After deleting items from keychain, I tried printing again and got to the Hold for Authentication again and so I opened the print job and it prompted me for authentication. Nothing I tried worked. I tried my normal windows password. I tried the server administrator password. I tried no password. None of this works. Many of the Ricoh devices in A&S are restricted to only allow printing through a copy/printing code provided to each user in the department. This tutorial will take you through the steps of adding a print code on your Mac so that your print jobs will complete and set up locked (confidential) print.
User Experience
I've authenticated, but the printer icon in my dock is bouncing and it says my job is 'held for authentication.'
How to Solve this Problem
When you are presented with the authentication dialog box, for Name, enter
cornellNetID
(substituting your own NetID).
If you entered your Name or Password incorrectly, a printer icon in your dock will start bouncing to get your attention.
This section of the manual is split into different sections for ease of use, one section covering Mac OS 10.8+ installations, and another covering Windows hosted print queueA print queue displays information about documents that are waiting to be printed, such as the printing status, document owner, and number of pages to print. You can use the print queue to view, pause, resume, restart, and cancel print jobs. setup. In most cases only one section applies on your network. As Mac systems have become more popular recently, many sites are opting for Mac print servers to support their Mac workstations. You can install PaperCut NG/MF directly on a Mac print serverA print server is a system responsible for hosting print queues and sharing printer resources to desktops. Users submit print jobs to a print server rather then directly to the printer itself. A print server can be a dedicated server but on many networks this server also performs other tasks, such as file serving, offering native, end-to-end Mac printing.
Terminology
Below is an overview of the common terminology.
Print queue: There are typically two ways of providing shared multi-system access to a printer:
Option 2 is regarded as a better solution on multi-user networks as it provides a higher level of scalability, allows for centralized administration, and allows administrators to move or remap devices without needing to propagate changes to workstations. PaperCut NG/MF requires a shared print queue as it works by intercepting the jobs as they pass through the server's queue.
CUPSCommon User Printing System (CUPS) is a printing system for Unix operating systems that allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer.: CUPS is the print queue system used by Mac. This is the same queue system used by many other UNIX based platforms including popular Linux distributions. Apple is a major supporter of CUPS.
IP PrintingIP Printing is a generic term used to describe a number of print protocols that are used to exchange print documents between a computer, a server queue, or a physical printer.: This is a generic term used to describe a number of print protocols that are used to exchange print documents between a computer, a server queue, or a physical printer. (Note: This term is also occasionally used incorrectly to describe the 'JetDirect' print protocol discussed below)
IPPThe Internet Printing Protocol (IPP) is an Internet protocol for communication between a print server and its clients. It allows clients to send one or more print jobs to the server and perform administration such as querying the status of a printer, obtaining the status of print jobs, or cancelling individual print jobs. IPP can run locally or over the Internet. Unlike other printing protocols, IPP also supports access control, authentication, and encryption, making it a much more capable and secure printing mechanism than older ones.: This is an acronym for Internet Printing Protocol. This is the 'native' print protocol used by CUPS and the Mac. It's a modern protocol designed to work well on modern networks including local networks, or even over the internet or a WAN.
Hold For Authentication Mac Printer
LPRThe Line Printer Remote protocol (LPR) is a network protocol for submitting print jobs to a remote printer. A server for the LPD/LPR protocol listens for requests on TCP port 515. A request begins with a byte containing the request code, followed by the arguments to the request, and is terminated by an ASCII LF character. An LPD printer is identified by the IP address of the server machine and the queue name on that machine. Many different queue names may exist in one LPD server, with each queue having unique settings. The LPR software is installed on the client device.: LPR/LPDThe Line Printer Daemon protocol (LPD) is a network protocol for submitting print jobs to a remote printer. A server for the LPD/LPR protocol listens for requests on TCP port 515. A request begins with a byte containing the request code, followed by the arguments to the request, and is terminated by an ASCII LF character. An LPD printer is identified by the IP address of the server machine and the queue name on that machine. Many different queue names may exist in one LPD server, with each queue having unique settings. The LPD software is stored on the printer or print server. is the traditional UNIX based print protocol.
JetDirect/Socket: This is a very simple print protocol used to transmit print jobs to a physical printer on a TCP network. The printer accepts connections on port 9100. In Windows, this print protocol is often referred to as a Standard TCP/IP Port, and in some cases generally as IP Printing. Almost all network printers support this method.
BonjourBonjour is Apple's implementation of zero-configuration networking (zeroconf), a group of technologies that includes service discovery, address assignment, and hostname resolution. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records. Printing: This is not a print protocol, but instead is Apple’s method of publishing printers on a network so workstations can locate the device/queue.
![]()
Where possible PaperCut NG/MF works with all print protocols, however, we do recommend some over others. The following set up procedure highlights methods that have shown to work in most environments.
PaperCut’s recommended setup procedure is:
Optional hardware configuration
Some printer models support several of the connection methods listed above. If the printer offers the option to disable these protocols through their web administration page, you should turn off all except the connection method that you will use. This minimizes the chance of incorrect configuration, and the chance of a workstation user discovering the printer directly. Some printers also support access control via IP address. If this is available, consider setting access control so only the server IP can submit print jobs directly to the printer.
Handling unauthenticated systems (e.g. laptops)
Print queues in Mac OS X by default are unauthenticated. Authentication in an Open Directory environment is instead performed at the time of system login. Unauthenticated systems such as laptops fall outside this. The introduction of unauthenticated systems on your network mandates the need for an extra layer of authentication. To address this need, PaperCut offers two options:
It is your decision whether or not the authentication policy/procedure is to be applied to all systems on the network, or just 'untrusted' laptops.
Network-wide policy
This is the simplest solution and provides a consistent procedure and policy across all your users irrespective of their access method (such as via workstation or their own laptop). Select your authentication method and enable this option on ALL print queues. The set up procedure for both methods is summarized as follows:
Using popup authentication
Using hold/release queue authentication
Laptop only policy (advanced)
One problem with the network-wide policy discussed above is that the authentication method (e.g. client popup or hold/release queue) also applies to authenticated systems. In some ways this is a positive (i.e. provides a consistent policy), while in other ways it can be viewed as an unnecessary on trusted authenticated systems. This section discusses a solution appropriate for larger sites.
The solution is to set up two servers. One server hosts a set of queues for authenticated systems, while the other server provides queues for unauthenticated systems. Network router or firewall rules are used to ensure that only authenticated systems have access to the authenticated queues. Laptops systems must use the other queues. This is best done with partitioned IP address ranges and/or subnets. An experienced network administrator can assist with restricted server access by IP address.
Eliminating popup authentication via Mac Login HookMac Printer Hold For Authentication Mojave
You can use popup authenticationPopup authentication involves matching the source IP address of the print job with the user confirmed to be operating from the popup client IP address. Authentication is provided by the PaperCut NG client software in the form of a popup dialog requesting a username and password. To print with popup authentication the client software must be running on the workstations or laptops. to provide a secure environment. For example, there might be a mix of lab systems and unauthenticated laptops. The lab systems are managed and secured via authentication against a central user directory source, while the unmanaged systems (e.g. laptops) are limited to local user authentication only so user identity is indeterminate. Use popup authentication at the print queue level to provide an added level of user verification.
Network Printer Hold For Authentication Mac
This is an advanced topic and is targeted at experienced Mac administrators with command-line knowledge. The double-authentication is eliminated by having the system login also perform the PaperCut log in via the system login hook. After the administrator has confirmed that the workstation is securely authenticating via a central directory service, they endorse the system by copying a shared secret file onto the workstation. To perform this endorsement, follow these steps:
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |