11.3 iPrint Printer Configuration (iManager)

iManager enables you to perform the following operations on iPrint Appliance:

NOTE:If you are running Windows XP Service Pack 2 or other browsers with pop-up blocking, you might encounter problems with pop-up windows. To manage iPrint in iManager and to install printers with iPrint clients, turn off pop-up blocking or allow the URL.

11.3.1 Understanding and Managing Certificates

When you manage Print Managers, driver stores, and printers that are running on a different server than the server running iManager, you might receive a certificate error, meaning that the host name or IP address of the server where you are managing the print object does not match any of the certificates on the server where iManager is running.

To find and accept the correct certificate:

  1. Click the iPrint Certificate Manager link in the error.

  2. Review the certificate information for accuracy.

  3. Select the action you want to perform for this certificate.

    In order to manage the print object, you must accept the certificate.

  4. Click OK.

    You might need to scroll down in order to click OK to accept the certificate.

  5. Restart your task.

Certificates are accepted on a per-user basis.

You can remove accepted certificates by deleting the certstore folder located at: /var/opt/novell/iManager/nps/portal/modules/iPrintX/certstore. Deleting this folder removes all accepted certificates.

11.3.2 Managing the Driver Store

Although the default settings lets users print without additional configuration, you might want to modify some settings so that you can manage your printing resources most effectively.

Creating Additional Driver Stores

Although you can create additional Driver Stores, you only need one for your iPrint system because the Print Manager saves the downloaded drivers files to disk. If the Print Manager does not have a requested driver, it copies the driver from the Driver Store and then saves it to disk. This process is relatively quick, even for the first user to request a printer driver. We recommend that you maintain only one Driver Store, so you do not need to track which Driver Store contains what printer drivers. Periodically, the Print Manager checks the Driver Store for updated printer drivers.

If you configure multiple Driver Stores that run on the same server, they all point to the same repository of printer drivers. This can be useful because each Driver Store has its own eDirectory object, and you can distribute the objects in your eDirectory tree.

To create a driver store:

  1. In iManager, click iPrint > Create Driver Store.

  2. Specify the Driver Store name you want for the Driver Store object.

  3. Specify the container name where you want the Driver Store object to reside. The default value is iPrintAppliance.

  4. Specify a host name or IP address of the target server where you want the Driver Store to reside.

  5. Specify an eDirectory server that you want the Driver Store to communicate with.

    For fault tolerance, you can specify more than one eDirectory server from the same tree. For more information, see Changing the eDirectory Server Assignment.

  6. Click OK.

To modify the Driver Store properties or to add printer drivers, click Manage Driver Store, then select the Driver Store you want to modify.

Understanding the Driver Store Configuration File

When you create a Driver Store, a configuration file is created in /etc/opt/novell/iprint/conf. The filename is idsd.conf. Each time you use iManager to create a Driver Store object and assign it to the same server, a separate entry is added to idsd.conf. Although you can have several Driver Stores assigned to a server, all printer driver files are stored in one file structure on the server. For information about the entries in the configuration file, see /etc/opt/novell/iprint/conf/idsd.conf.

Changing the eDirectory Server Assignment

If you need to change the eDirectory server assignment for the Print Manager or Driver Store, edit the Directory Services Server1= entry in the corresponding configuration file, print_manager_name.context.ipsmd.conf or idsd.conf, located in /etc/opt/novell/iprint/conf.

NOTE:As many as two additional servers can be specified, using Directory Services Server2 and Directory Services Server3. Directory Services Server1 is considered to be the primary eDirectory server. Directory Services Server2 and Directory Services Server3 are considered to be secondary servers.

For example, editing the Directory Services Servers 1, 2, and 3 entries for the idsd.conf file looks like this:

cat /etc/opt/novell/iprint/conf/idsd.conf {

DSServer1 server1.blr.novell.com

DSServer2 server2.blr.novell.com

DSServer3 server3.blr.novell.com

IDSObjectDN CN=ds-102-59-2,O=novell

IDSObjectPasswd yhvuevdbumpuvfuklnqqapvipxvemh

IDSHostAddress 100.100.100.100

}

Editing the Directory Services Servers 1, 2, and 3 entries for the ipsmd.conf file looks like this:

cat /etc/opt/novell/iprint/conf/ipsmd.conf

DSServer1 server1.blr.novell.com

DSServer2 server2.blr.novell.com

DSServer3 server3.blr.novell.com

PSMObjectDN CN=psm-dns-name,O=novell

PSMObjectPasswd pgtnlafnfekh

PSMHostAddress server1.blr.novell.com

Loading or Unloading the Driver Store

You can start and stop the Print Manager in two ways:

Using the Command Line

The Driver Store uses init scripts for starting and stopping the daemon. To load the Driver Store from the command line, enter/etc/init.d/novell-idsd start

The following init script actions are also valid:

Table 11-2 Driver Store Actions

Action

Description

reload or force-reload

Stops and then starts the daemon.

start

Starts the daemon.

status

Displays the status of the daemon and the name of the Driver Store.

stop

Stops the daemon.

Using iManager

On the Driver Store Control property page, you can view the Driver Store’s status and unload or load the Driver Store daemon.

  1. In iManager, click iPrint > Manage Driver Store.

  2. Browse to and select the Driver Store you want.

  3. Click Driver Store Control > Shutdown to stop the Driver Store process.

  4. Click OK.

Updating Printer Drivers

  1. Add a new driver.

    For more information on adding a new driver, see Configuring Printer Drivers.

  2. Associate the printer to the driver.

NOTE:Only the new iPrint Clients auto-update the drivers. For the existing or old Print Clients, you need to manually install and associate the drivers.

Deleting Printer Drivers

  1. In iManager, click iPrint > Manage Driver Store, then browse to and select the Driver Store you want.

  2. Click Drivers, then select the client platform you want to work with.

  3. Select the driver you want to delete.

  4. Click Delete.

  5. Click OK.

11.3.3 Managing the Print Manager

Although the default settings let users print without additional configuration, you probably want to modify some of those settings so that you can manage your printing resources most effectively.

NOTE:Printer driver profiles are stored in the Print Manager database file (psmdb.dat). While the .dat file can be viewed only using iManager and the /psmstatus page, a text copy of the database file can be viewed using many tools (including text editor, web browser, and others). This text copy is periodically backed up in the same directory as the .dat file, but in XML format. The directory location is: /var/opt/novell/iprint/<print manager name.ou.ou.o>.psm/.

Understanding the Print Manager Database

The Print Manager uses a database to store information about the printers it controls. The database creates a backup when you create or delete a printer and also every night at midnight.

NOTE:Although database creation is a quick process, sometimes the backup is delayed because of other tasks the Print Manager is doing. You might need to wait a short while after you create or delete a printer before a backup is generated and uploaded to eDirectory.

The last four backups are saved. When a new backup file is created, the oldest of the four stored files is deleted. If the oldest backup file is older than four days, then the Print Manager creates a new backup.

If the database fails to load through normal mechanisms, you can use the following procedure to access the backup database:

  1. Rename /var/opt/novell/iprint/<PSM_Name>/psmdb.* to psmdbold.*.

  2. Rename /var/opt/novell/iprint/<PSM_Name>/psmdbsav.* to psmdb.*.

  3. Start the Print Manager.

Understanding the Print Manager Configuration File

When you create a Print Manager, a configuration file is created in /etc/opt/novell/iprint/conf. The file name is print_manager_name.context.ipsmd.conf. A separate file is created for each Print Manager that is created and assigned to run on the same server. Only one Print Manager can run on the server at a time. For information about the entries in the configuration file, see /etc/opt/novell/iprint/conf/ipsmd-template.conf.

The ipsmd.conf file links to the configuration file of the currently loaded Print Manager.

To load a different Print Manager on the server, use the iPrint> Manage Print Manager > Manager Control page in iManager. If you attempt to load a Print Manager when one is already running, you receive an error message instructing you to unload the current Print Manager before loading the new one.

Changing the eDirectory Server Assignment

If you need to change the eDirectory server assignment for the Print Manager or Driver Store, edit the Directory Services Server1= entry in the corresponding configuration file, print_manager_name.context.ipsmd.conf or idsd.conf, located in /etc/opt/novell/iprint/conf.

NOTE:As many as two additional servers can be specified, using Directory Services Server2 and Directory Services Server3. Directory Services Server1 is considered to be the primary eDirectory server. Directory Services Server2 and Directory Services Server3 are considered to be secondary servers.

For example, editing the Directory Services Servers 1, 2, and 3 entries for the idsd.conf file looks like this:

cat /etc/opt/novell/iprint/conf/idsd.conf {

DSServer1 server1.blr.novell.com

DSServer2 server2.blr.novell.com

DSServer3 server3.blr.novell.com

IDSObjectDN CN=ds-102-59-2,O=novell

IDSObjectPasswd yhvuevdbumpuvfuklnqqapvipxvemh

IDSHostAddress 100.100.100.100

}

Editing the Directory Services Servers 1, 2, and 3 entries for the ipsmd.conf file looks like this:

cat /etc/opt/novell/iprint/conf/ipsmd.conf

DSServer1 server1.blr.novell.com

DSServer2 server2.blr.novell.com

DSServer3 server3.blr.novell.com

PSMObjectDN CN=psm-dns-name,O=novell

PSMObjectPasswd pgtnlafnfekh

PSMHostAddress server1.blr.novell.com

Using the Print Manager Health Monitor

The Print Manager Health Monitor provides you with a global view of your print system. The Health Monitor shows you the current status of the Print Manager and the associated printers and lets you configure error threshold, customize some print system settings, and generate reports about your system.

Understanding the Print Manager Health Monitor

The Print Manager Health Monitor is a powerful tool for managing and troubleshooting your print system.

The opening page of the Health Monitor shows all of your printers; their current state; and general statistics including the number of print jobs printed in the last hour, in the last day, and since the Print Manager was last started.

A quick look at these statistics helps you identify which printers are not printing because of errors or which printers are not being used.You can click a printer name to see additional details about the printer that can help you troubleshoot a reported printer error and why users are not using the printer.

For example, if the printer status shows Error printing, click the printer for a list of known problems. If one of the known problems is Printer not connected, use the IP address listed in the Load String field to ping the printer to determine if the IP address is valid.

By looking at the statistical information, you can correct printer problems or make decisions about redeploying under used printers to departments that print a lot. For more information, see An Overview of the iPrint Manager Health Monitor.

Accessing the Print Manager Health Monitor

Access the Health Monitor by going to http://server_address/psmstatus, where server_address is the IP address or host name of the server where the Print Manager is running.

For example: http://printing.my_company.com/psmstatus.

You can view current Printer Agent states, start up and shut down Printer Agents, and other information about your print system.

Generating Reports

The report feature of the Health Monitor allows you to generate a report that can be displayed on the page or saved as a comma-separated-value (.csv) file that can be used in a spreadsheet program.

  1. On the Print Manager Health Monitor main page, click Advanced Print Manager Information > Generate Report.

  2. (Optional) To save the report as a file, click Write Results to File under the File Options heading.

    The heading specifies the location and filename of the report.

  3. Select the information you want included in the report by selecting the corresponding check boxes.

  4. Click Generate Report.

    The report is displayed on the screen, even if you selected to save the report to a file.

The following common reports are available for you to generate:

Printer Configurations: To determine what features are enabled for each Printer Agent, generate the following reports:

  • SSL Required for iPrint Access

  • Auditing Enabled

Printer’s Current State: To view the states of the printers and any printer console messages, generate the following reports:

  • Printer Agent Status

  • Printer Agent State Reasons

  • Printer Console

Printing Statistics: To view statistics about your print system, generate the following reports:

  • Jobs Printed Ever

  • Jobs Printed Since Load

  • Jobs Printed Today

  • Average Job Size Since Load

  • Average Job Size Today

Gateway Information: To view information about a gateway associated with the Printer Agents, including the gateway’s IP address, generate the following report:

  • Gateway Load String

Printer Driver Associations: To view the printer drivers associated with each printer, generate the following reports:

  • Windows 95/98 Driver

  • Windows NT4 Driver

  • Windows 2000/XP Driver

  • Win XP Driver

  • Linux Driver

Printer and Printer Agent Associations: Because a Printer Agent can service more than one printer, use the Associated NDS Printers option to view the number of printers serviced by each Printer Agent.

Configuring Health Monitor Settings

You can configure settings in the Health Monitor to control how the Health Monitor presents information when certain thresholds are met.

  1. On the Print Manager Health Monitor main page, click Advanced iPrint Manager Information > Configure Settings and Error Thresholds.

  2. Adjust the settings you want to change.

    See the online help for information about the available settings. For most print systems, the default settings are sufficient.

Posting Administrator Messages about a Printer

Suppose a printer has been taken offline and sent for repairs, but you keep getting phone calls from other administrators that the printer has an error in the Health Monitor. This can be resolved by leaving a message about the printer in Health Monitor. Users can see the message, but only administrators can edit it.

  1. On the Print Manager Health Monitor main page, click the printer you want, then click Message from Admin.

  2. Type the text you want displayed for this printer.

  3. Click Apply.

To remove a message, follow the steps above and delete the text in the message box (Step 2).

Setting Up a Printer Pool

You can create a pool of printers to share the load of printing. Users install one of the printers in the pool. When a printer in the pool has a print job waiting, the Print Manager can redirect that print job to an idle printer in the pool. The Print Manager attempts to evenly distribute print jobs among all printers in a pool.

For example, if four printers are in the pool and the first printer is printing a 100-page job, then the next print job is sent to the second printer. If the second printer completes the print job and the first printer is still busy, the next print job is sent to the third printer to distribute print jobs throughout the pool. Printer pools are specific to the Print Manager, and a printer pool cannot span multiple Print Managers.

Printers that are included in a pool should be the same model and use the same printer drivers. You can include only printers from the same Print Manager in a pool.

When you create a printer pool, the pool information resides in the Print Manager and can be viewed only using iManager. Unlike the printers and the Print Manager, a separate eDirectory object for a printer pool is not created.

After you set up a printer pool, users install only one of the printers in the pool on their workstation. When a user submits a print job to the installed printer, the Print Manager uses the method described in the example above to send the print job to the next available printer in the pool. Users should be reminded that their print jobs might be printed by any printer in the pool. For this reason, the physical printers that are members of a printer pool should be located close to one another. You might also want to enable banner pages, depending on the type of documents being printed.

To configure a printer pool, do the following:

  1. In iManager, click iPrint > Printer Pool Configuration.

  2. Select the Print Manager for this pool.

  3. Select Create Pool from the Select Operation list, then click OK.

  4. Specify the name of the printer pool.

    This name is used to identify the pool only within iManager.

  5. Select the printers you want included in the pool.

  6. Click Next, then click OK.

To modify or delete a pool, follow the above steps and select the desired action from the Select an Operation list in Step 3.

Using Print Auditing

To use print auditing, you first need to enable auditing for each printer you want to audit using iManager or the Print Manager Health Monitor.

When auditing is enabled for a Printer Agent, a log file is created indicating who printed how many pages to which printer on a given date. The log file is in a comma-separated format (.csv). The data from this log file can be viewed from the Health Monitor or downloaded into a spreadsheet.

Figure 11-2 Auditing Management Page

From the Auditing Management page, you can complete the following tasks:

Using iManager to Enable Auditing

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to enable auditing for.

  3. Click Configuration > Auditing.

  4. Select the Enable Auditing check box.

Using the Health Monitor to Enable Auditing

  1. To access the Print Manager Health Monitor, open http://server_IP_address/psmstatus in a Web browser.

    For example: http://printing.my_company.com/psmstatus.

  2. Select a printer, then click Configuration Options.

    You can also access Configuration Options by going to https://server_IP_address/PsmStatus/configOpt/Printer_Name.

  3. Select the Enable Auditing check box.

Viewing Auditing Information

You can generate an audit report that shows all print jobs, or you can filter the report based on a user or a printer or both.

  1. In the Print Manager Health Monitor, click Advanced iPrint Manager Information > Auditing > Generate Report.

    If there is more than one audit log, click Generate Report for the audit log you want to view.

  2. (Optional) Filter the search by using the Limit Search by User or Limit Search by Printer filters.

    Auditing Search Page
  3. Click Generate Report to view the report with the specified filters.

    There are only 250 print jobs listed at a time. To view more print jobs in the report, click Next.

    Auditing Report

    The following table explains the fields that are displayed under the Report Summary.

    Field

    Description

    iPrint Manger

    The Print Manager that the information is from.

    Audit Log

    The audit log filename that was used to create the report.

    Selected User

    Any user filter criteria that were used to create the report.

    Selected Printer

    Any printer filter criteria that were used to create the report.

    Number of Jobs Currently Displayed

    The number of jobs submitted by the indicated users and printers.

    The following table discusses what is displayed in the body of the report.

    Field

    Description

    Job Owner

    The owner of the print job.

    Printer

    The printer the print job was sent to.

    Time Submitted

    The time the print job was submitted to the printer.

    Time Completed

    The time the print job was printed on the printer.

    Completion Status

    The completion status of the submitted print job:

    Completed, Cancelled by User, Cancelled by Operator, or Other (Other usually indicates the job was aborted by the system).

    Page Count

    The number of pages printed.

    Job Size

    The size of the print job (in bytes).

    Job Name

    The print job filename that was submitted and the type of print client that submitted the print job.

Managing Audit Logs

You can manage your audit logs by using the buttons on the Auditing Management page. When audit logs are no longer needed, you can manually delete them. To automatically save and create new logs, see Configuring Automatic Log Rotation.

The active audit log file (audit.csv) logs data for all printers that have been enabled for auditing. You can generate a report from this file or you can move the data to a saved file by using the Start New Audit Log option. You cannot download the audit.csv file. To download a file, it must be saved as a separate audit log. When you move the data to a saved audit log by using the Start New Audit Log button, the log file is named auditxxx.csv, where xxx is the next sequential number of the log. After a log file is saved, you can download the file to your workstation and import it into a spreadsheet program.

Configuring Automatic Log Rotation

Audit Log Rotation automatically creates a new log when certain criteria are met.

  1. In the Print Manager Health Monitor, click Advanced iPrint Manager Information > Auditing > Configure Log Rotation.

  2. Select Enable Audit Log Rotation.

  3. Specify the number of logs to keep.

    When the number of logs to keep is reached, the oldest log is deleted when the next log is created. When setting this number, take in to account the criteria you are using to create new log files. If you want a year’s worth of logs, set the number of audit logs to keep to 12 and then select the By Date and By Month options.

  4. Specify the criteria used for log rotation:

    By Job Count: Specify the maximum number of print jobs that an audit log can contain before a new log is created.

    By Date: Select when you want the audit logs to rotate.

    • Day: The log rotates each day at midnight.

    • Week: The log rotates each Sunday. If the Print Manager is not loaded on Sunday, the log is rotated the next time the Print Manager starts.

    • Month: The log rotates at midnight on the first day of the month.

    NOTE:If you select Day or Week, ensure that the Maximum Number of Audit Logs to Keep entry is large enough so that logs are not rotated before you need the data.

    By File Size: Specify the maximum file size (in KB) before a new log is created. The maximum file size is 4194304 KB.

Downloading an Audit Report

When the file is downloaded, you can open the report in a spreadsheet application to sort, view, and format the data to meet your needs. The active audit log, audit.csv, cannot be downloaded. You must first start a new audit log by clicking the Start New Audit Log option, then download the newly created audit log.

  1. On the Print Manager Health Monitor main page, click Advanced iPrint Manager Information > Auditing.

  2. Right-click the name of the audit log you want to download, then click Save Target As.

  3. Follow the prompts and save the file to the desired location.

Creating Additional Print Managers

A Print Manager must be created and running before you can create and associate printers. A Print Manager provides a platform for Printer Agents, which are logical representations of printers that reside on the server. You can manually load Print Managers on a server.

Use the following guidelines to determine where and when to place a Print Manager:

  • Only one Print Manager can be running on a server.

  • For optimal performance, place the Print Manager and the printers it controls on the same LAN segment.

  • Consider distributing your printers across multiple Print Managers so that if one manager goes down, not all of the Printer Agents are affected.

You need the Supervisor right for the container where the Print Manager object is to reside.

  1. In iManager, click iPrint > Create Print Manager.

  2. Specify the Print Manager name for the iPrint Manager object.

  3. Specify the container name where you want the Manager's object to reside.

  4. Specify an eDirectory server you want the iPrint Manager to communicate with.

    For fault tolerance, you can specify more than one eDirectory server from the same tree. For more information, see Changing the eDirectory Server Assignment.

  5. Specify the Driver Store name.

  6. Select the Start print manager after creation check box.

    If you do not select the Start print manager after creation check box, you should start the Print Manager. You can start the Print Manager by using Manage Print Manager > Manager Control in iManager or by entering /etc/init.d./novell-ipsmd start at a command prompt.

    IMPORTANT:In a cluster setup, do not select the Start print manager after creation check box.

  7. Click OK.

    After the Print Manager is created, the daemon is loaded on the server.

To modify the Print Manager properties, click Manage Print Manager, then select the manager you want to modify.

For information about Access Control roles, see Setting Access Control for Your Print System.

Loading or Unloading the Print Manager

You can start and stop the Print Manager in two ways:

Using the Command Line

The Print Manager uses init scripts for starting and stopping the daemon. To load the Print Manager from the command line, enter/etc/init.d/novell-ipsmd start.

The following init script actions are also valid:

Table 11-3 Print Manager Actions

Action

Description

start

Starts the daemon.

stop

Stops the daemon.

reload or force-reload

Stops and then starts the daemon.

restart

Restarts the daemon.

try-restart

Tries restarting the daemon.

status

Displays the status of the daemon and the name of the Print Manager.

Using iManager

On the Manager Control Property page, you can view the Print Manager’s status and unload or load the manager daemon.

  1. In iManager, click iPrint > Manage Print Manager.

  2. Browse to and select the Print Manager you want to control.

  3. Click Manager Control > Shutdown to stop Print Manager.

  4. Click OK.

Moving Print Managers to Another Linux Server

Sometimes it is necessary to move the Print Manager from one server to another. If you assigned a host name to the Print Manager, you should update the DNS entry with the new IP address that the Manager is running on when the move is completed; otherwise, you cannot manage the Print Manager and users are cannot print.

IMPORTANT:The URLs generated by iPrint are based on the server’s IP address or a host name. If you move a Print Manager to a server that has a different IP address or a different host name than is currently being used, a new URL is generated for each printer. Users must delete and reinstall their iPrint printers. If you are using NDPS Printers, printing is not affected.

  1. In iManager, click iPrint > Manage Print Manager.

  2. Browse to and select the Print Manager you want to move, then click OK.

  3. Click Shutdown.

    Ensure all pending print jobs are complete else the jobs are lost.

  4. On the Manager Control page, click Move.

  5. Fill in the fields:

    Target Server: Specify the host name or IP address for the server that is to host the Print Manager. For example, 192.0.34.166 or print.my_company.com.

    iPrint Service Name: Displays the IP address or host name for the iPrint service.

    eDir Server: Specify an eDirectory server that you want the Print Manager to communicate with.

    If you are using a host name, you must update your DNS host tables to reflect the move.

  6. Click OK to move the Print Manager.

    The Print Manager is moved and loaded on the destination server.

Auto Driver/Profile Update

An auto driver/profile update allows you to automatically update the client with the latest drivers and the modified profiles available on the server, without users needing to manually update the driver or profile. If you make any changes to the driver in the Driver Store or modify the profile, the client is prompted for the changes and the client is updated.

NOTE:The client might take few seconds to 24 hours to reflect the changes.

To enable the auto driver/profile update:

  1. Upload the updated driver.

  2. Create or modify the profile.

    For more information on how to create the profile, see Using Printer Driver Profiles.

  3. Enable the auto driver/profile update:

    1. In iManager, click iPrint > Manage Print Manager.

    2. Browse to and select the Print Manager for which you want to enable the auto driver/profile update.

    3. Click Printer Agents.

    4. Select the Auto driver/profile update for the Printer Agents for which you want to enable auto driver/profile update.

    5. Click OK.

Enabling Printer Agent Redirection

Printer Agent Redirection is useful when you are decommissioning an iPrint printer and want to automatically redirect printing to a different iPrint printer without users manually deleting and reinstalling the printer. Redirection can continue even after you delete the Printer Agent for iPrint printers only.

Printer Agent Redirection is supported with the iPrint client for Windows v4.26 or later.

With Printer Agent Redirection enabled by entering a Printer Redirect URL, the client attempts to access the printer and is then redirected to the new printer. The client verifies that it can access the new printer before deleting the installed printer and installing the new printer.

Before implementing Printer Agent Redirection, you should be aware of the following:

  • When you redirect a mobile-enabled printer, you must ensure the redirected printer is also mobile-enabled else the job fails to print. For example, Printer1 is redirected to Printer2. Later, if you mobile-enable Printer1, you must ensure to mobile-enable Printer2 before sending a print job.

  • When you redirect a Printer Agent, the iPrint Printer List Web page is automatically updated to install the redirected printer. This means when a user clicks to install a printer listed from the list page, the link has been updated to install the redirected printer.

    For example, you redirect a Printer Agent that has the name of Printer_1_Color to a printer called Color_Printer. On the iPrint Printer List Web page, the user sees and clicks Printer_1_Color. After the printer is installed, the printer listed in the Windows Printer Folder is Color_Printer.

  • Printers on maps are not automatically redirected. If you are using maps and you redirect the Printer Agent, you need to also update your map and republish it to show the newer Printer Agent. You should update the map before enabling Printer Agent Redirection because as soon as you enter a redirection URL, the link on the map is broken and any user clicking the link in the map receives an error.

  • If you redirect a Printer Agent to another printer that is also being redirected, the iPrint client attempts to install the final destination printer; however, this might cause undesired results.

    For example, if you have redirected Printer_1_Color to Color_Printer, and then redirect Printer_A to Printer_1_Color, the iPrint client attempts to install Color_Printer for Printer_A.

  • You should enable Printer Agent Redirection before deleting a printer; otherwise, when the client accesses the Print Manager and cannot find the associated Printer Agent for an installed printer, the installed printer is deleted.

