[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Active Directory and Kerberized printing?

Subject: Re: Active Directory and Kerberized printing?
From: "Geoff Franks" <email@hidden>
Date: Wed, 7 Nov 2007 17:30:50 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden
Thread-index: AcghbJKtcrzad5upRbW+q3nyNqhbFAAAb+Q1AAfhxBM=
Thread-topic: Active Directory and Kerberized printing?
User-agent: Microsoft-Entourage/11.3.6.070618

Title: Re: Active Directory and Kerberized printing?

On 11/5/07 2:38 PM, "Jeremy Reichman" <email@hidden> wrote:
>On 11/5/07 2:38 PM, "Michael R Sweet" <email@hidden> wrote:
>>
>> Not by default - you still need to activate Kerberos ("Negotiate")
>> authentication in the cupsd.conf file. Look at the help file at:
>>
>> http://localhost:631/help/kerberos.html
>>
>> for instructions. Once configured on the server, you should be able
>> do Kerberos-authenticated printing from your client machines assuming
>> they are also using Leopard and have AD or OD setup for logins...
>>
>> That said, there is a reported bug with our current implementation
>> with Windows Server 2003 R2 - apparently the credentials that Windows
>> supplies are larger than 2k (the limit set in the current Leopard
>> build), so Kerberos authentication doesn't currently work against
>> (at least) that version of Windows. The fix is already in the current
>> stable CUPS release (1.3.4)...
>
> Thanks for the quick response; I'll pass it along to people on the
> MacEnterprise list.
>
> Without trying to ask too much about futures, is it possible v1.3.4 might be
> included in a future software update of Leopard? Or is it likely Leopard
> will be locked at v1.3.3?
>
> Is it possible -- or even advisable -- for systems administrators to install
> v1.3.4 on top of Leopard (without ill effects to what's bundled with the OS)
> if they need that fix?
>

I just installed cups 1.3.4 on my test Leopard machine, with no change in
behavior. I get prompted for a kerberos ticket when using a local account,
and then get client-error-not-authorized. When using an AD account, I don't
get prompted for the ticket (since one exists), but I get the same error.

That was using fresh compile and install of cups 1.3.4, tried doing just the
libcups.2.dylib install suggested by Jeremy, and then a full make install,
with no difference (reboots after each install).

Looks like there's more to it than just updating the cups libs/binaries?

Geoff Franks
Sr. Systems Administrator
Hauptman Woodward Institute

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Printing mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/printing/email@hidden

This email sent to email@hidden

References:
	>Re: Browsing and Leopard (From: Geoff Franks <email@hidden>)

Prev by Date: Re: CUPS 1.3.1 options in Leopard
Next by Date: CUPS PPD for Leopard
Previous by thread: Re: Browsing and Leopard
Next by thread: CUPS 1.3.1 options in Leopard
Index(es):
- Date
- Thread

Home