過配置暫存器手動新增它,請參閱第二個連結。成功新增連接埠和印表機後(不會要求您提供憑證),進入印表機設定、連接埠設定並使用提供的憑證設定連接埠。沒有它們,您將無法列印。
其次,您必須在無需身份驗證的情況下授予對每個位置的存取權限,甚至是 cupsd.conf 中的「/」和「/printers」。之後,建立策略限制<Limit Get-Printer-Attributes>
並且根本不需要身份驗證。然後在<Limit Cancel-Job CUPS-Authenticate-Job>
和中啟用身份驗證<Limit Create-Job Print-Job Print-URI Validate-Job>
。
如果您嘗試使用自簽名證書,請點擊鏈接 Windows 中新增自簽名證書。不要忘記將此憑證新增至“受信任的根第 3 方憑證”
當您將 IPP 印表機新增至 Windows 時,您必須面對更多一些有問題的來源 Windows 下的 Cups 驗證問題 Windows 下的 Cups 驗證問題
我的 cupsd.conf(匿名)
LogLevel debug
PageLogFormat
MaxLogSize 0
SSLPort 636
SSLListen *:636
Browsing On
BrowseLocalProtocols dnssd
BrowseAllow All
DefaultAuthType Basic
WebInterface yes
DefaultEncryption required
ServerKey /etc/cups/ssl/server.key
ServerCertificate /etc/cups/ssl/server.crt
ServerAlias hostname.my_domain.net
# Restrict access to the server...
<Location />
Order allow,deny
Allow 192.168.X1.*
Allow 192.168.X2.*
Allow localhost
</Location>
<Location /printers>
Order allow,deny
Allow 192.168.X1.*
Allow 192.168.X2.*
Allow localhost
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow localhost
Deny all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Allow localhost
Order allow,deny
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
Allow all
AuthType Basic
Require user @SYSTEM cups_print
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
AuthType Basic
Order deny,allow
</Limit>
<Limit Get-Printer-Attributes>
Order allow,deny
Allow all
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Basic
Require user @SYSTEM cups_print
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Basic
Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@ cups_print
Order deny,allow
</Limit>
<Limit Get-Printer-Attributes>
Order allow,deny
Allow all
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
答案2
警告
對於cups 2.2.1 及更高版本,cupsd.conf 中使用的ServerCertificate 和ServerKey 指令已被撤銷。
除非指令 CreateSelfSignedCerts 在 cups-files.conf 中設定為“no”,否則 cups 使用名稱 ${HOSTNAME}.crt 和 ${HOSTNAME}.key 產生自己的自簽名證書
憑證的預設路徑仍然是 cups_root + ssl 目錄,但可以使用 cups-files.conf 中的指令 ServerKeyChain 進行更改。
因此,如果您有自己的憑證(自簽署或權威簽署),則必須將它們複製到名稱為${HOSTNAME}.crt 和${HOSTNAME}.key 的ssl 目錄,否則連接埠631 上的https 連接將會失敗,並且/var/log/cups/error.log 包含許多行抱怨無法讀取證書檔案。