  • WalkUp printers cannot be redirected.

IMPORTANT:If you are using iPrint Client Management, you should not use Printer Agent Redirection. Using Printer Agent Redirection for printers being used by iPrint Client Management can cause undesired results.

Instead, you should update iPrint Client Management with the desired printers.

Managing Printer Agent Redirection

Before deleting Printer Agents from a Print Manager, you should enable Printer Agent Redirection for iPrint printers by entering another printer URL. By adding the URL before deleting the printer, workstations can update to the newest printer.

The Printer Agent Redirection lists include NDPS and iPrint printers. If you enable redirection for NDPS printers, then install the iPrint client on the workstations and edit the UpgradeNDPSPrinter= entry in the iprint.ini file, NDPS printers can be upgraded. However, if you delete an NDPS Printer Agent, redirection is discontinued.

NOTE:By default, the iprint.ini file is located at: /var/opt/novell/iprint/htdocs/iprint.ini.

  1. In iManager, click iPrint > Manage Print Manager.

  2. Browse to and select a Print Manager.

  3. Click Printer Agent Redirection.

  4. For each Printer Agent you want to redirect, use the browse button to select the Printer object in eDirectory to ensure that you use the correct URL.

    If the printer resides in a different tree, you can manually enter the URL in the following format: ipp://server/ipp/pa_name where server is the IP address or host name of the server and pa_name is the Printer Agent.

  5. Click Apply.

    Each URL is validated to ensure that the format is valid and that the Printer Agent is available. An error is displayed when the URL cannot be validated.

Managing Deleted Printer Agent Redirection

Each time a Printer Agent is deleted, it is moved to the Deleted Printer Agent Redirection list. Periodically, you should review this page and delete printers that are no longer being accessed or printers where redirection was not enabled.

  1. In iManager, click iPrint > Manage Print Manager.

  2. Browse to and select a Print Manager.

  3. Click Printer Agent Redirection > Deleted Printer Agent Redirection.

  4. Select the Printer Agents to delete.

    Use Printer Last Accessed Time and Printer Deleted Time to determine if users are still attempting to access a specific printer and if sufficient time has passed that you can delete Printer Agents from the list.

  5. Click Apply.

    Each URL is validated to ensure the format is valid and that the Printer Agent is available. An error is displayed when the URL cannot be validated.

11.3.4 Managing Printers

Although the default settings let users print without additional configuration, you might want to modify some of those settings so that you can manage your printing resources most effectively.

Creating Secure Printers

You can set up a secure printing environment by using the following methods:

Setting Access Control for Your Print System

Your print system is designed to take full advantage of eDirectory. You receive all the benefits of eDirectory security and ease of management provided by the industry’s most advanced and robust directory service. The Access Control feature lets you specify the access that each User, Group, or Container object has to your printing resources. Currently, access control for printers is only supported on the Windows iPrint Client.

Access control roles are mutually exclusive, even though the same individual might need to perform tasks reserved for different roles. For example, only Printer Managers can add or delete printer operators or printer users. In a similar way, managers and operators must also be designated as users for a printer before they can submit print jobs to it.

In actual implementation, the defaults prevent most problems that might occur from these distinctions. For example, a manager is automatically designated an operator and user, and an operator of a printer is automatically designated a user of that printer.

The creator of an object is automatically granted privileges for all available roles for the type of object being created.

The following sections describe some of the security issues and features you might find useful as you plan your print system setup:

Setting Access Control for Printers

Printer security is ensured through the assignment of the manager, operator, and user access control roles and by the strategic placement of your printers and printer configurations.

Printer Access Control Roles

Different User, Group, or container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each user should have.

The following table describes the rights and privileges associated with each of the printer access control roles:

Table 11-4 Printer Access Control Roles

Role

Description

Manager

Tasks performed exclusively by the Manager are those that require the creation, modification, or deletion of objects, as well as other eDirectory administrative functions. Managers are automatically designated as Operators and Users, so they can perform all tasks assigned to those operator roles. Typical manager functions include the following:

  • Modifying and deleting Printer objects

  • Adding or deleting operators and users for a printer

  • Adding other managers

  • Configuring interested-party notification

  • Creating, modifying, or deleting printer configurations

Operator

Operators are automatically designated as Users, so they can perform all tasks assigned to Users roles. Printer management tasks performed by the operator include the following:

  • Performing all of the functions available through the Printer Control page

  • Pausing, restarting, or reinitializing printers

  • Reordering, moving, copying, and deleting jobs

  • Configuring print job spooling

Operators cannot create, modify, or delete eDirectory objects or perform other eDirectory administrative functions.

User

Tasks performed by users include the following:

  • Submitting print jobs

  • Managing print jobs they own (users cannot copy, move, reorder, or remove jobs they do not own)

To simplify administration, the container a printer resides in is automatically assigned as a user for that printer, so all users in that container and its subcontainers can use that printer without being added to the list. You can delete the container from the list if you want to limit access to certain users, groups, or roles.

Assigning Printer Access Control Roles through Printer Objects

Different User, Group, or Container objects can have different access rights to the same printer. For example, if you want only certain users to be able to send jobs to a particular printer, you can specify which users should have access and what access roles each user should be given.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to enable Access Control for.

  3. Click the Access Control tab.

    1. For local eDirectory users.

    2. For Microsoft Identity users, refer to Configuring Printer ACLs.

  4. Add or delete Users, Groups, or Container objects to the different access control roles.

  5. Click OK.

Setting Access Control for the Print Manager

Print Manager security is ensured through the assignment of the manager access control role.

Print Manager Access Control Role

The only access control role available for the Print Manager is that of manager. The following table explains the tasks performed by the manager role:

Table 11-5 Print Manager Access Control Role

Role

Description

Manager

Tasks performed exclusively by the manager are those that require the creation, modification, or deletion of print system objects, as well as other eDirectory administrative functions. Typical manager functions include the following:

  • Creating Printer Agents and Print Manager objects

  • Adding or deleting operators and users for a printer

  • Adding other managers

  • Configuring interested-party notification

  • Creating, modifying, or deleting printer configurations

Assigning the Manager Role for Print Managers

To create manager assignments for your Print Manager objects:

  1. In iManager, click iPrint > Manage Print Manager.

  2. Browse to and select the Print Manager you want to enable access control for.

  3. Click the Access Control tab.

  4. Add or delete Users, Groups, or containers to the manager role.

  5. Click OK.

Setting Access Control for the Driver Store

The Driver Store security is ensured through the assignment of manager access control roles.

Driver Store Access Control Roles

The access control roles available to the Driver Store are manager and public access user. The following table explains these roles:

Table 11-6 Driver Store Access Control Roles

Role

Description

Manager

Tasks performed exclusively by the Driver Store manager are those that require the creation, modification, or deletion of Driver Store objects, as well as those that involve other eDirectory administrative functions. Typical manager functions include the following:

  • Creating, modifying, and deleting Driver Store objects

  • Adding other managers

  • Adding resources to the Driver Store

Public Access User

A public access user is a role assigned to all entities on the network that are users of resources provided by the Driver Store. This role is assigned by default and does not require specific administrative action by the Driver Store manager. Typically, Print Managers refresh their cached copies of printer drivers for the printers they are hosting with updated printer drivers from the Driver Store.

Assigning Managers for the Driver Store

To create Manager assignments for your Driver Store objects:

  1. In iManager, click iPrint > Manage Driver Store.

  2. Browse to and select the Driver Store you want to enable access control for.

  3. Click the Access Control tab.

  4. Add or delete Users, Groups, or Containers to the manager role.

  5. Click OK.

Using SSL/TLS for Secure Printing

Secure printing takes advantage of SSL, which requires users to authenticate with their eDirectory usernames and passwords. Users authenticate once per eDirectory tree per session. Between the client and the Print Manager, the print data is encrypted and all print communication uses port 443. Without secure printing, the printer is available to anyone inside the firewall on the network and the print data is not encrypted to the server. Secure printing works in conjunction with the security level set for the printer. All print data between the server and the printer is not encrypted because most printers do not support encrypted data. Also, when you enable iPrint Direct, data is not encrypted between the client and the printer.

If you are using the latest iPrint Client and server software, iPrint automatically attempts to use TLS for printing on port 631. TLS printing supports encrypted and non-encrypted print communication through port 631. Whether or not encryption is used is dependent on the secure printing setting of the Printer Agent. If secure printing is enabled on a printer, the user is required to authenticate, and the print data is encrypted. If secure printing is not enabled, the user does not authenticate and the print data is not encrypted.

Beginning with iPrint Client 4.05, both non-secure and secure printing URLs use ipp://.

Enabling SSL/TLS

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the Printer object you want to modify.

  3. Click Client Support > iPrint Support.

  4. Select the Enable Secure Printing check box.

    If a WalkUp printer is selected this option is not available. All WalkUp printers are secure printers.

