Thread-topic: Active Directory and Kerberized printing?
User-agent: Microsoft-Entourage/11.2.5.060620
On 11/5/07 2:30 PM, "Dan Stranathan" <email@hidden> wrote:
> I cant get Kerberized printing to work at all.
>
> We have a Windows 2003 print server which host print queues for our HP
> printers. All the queues are published in our AD 2003 domain directory.
>
> I have set CUPS to "negotiate" in the cupsd.conf, as instructed on the local
> CUPS admin page (located at localhost:631) but I have several issues...
>
> 1. Kerberos SSO doesn't seem to work. Even though the Mac is bound to AD and
> has a valid Kerberos TGT from the AD DC/KDC. Other services on my LAN such as
> SMB are working with Kerberos with no problems.
>
> 2. instead of using Kerberos, which isn¹t working (See #1 above) the user is
> prompted to manually enter a username and password to print. This isnt too bad
> (better than Tiger not working at ALL), except that the print auth dialog box
> is auto-populated with the form "last name, first name" (e.g.; ³Jobs, Steve²)
> which fails to authenticate with the DC to print (NT_Auth errors). My
> workaround is to tell the users that they must delete the existing "last name,
> first name" string and enter their short AD user name "i.e.; "sjobs") Then it
> will print.
>
> 3. What really sucks is that once I set CUPS to ³negotiate² I can ever REMOVE
> printer queues at all. I have tried removing them as a local admin, and even
> as root. No luck. I have also tried removing the print queues off the Mac as
> various AD domain Admin accounts no luck. I finaly had to log in as root and
> kill the /etc/cups/ files.
>
> So far I am disappointed in printing with Leopard. At least in terms of AD
> based print servers being compatible with Mac OS X.
Is it Windows Server 2003 R2? Because that was specifically mentioned by
Michael as not working earlier in the thread.
It sounds like you have a couple of issues that could be documented and
submitted as bug reports / feature requests. You can do this via a (free or
paid) ADC account, at bugreporter.apple.com. You could also use the support
channel, AppleCare, to follow up on this, especially if you have one of the
higher-level plans. For example:
<http://www.apple.com/support/products/helpdesk.html>
--
Jeremy Reichman
Senior Desktop Systems Engineer
Information and Technology Services
Rochester Institute of Technology
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Printing mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/printing/email@hidden
This email sent to email@hidden