  5. Click Apply or OK to update the printer settings.

Saving Passwords for Secure Printers

When users print to a secure printer, they are prompted for the eDirectory username and password. Users can select to have their workstations remember their password for printing. For Windows NT/2000 users, passwords are saved on a per-user basis.

Configuring TLS Printing with Proxies

To use a proxy with secure printing:

  1. Create a file in /etc/opt/novell/httpd/conf.d named mod_proxy.conf.

  2. Add the following lines to the file:

    LoadModule proxy_module /usr/lib/apache2-worker/mod_proxy.so
    LoadModule proxy_connect_module /usr/lib/apache2-worker/mod_proxy_connect.so
    LoadModule proxy_http_module /usr/lib/apache2-worker/mod_proxy_http.so
    
    # This is the port the proxy will listen on
    Listen 8080
    
    ProxyRequests On
    ProxyVia On
    <Proxy *>
        Order deny,allow
        Allow from All
    </Proxy>
    AllowCONNECT 631 443
    
  3. Set the proxy port on the client to 8080.

  4. Restart Apache.

To set up a Squid proxy:

IMPORTANT:Implementing the following changes lets your users print using TLS; however, there are security risks involved. Contact your Security Administrator before completing these steps.

  1. Rename the Squid configuration file by using the following command: mv /etc/squid/squid.conf /etc/squid/squid.conf.orig

  2. Create a new /etc/squid/squid.conf file.

  3. Add the following lines to the file:

    http_port 3128
    
    #acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 80 443 563 631
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443 563 631 # https, snews
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT
    
    acl ipp_access port 631
    http_access allow all
    miss_access allow all
    http_access allow CONNECT ipp_access
    http_reply_access allow all
    icp_access allow all
    miss_access allow all
    ignore_expect_100 on
    
  4. Set the proxy port on the client to 3128.

  5. Restart Squid.

Password Caching

When users change their passwords, secure printers might continue printing with the old password for up to 10 minutes. This is caused by caching inside the iPrint LDAP authentication module, and affects only the users created inside the local eDirectory tree on iPrint Appliance.

Creating Additional Printers

Before creating additional printers, ensure that you meet the following prerequisites:

  • Have the Supervisor right for the destination container where its associated Printer object is to reside.

  • Be designated as a manager of the Print Manager that controls this printer.

  • Have a Driver Store running.

  • Have a Print Manager running.

To create additional printers:

  1. In iManager, click iPrint > Create Printer.

  2. Fill in the fields.

    Click Help for explanations about the fields.

  3. Click OK.

  4. Click Next, then select the drivers for this printer.

    If the printer drivers for this printer are not listed, you can still create the printer. After the printer is created, you can add the printer drivers to the Driver Store and then associate the drivers to the printer by clicking Manage Printer > Drivers.

    These drivers are automatically downloaded to users’ workstations when they install the printer in the future.

    Because the list of printer drivers included with this product is limited, you can add drivers to the Driver Store. See Updating Printer Drivers for more information.

    If you do not select a driver, users are prompted to provide a disk with the appropriate driver the first time they install this printer on their workstations.

  5. Click Next to create the printer.

Deleting Printers

You use iManager to delete existing Printer Agents. Before deleting a Printer Agent, ensure that the agent is no longer being used by running an report on the printer or by using Printer Agent Redirection to redirect the printer for a period of time before deleting it.

WARNING:Deleting a printer permanently removes the printer from the Print Manager. You cannot use Printer Agent Redirection. The printer is automatically removed from workstations the next time the workstation communicates with the Print manager.

  1. In iManager, click iPrint > Delete Print Object.

  2. Browse to and select the objects you want to delete.

  3. Click OK.

Managing Printer Agents

You use iManager to manage Printer Agents. You can start up and shut down a Printer Agent, pause and resume input and output, view printer information, set configuration settings, and change the printer drivers.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to manage.

  3. Use the tabbed property pages to complete the task you want.

Using Printer Driver Profiles

A printer driver profile allows you to set the driver defaults for a Windows printer driver. When you associate the printer driver profile to a printer, the printer is installed and configured with your defined settings. For example, in a law office you might want the default paper size to be legal size. This means that every time the printer and its corresponding driver is installed on a workstation, the paper size is set to legal size.

When creating a printer driver profile, you work directly with a platform-specific printer driver; so you should create and modify profiles from the same operating-specific platform as the printer driver. For example, to create or modify a Windows 2000 printer driver profile, you must access iManager and complete the task from a Windows 2000 workstation.

Use the Bi-Directional driver option to enable the selected printer driver to communicate with the printer. Bi-Directional communication allows the driver to communicate with the printer and discover its capabilities. This enables you to create more detailed profiles. Bi-Directional drivers communicate with the printer during profile creation. If your printer is not reachable from the client during profile creation, only basic profiles are created. When you create a profile for Bi-Directional drivers, you must provide a Printer Agent.

Use the Universal Printer Driver (UPD) model to simplify the task of managing the vast array of printer makes and models. This model allows the printer vendor to create a single printer driver that works with most of the printer and multifunction devices that the vendor manufactures. With this innovation, the Administrator/User no longer needs to install a unique driver for each and every printer model, but uses one driver to communicate with their devices.

Installing the UPD on the iPrint server (NetWare or Linux) is the same as installing individual drivers. Use iManager to upload the driver to the Broker or Driver Store and then assign this driver to the printers. You should use the latest iManager and also the latest support packs/updates for the iPrint server. The latest updates include support for Windows 7, printer driver profile updates, and enhancements for bidirectional communications, which are necessary for UPD function and printer driver profile creation.

You can create, copy, delete, and modify the printer driver profiles.

Creating a Printer Driver Profile

  1. In iManager, click iPrint > Printer Driver Profile.

  2. Browse to and select the Print Manager where you want the driver profile to be stored and made available to the printers on that manager.

  3. From the Select operation drop-down menu list, select Create Printer Driver Profile and click OK.

  4. In the Create driver profile window, perform the following tasks:

    1. Specify the Driver Profile name.

      You can create a new driver profile or you can use the existing driver profile.

    2. To create a new driver profile, select Create new driver profile and then select the driver for new profile from the list.

      NOTE:If you are enabling printer communication for a WalkUp printer, you must select the driver of a non-WalkUp printer. Ensure the same driver is used for WalkUp printer.

    3. To use the existing driver profile, select Create using existing driver profile and then select the driver profile from the list of existing driver profiles.

      The associated printer model of the selected driver profile is displayed.

    4. To enable printer communication, select the Requires printer communication check box.

    5. Specify the name of the existing Printer Agent in the iPrint Printer name field. The driver profile is created and associated with the printer model.

      Ensure that your printer is reachable from the client during profile creation, or only basic profiles are created.

      NOTE:Do not specify a WalkUp printer because it is a virtual print queue and not associated with a printer model. Instead specify a non-WalkUp printer.

    6. Click Next.

      The Loading Driver Configuration window appears and shows the progress.

    7. When the driver profile is loaded, the Save Driver Profile page is displayed. Click Next.

      The complete page opens.

    8. Click OK.

      The driver profile is created.

      After creating a printer driver profile, you must associate it with a printer. For information on associating the driver profile, see Associating a Printer Driver Profile with a Printer.

Modifying a Printer Driver Profile

  1. In iManager, click iPrint > Printer Driver Profile.

  2. Browse to and select the Print Manager where you want the driver profile to be stored and made available to the printers on that manager.

  3. From the Select operation list, select Modify Printer Driver Profile and click OK.

  4. Select the Driver Profile that you want to modify and click Next.

    You can select only one driver profile at a time for modification.

  5. (Optional) Specify the name of the existing Printer Agent in the iPrint Printer name field and click Next.

    Ensure that the printer model matches the profile printer model.

    This option is displayed only if the printer model is displayed.

    The printer model is displayed if you have selected Requires printer communication when creating the printer driver profile.

    The Loading Driver Configuration window is displayed to indicates the progress.

  6. When the driver configuration is completed, the Modify Driver Profile page is displayed. Click Next.

    The complete page is displayed.

  7. Click OK.

    The driver profile is modified.

Copying a Printer Driver Profile

  1. In iManager, click iPrint > Printer Driver Profile.

  2. Browse to and select the Print Manager where you want the driver profile to be stored and made available to the printers on that manager.

  3. From the Select operation drop-down list, select Copy Printer Driver Profile, then use the Destination printer manager name list to select the Printer Manager where you want to copy your driver profile. Click OK.

  4. Select the Driver Profiles that you want to copy and click Next.

    The complete page is displayed.

  5. Click OK.

    The driver profile is copied.

Deleting a Printer Driver Profile

  1. In iManager, click iPrint > Printer Driver Profile.

  2. Browse to and select the Print Manager where the driver profile that you want to delete is stored.

  3. From the Select operation drop-down list, select Delete Printer Driver Profile and click OK.

  4. Select the driver profiles that you want to delete and click Next.

    The complete page is displayed.

  5. Click OK.

    The driver profile is deleted.

Associating a Printer Driver Profile with a Printer

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to modify.

  3. Click Drivers > Drivers Platform.

  4. Select the printer driver from the list of available drivers.

  5. Select the profile that you want to associate with this printer from the list of Available Driver Profiles for Selected Driver.

    If you do not want a profile to be associated, select None.

  6. Click OK to save the changes.

Enabling iPrint Direct

A printer that is enabled for iPrint Direct sends print jobs directly to the printer instead of sending the job to the Print Manager first. A job is sent to the printer in LPR or raw 9100 format, depending on the setting in the gateway autoload command for the printer. Although this greatly reduces server communication, the ability to audit print jobs is lost. iPrint Direct supports direct banner printing (if the banner is already configured) and driver updates. The printer information is gathered directly from the printer by using SNMP.

NOTE:Direct Banner for iPrint Direct is supported only on Windows.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer for which you want to enable iPrint Direct printing.

  3. Click Client Support > iPrint Direct.

  4. Select the Enable iPrint Direct Printing option.

    This option is not available for a WalkUp printer.

  5. Click OK.

NOTE:For detailed information on iPrint Direct, see Technical Information Document (TID#7001343) on the Novell Support Site.

Managing Print Jobs

The following sections provide specific information about the print job management features. Users designated as managers or operators for a printer can perform these tasks for all jobs routed to that printer; individual job owners can perform these tasks only for their own print jobs.

Viewing Print Job Information

You can view information about individual print jobs waiting to be processed by a specific printer.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer the job was sent to.

  3. Click Printer Control > Jobs. Information about the print jobs is displayed.

    If a WalkUp job is selected the Pause, Resume, and Promote buttons are not available.

Deleting Print Jobs

Administrators can delete any print job after it has been submitted if the job has not yet started printing. Users can delete only their own print jobs.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer the job was sent to.

  3. Click Printer Control > Jobs.

  4. Select the check box next to the job you want to delete.

  5. Click Delete.

Changing the Order of Print Jobs

Occasionally, you might need to print a job ahead of other jobs that have already been submitted to a printer but have not yet started printing. Administrators, managers, and operators can move any job up or down the list. Users can move only their own jobs, and can move them only down the list.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer the job was sent to.

  3. Click Printer Control > Jobs.

  4. Select the check box next to the job you want to modify.

  5. Click Promote to move a print job up the list.

    If a WalkUp job is selected the Promote button is not available.

Using Printer Banner Pages

Banner pages create a cover sheet for each print job that a printer produces. You use the Printer Banner Configuration task to customize the information printed on a banner to your needs. If you select to display eDirectory information such as the eDir e-mail address, the Print Manager needs rights to read these attributes. Follow the steps in Using eDirectory Attributes with Custom Banners.

Configuring a Custom Banner

  1. In iManager, click iPrint > Printer Banner Configuration.

  2. Browse to and select the Print Manager you want.

  3. Select an operation and click OK.

    Create Custom Banner: Lets you create a new custom banner.

    Delete Custom Banner: Lets you delete an existing banner.

    Modify Custom Banner: Lets you edit the settings of an existing custom banner profile.

  4. Complete the fields with the information you want. If you create multiple banners, you should use banner names that are descriptive enough to identify them when you associate the banner to a printer.

  5. Select the Banner Text Location.

    This is where the banner option information appears on the banner page. The banner information is grouped together and then placed as a unit either starting at the top of the page, centered on the page, or starting at the bottom of the page.

  6. Select the banner options you want and the font size you want to display the information.

  7. Click OK to save the changes.

Associating a Custom Banner to a Printer

  1. In iManager, click iPrint > Printer Banner Configuration.

  2. Browse to and select the Print Manager where the Printer Agents are hosted.

  3. Select Assign Custom Banner, then click OK.

  4. From the Custom Banner drop-down list, select the banner you want.

  5. Select the check box next to each printer you want this banner associated with.

    When you select the check box, the banner name appears in the Assign Banner field. To associate a different banner, select the desired banner from the Custom Banner drop-down list, and select the check box for the printer you want to change. If you do not want a banner to be used, select None.

You can also assign banners when you use the Manage Printer task.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to modify.

  3. Click Configuration > Custom Banners.

    This option is not available for a WalkUp printer.

  4. In Available Banners, select the banner that you want this printer to use.

  5. Click OK to save the changes.

    If you select to display eDirectory information such as the eDir e-mail address, the Print Manager needs rights to read these attributes. Follow the steps in Using eDirectory Attributes with Custom Banners.

Using eDirectory Attributes with Custom Banners

Custom banners lets you select the information you want displayed on the banner page. Some of the banner options use information contained in eDirectory. In order for the Print Manager to obtain this information, you must modify the trustee rights and give the Print Manager read rights to these properties. Because rights flow down the eDirectory tree, you can assign the trustee right at a container level above the users, or to the tree.

  1. In iManager, click Rights > Modify Trustees.

  2. Select the container or tree where you want to modify the rights.

  3. Click Add Trustee, then select the Print Manager object.

  4. Click Add Property, then select the Show All Properties in Schema check box.

  5. Select the attributes that you want:

    Banner Option

    eDirectory Property

    eDir mail stop

    mailstop

    eDir e-mail address

    EMail Address

    eDir location

    L

    eDir telephone number

    Telephone Number

    eDir user first name

    Given Name

    eDir user full name

    Full Name

    eDir user last name

    Surname

  6. Click OK.

  7. Ensure that at least the Read right is selected.

  8. Click Done.

NOTE:If your client, printer, and server are not all configured for the same language, you might experience problems with the output of your banner pages, such as the job name being corrupted. If you are working in this type of mixed environment, you should consider not using banner pages.

Modifying the Printer’s Gateway Load Commands

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to modify.

  3. Click Configuration > Gateway.

    This option is not available for a WalkUp printer.

  4. Edit the gateway autoload command.

    The following table describe the gateway load commands and parameters that can be used.

    Gateway Load Parameters

    Description

    IPRINTGW

    The gateway executable that is loaded for the Printer Agent.

    PA=

    The name of the Printer Agent to be supported by this gateway instance.

    PORT=

    The port on the physical printer to be used for print job submission. Valid values are:

    LPR: Specifies the LPR print protocol and resolves to the standard LPR port - 515.

    RAW: Specifies the RAW print protocol and resolves to the default RAW port - 9100 unless the port number is specified separately in the load string. Port 91 can also be used instead of 9100.

    Number: The actual port number for the physical printer.

    NODATA: Specifies the LPR print protocol, but document data is not submitted to the physical printer.

    NULL: SNMP and ping are disabled for this gateway instance. Document data is not submitted to the physical printer.

    STRICTLPR

    Limits the port number on the gateway side of LPR communication to the standard LPR range of sockets (721 - 1020).This parameter is needed only for some older printers that enforce the range of ports specified by the original LPR specification for LPR clients.

    HOSTADDRESS=

    HOSTNAME=

    HOST=

    IPADDRESS=

    Any of these specifies the hostname / IP address for the physical printer to be supported by this gateway instance.

    NOTE:If the hostname / address value has :nn at the end of the value, the port number for the printer is derived from this value.

    However, the most common approach is to specify the port with the PORT= parameter.

    PRINTERNAME=

    PRINTER=

    The printer / queue name for LPR protocol print sessions to the physical printer. The default value is PASSTHROUGH.

    USERNAME_CN

    Passes only the user name for LPR communication.

    For example, if the user name is admin and container is novell, then on passing this parameter, the user name passed is "admin". If this parameter is not passed, the user name is passed in FQDN format (admin.novell).

    USERNAME_TRUNCATED

    Truncates the length of the user name to 31 characters as per standard LPR protocol.

    GETCOMMUNITYSTRING=

    GET=

    Specifies the community string for SNMP requests. This is only needed when a printer has been configured with a community string that is different from the default string "public".

    SQUERYACTIVE=

    Specifies the interval between SNMP requests to the physical printer while the printer is idle. The default value is 300 seconds (5 minutes).

    SPOLL=

    Specifies the interval between SNMP requests to the physical printer while the printer is active or idle.

    SETCOMMUNITYSTRING=

    Sets the community string to be used for the SNMPGet and GetNext requests.

    JPOLL=

    Sets the job polling interval (in seconds).

    NOTE:When the JPOLL option is not set, the job polling interval is 2 seconds.

    NOSNMP

    Disables SNMP requests for this gateway instance to its respective physical printer.

    WAITONPRINTER=

    Specifies the number of minutes to timeout for communication to the physical printer.

    NOTE:For write attempts, this parameter is only effective if the value is greater than the minimum default timeout value. If SNMP is disabled by the NOSNMP or the NULL parameter, the minimum default is 15 minutes. If SNMP is active, the minimum default is 5 minutes.

    THROTTLE=

    Specifies a delay of nn seconds while establishing communication with the physical printer and between print jobs. This is primarily used for solving a problem where the end of a job is lost when submitting an LPR job to a windows system.

    KYOCERA=

    Sets the Printer Manufacturer (Make) attribute for this Printer Agent to "Kyocera".

    RICOH=

    Sets the Printer Manufacturer (Make) attribute for this Printer Agent to "Ricoh".

    TROY=

    This has no effect.

  5. Click OK to save the changes.

Configuring LPR Printers

To complete the LPR configuration, users need to know the LPR Host and the LPR Printer/Queue information, which is the Printer Agent name, provided in iManager. The iPrint Client is not required for LPR printing.

UNIX, Macintosh, and other LPR clients can print to iPrint printers through LPR.

IMPORTANT:In order for LPR to work, the Printer Agent name cannot contain spaces. If it does, you need to re-create the Printer Agent or select a different printer.

To set up an iPrint printer to accept LPR print jobs, you need to enable LPR/LPD printing for the printer.

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to enable LPR printing for.

  3. Click Client Support > LPR Support.

    This option is not available for a WalkUp printer.

  4. Select the Enable LPR/LPD Client Support check box.

    The LPR Host and LPR Printer/Queue fields display information required when setting up printing for Macintosh, UNIX, or other LPR clients.

    LPR Host: The server name where the Print Manager is running.

    LPR Printer/Queue: The same as the Printer Agent’s name. The Printer Agent name cannot contain any spaces; otherwise, LPR does not work properly.

  5. (Optional) Enable the following options:

    Filter All LF to CRLF and Append FF to Jobs: Selecting this check box changes bytes in the LPR data stream of all incoming LPR print jobs from Line Feeds to Carriage Returns with Line Feeds and appends a Form Feed to the end of the print job. Typically, these changes are made at the LPR client; however, if you are sure of your users’ configurations, you can implement this option.

    Address Ranges: Add an address range only if you want to restrict access to this printer to LPR clients within the address range. When the list is empty, all addresses are allowed to print (default).

  6. Click Apply or OK to update the printer settings.

  7. From the UNIX, Macintosh or other LPR client, set up a printer using the LPR Host and LPR Printer/Queue information displayed in Step 4.

Configuring Job Holds

  1. In iManager, click iPrint > Manage Printer.

  2. Browse to and select the printer you want to modify.

  3. Click Configuration > Job Holds.

    This option is not available for a WalkUp printer.

  4. Modify the settings.

    Operator Hold: A job does not print until the operator releases it.

    User Hold: A job does not print until the user who has submitted the job releases it.

  5. Click OK to save the changes.

11.3.5 Using iPrint Client Management

iPrint Client Management (iCM) includes functionality similar to the Remote Printer Management feature included in Novell Distributed Print Service, which lets you designate printers to be installed on a workstation when a user logs in to the workstation using the Novell Client. Previously, this functionality was only available with NDPS printers, but now it is available for iPrint printers. iCM also lets you control the iPrint Client configuration, making it easier to configure the iPrint Client without visiting each workstation. When the user logs in to the workstation using the Novell Client, the iPrint Client settings you designate are configured on the user’s workstation.

iCM is available for Windows 2000/XP/2003/2008/Vista/7/8/8.1/2012/2012 R2 workstations, and requires the following:

  • iPrint iManager plug-in for Linux or the iPrint iManager plug-in for NetWare dated May 2006 or later

  • Novell iPrint Client v4.17 or later (install after the Novell Client)

  • iprint.ini

  • eDirectory schema update from NetWare 6.5 Support Pack 8 or later.

NOTE:iPrint Client Management does not support dynamic groups.

IMPORTANT:Novell iPrint Windows Client components of version 5.72 and later do not require the Novell Client. However, Novell iPrint Windows Client components of versions prior to 5.72 need Novell Client 4.91 for Windows 2000/XP/2003 or later. For more information, see Configuring iCM for Windows / Active Directory (AD) environments without Novell Client.

All of the required components are included in NetWare 6.5 Support Pack 8 except the Novell Client 4.91 for Windows 2000/XP, which is available from the Novell Support Web site.

The iPrint iManager plug-ins also work with Mobile iManager. Mobile iManager is available at Novell Downloads.

NOTE:You can install the iPrint iManager plug-in for NetWare NPM on Mobile iManager or iManager running on NetWare. You can install the iPrint iManager plug-in for Linux on Mobile iManager or iManager running on Linux or NetWare. Depending on your iManager configuration, you might see two iPrint roles. The iPrint role is for iPrint running NetWare tasks, and, the iPrint (Linux) role is for iPrint running Linux tasks.

With iCM, you manage a set of attributes on a given eDirectory tree regardless of whether the printers are hosted on an Open Enterprise Server NetWare or a Linux server, because iCM is configured and managed through eDirectory objects.

Use the following information to install and configure iCM:

Understanding the Schema Update

iPrint Client Management requires you to extend the eDirectory schema. The iprint.sch file (found in - /opt/novell/sch/iprint.sch) contains the schema extension, which adds some optional attributes to Organization, Organizational Unit, Groups, and User object class definitions. The attributes are:

  • iPrintiCMPrinterList

  • iPrintiCMClientTrayURI

  • iPrintiCMClientProxyURI

  • iPrintiCMClientFlags

Users should be able to read these new attributes on their user objects; however, if you plan to configure iCM at an Organization, Organizational Unit, or Group object level, users might need the Read right to read the attributes. The first time you access iCM on an Organization, Organizational Unit, or Group object in iManager, iManager attempts to assign the Read right to the attributes. Then users should be able to read these attributes through inheritance on subcontainers and groups. If iManager cannot assign the read right to the Organization, Organizational Unit, or Group object, your configuration is saved, but a message appears explaining that rights to the attributes could not be granted. You need to grant rights to these iPrint attributes by using either the eDirectory Administration or Trustee task in iManager.

HINT:To avoid multiple explicit rights assignments for the iCM attributes, you should make your first iCM assignment as high in the eDirectory tree as possible so that the rights can flow down the tree. You could even make an iCM assignment so that the Read right is set, and then disable the iCM assignment because this does not remove the Read right to the attributes.

Deploying iPrint Client Management

  1. Distribute the iPrint Client version 4.26 or later.

    If the iPrint Client is already distributed, see Updating the iPrint Client.

    If you use iprint.ini to distribute the iPrint Client, you need to allow enough time for users to update to the new client before configuring iCM. If you do not allow enough time, the client attempts to update a workstation at the same time it is trying to deploy the settings in iCM.

  2. Configure iPrint Client Management in iManager.

    See Managing iPrint Client Settings or Automatically Installing Printers for more information.

Configuring iCM for Windows / Active Directory (AD) environments without Novell Client

The Novell iPrint Windows Client (version 5.72 and later) now supports Windows / Active Directory environments without the Novell Client. This new feature provides shared authentication with the Windows Login, and also supports iCM for printer distribution and client settings. The following prerequisites should be met:

  • Synchronization of users, groups, and containers (via Novell Identity Manager or a similar synchronization tool)

  • Standardization on LDAP user names that require unique user names and require the uniqueID attribute to be set

Managing iPrint Client Settings

You can standardize the iPrint Client settings for users by using iCM Client Configuration to define the attributes for an Organization, Organizational Unit, Group, or a User Object. The attributes are delivered as a complete set, meaning that if you change only one attribute, all of the attributes are delivered to the client. The changes are not additive, so you cannot change the value of an attribute for an object and change the value of a different attribute on another object. Only the set of attributes closest to the user’s object are used.

When a user logs in, iCM walks up the tree from the user’s container to the highest container in the user’s fully distinguished name. Then iCM starts applying the iCM attributes in each container as it walks back down to the user object. Then the user's group membership list is queried for the same attributes. Those closest to the User object have a higher priority. The set of attributes on or closest to the User object is always used.

WARNING:Using iCM on group objects can simplify making assignments, but using iCM on multiple groups can cause undesired results. You should create a new Group object with a descriptive name so that you can control the desired results for users that you assign to that group.

To configure the iCM client attributes:

  1. In iManager, click iPrint > iPrint Client Management.

  2. Browse to and select the Organization, Organizational Unit, Group, or User object you want to automatically configure iPrint Client Settings for.

  3. Click Client Configuration.

  4. Configure the attributes you want for the iPrint Client on the workstation.

    Click Help for explanations about the attributes.

  5. Click OK to save the changes.

Automatically Installing Printers

iPrint Client Management Printer Configuration lets you designate printers to be downloaded and installed automatically on user workstations when users log in to the network. These printers appear in the user’s printers folder, ready for use. You can also use this feature to remove printers, assign a printer to be the default printer, and set a printer to be a temporary printer so that it is removed when the workstation is rebooted.

iCM configures printers on workstations based on assignments made on the User object, Group object, Organization, and Organizational Unit container. When you use iManager to designate a printer for automatic installation on a user's workstation, the associated eDirectory Container, Group, or User object is updated with this information.

The actions taken are cumulative, meaning that action is taken for each assignment you made. For example, if you add two printers at one level, then add three more printers at another level, the workstation has all five printers installed. If you have more than one printer set as the default, the last printer installed is set as the default.

When a user logs in, iCM starts searching at the highest container in the user’s full distinguished name, looking for the iCM Printer Configuration associated to containers and groups. The search continues through subcontainers down to the User object. Printers continue to be added or removed to the workstation as specified by iCM. If the Allow Only Specified Printers to Reside on Workstation option is enabled, any actions to printers specified above that container or group in the user’s fully distinguished name are ignored, but any actions to printers specified between that point and the User object are taken.

  • If the client finds a printer designated for installation that has not yet been installed, it is automatically installed.

  • If a currently installed printer is added to the Printers to Remove list, that printer is automatically uninstalled.

  • If you designate a different printer to be the default, the change is made.

  • Using Do Not Update Workstations turns off iCM for printers at that container, group or user, but actions for iCM printers found on other containers or groups are taken.

WARNING:Using iCM on group objects can simplify making assignments, but using iCM on multiple groups can cause undesired results. You should create a new Group object with a descriptive name so that you can control the desired results for users that you assign to that group.

To automatically install printers:

  1. In iManager, click iPrint > iPrint Client Management.

  2. Browse to and select the Organization, Organizational Unit, Group or User object you want to automatically install printers for.

  3. Configure the attributes you want for the Printer Configuration option.

    Do Not Update Workstations: iCM for printers is disabled and printers are not installed or removed from workstations. Printers already installed are not altered.

    Allow Only Specified Printers to Reside on Workstations: Allows only the iPrint printers specified in the Printers to Install list to reside on the workstation. All other iPrint printers on the workstation are removed. Non-iPrint printers are not affected.

  4. Use the buttons to modify the Printers to Install list.

    If you select a printer to be the default and want to remove the Set as Default attribute, click the button next to to the Default Printer field.

  5. Modify the Printers to Remove list.

  6. Click OK to save the changes.

Using Advanced Settings

The iPrint Client Management Advanced Settings page lets you configure how far up the eDirectory tree iCM should look for iCM client settings and printers. You can also configure whether the iCM results dialog box should display on the workstations, which is useful for troubleshooting the iCM results.

  1. In iManager, click iPrint > iPrint Client Management.

  2. Browse to and select the Organization, Organizational Unit, Group or User object you want to configure the settings on.

  3. Click Advanced Settings.

  4. Configure these settings as needed:

    Ignore iPrint Client Management (iCM) settings on parent containers: Limits the scope used to find iCM client settings and assigned printers to the object where the assignment is made and below. You can enable this setting on User, Group, and Container objects. You should enable this setting to limit traffic on the network, especially across slow network links.

    When a user logs in, iCM checks the User object and group memberships, then it walks up the eDirectory tree from the user object to the root-most container to determine where iCM assignments have been made. If iCM encounters the Ignore Settings on Parent Containers attribute, iCM stops walking up the tree on that object. Then, iCM implements the iCM client settings and printers on the workstation.

    To determine the iCM printers for the workstation, iCM searches down to the User object, adding and removing iCM printers as specified on each Container, Group, or User object. For iCM client settings, iCM uses the set of iCM client attributes closest to or on the User object.

    The attributes are delivered as a complete set, meaning that if you change only one attribute, all of the attributes are set on the client. The changes are not additive, so you cannot change the value of one attribute for an object and change the value of a different attribute on another object. Only the set of attributes closest to or on the user’s object are used.

    The following table describes the behaviors when enabling this setting on different objects.

    Object

    Behavior

    User

    Only the iCM client settings and printers assigned to the User object are used. iCM does not check any group memberships, the User object's container, or parent containers.

    Group

    iCM checks assignments on the User object and all associated groups, but does not check the User object's container or parent containers. All group memberships are read and assignments are considered even if this setting is enabled on just one group. This is useful if you want to apply iCM client settings or assigned printers from a group membership, but do not want any iCM client settings or assigned printers from the User object's container.

    IMPORTANT:Using iCM on Group objects can simplify making assignments, but using iCM on multiple groups could cause undesired results. You should create a new Group object with a descriptive name so that you can control the desired results for users that you assign to that group.

    Organization or Organizational Unit

    iCM checks assignments on the user object, all associated groups, and each container up to a parent container where this setting is enabled.

    Display iCM results in a dialog box on workstations: Displays a window on the workstation that shows the printers that were installed and removed.

  5. Click OK to save the changes.

iCM in OES Environment

Traditionally iCM was used in the following methods:

iCM with Novell Client

In OES iPrint, when a user logs in to the corporate eDirectory using the Novell Client, the iCM settings are pushed to the user’s machine.

iCM without Novell Client

In iPrint Appliance, users cannot login directly using the Novell Client. This is because iPrint Appliance syncs only user names from the corporate eDirectory, but not the passwords. For iCM to work with iPrint Appliance, you can use one of the following methods:

  • Novell Client users continue to login to the existing corporate eDirectory instead of iPrint Appliance. This way, the existing OES server is used for desktop printing, and the iCM settings are available only in the source eDirectory.

    Limitation: In this method, the iCM settings are fetched only from the source eDirectory. Any iCM setting changes made on iPrint Appliance are not applied.

  • Use iCM without Novell Client. In this method, the local Windows/AD credentials must match the eDirectory credentials. This method is suitable for an AD environment where users are synced from AD to the local eDirectory so that the credentials are automatically matched. For more information, see iCM with iPrint Appliance.

    Limitation: In this method, the iCM setting are fetched only from iPrint Appliance. iCM setting changes made on the existing corporate eDirectory must be manually added on iPrint Appliance.

iCM with iPrint Appliance

iPrint Appliance does not support traditional iCM with the Novell Client. iPrint Appliance supports iCM using Windows Local/AD credentials.

Depending on your environment, you can deploy iCM in the following ways:

Apply iCM Settings from the Original Tree

In this configuration, iCM settings are applied from the original tree if iCM is not migrated from OES, and OES iPrint is still used for desktop printing and iCM. You can use this configuration with or without the Novell Client.

The limitation of using this configuration is that the iCM settings are fetched only from the source eDirectory. Any iCM changes made locally on iPrint Appliance are not applied.

Apply iCM Settings from iPrint Appliance eDirectory

In this configuration, iPrint Appliance is used for desktop printing, and iCM settings are created on the appliance only.

With Novell Client: With iPrint Appliance, users cannot login directly using the Novell Client because iPrint Appliance syncs only user names from the corporate eDirectory, but not the passwords. Therefore, iCM cannot be used with Novell Client. iCM can be used against the source eDirectory server.

Without Novell Client: To fetch iCM settings from iPrint Appliance, you can use iCM without the Novell Client. In order for iPrint clients to use the Windows Local/AD credentials for iCM, the following conditions must be met:

  • You must set the iPrint Appliance address set as the primary PSM address on the client by using the command iprntcmd -S <iPrintAppliance IP Address>.

  • The client’s Active Directory user name must match their iPrint Appliance credentials. If you import users from Active Directory to iPrint Appliance, the credentials are automatically matched.

  • In order for iCM to work with imported users and groups, you must enable browse/read rights and inheritance for iCM for the following attributes, using iManager:

    • iPrintPrinterIPPURI

    • iPrintiCMClientFlags

    • iPrintiCMClientProxyURI

    • iPrintiCMClientTrayURI

    • iPrintiCMPrinterFlags

    • iPrintiCMPrinterList

    • iPrintiCMTrustedSiteList

    • Group Membership

IMPORTANT:For the user accounts imported from OES, iCM settings are not migrated. You must reassign the iCM settings on iPrint Appliance for the OES user accounts.

To configure the iCM attributes:

  1. On a Web browser, use either the host name or the IP Address to access iManager. For example, https://10.0.0.1/nps or https://iprint.example.com/nps.

  2. Specify admin as the user name.

  3. Specify the password, then click Login.

  4. In the left pane, under Roles and Tasks, click Rights.

  5. Click Modify Trustees.

  6. Under Object name, click the search icon, then choose the entire tree.

  7. Click OK.

  8. Click the Assigned Rights link next to the Public domain.

  9. Click the Add Property button in the upper right of the table.

  10. In the Add Property pop-up window, select Show all properties in schema.

  11. In the Property name box, select the attributes listed above, then click OK.

  12. Select the Inherit check box next to the attributes you added.

  13. Click Done.

For more information on using Windows Local/AD credentials for iCM, see the Configuring iCM for Windows / Active Directory (AD) environments without Novell Client.