- Jamf Nation Community
- Products
- Jamf Pro
- printing to Windows print server queue keeps aski...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
printing to Windows print server queue keeps asking for AD credentials
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 12:43 PM
Hello,
I'm having a annoying issue with printing to windows print server queue's
My Mac's are bound to AD. When the staff prints they get a pop up message that they need to authenticate with their AD credentials , which they enter.
This happens every time they print, they are understandably getting tried of doing that
When the printers were added , the default icon was selected and the printer queue was listed and picked that way
I have tried running the commands as suggested in other threads
cupsctl DefaultAuthType=Negotiate
lpadmin -p PRINTERNAME -o auth-info-required=negotiate
Ii've also logged into the web interface under advanced and tried the options authenticate & kerbos
The mac's keep asking for their AD credentials .
The Mac's are OS X 10.8.5
Printer server is a win2k8 & Xerox printers
Paper cut is installed on the print server
I'm missing something very obvious
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 12:58 PM
I hate to post a response without a solution, but I have the same exact problems in our environment with 10.10, 10.9. 10.8 machines and a Windows 2012 Print Server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 02:53 PM
I have the same issue, I can't seem to find a permeant solution. We currently use Canon's (NT-Ware) uniFLOW Secureprint, following the link (posted below), I was able to get rid of that popup for about two months before printers started pausing and users started complaining. Most of our students/faculty do not know how to reset the print system or re-add a printer when this happens, so we could't go with this solution. We were forced to use the client provide by NT-Ware (not the best client in the world) to get around this issue.
Temporary solution:
https://jamfnation.jamfsoftware.com/discussion.html?id=4075
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 05:04 PM
sounds like kerberos is not working,
are the print servers in the same kerberos trusted realm?
can you connect without authentication (ie using a kerberos ticket) to a smb share on the print servers?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 05:24 PM
Hi, we've written up a guide on using kerberos with Windows print queues here
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 08:32 PM
I believe that in addition to the machine needing to be bound to AD, the user account must also be an AD account (UID >= 1024).
Could that be it?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 09:48 PM
I have a document that will help with the issue. I will post the information first thing tomorrow morning when I get to my work computer.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 10:35 PM
@mscottblake User account can be a local account, you just have to have a kerberos ticket so if you do something like kinit to get a kerberos ticket then you get SSO to enabled services
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 11:24 PM
How are you creating your print queues? I've had this exclusively with smb print queues. However moving to LPD queues with the options you are using fixes it all. Means a lot of Windows server work to get that up and running.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2015 11:54 PM
assuming the print server is providing those print queues over LPD...
This is how I add SMB print queues
lpadmin -p "$device_queue_name" -E -v smb://"${printer_svr_address}"/"${smb_queue_name}" -P "$printer_driver_path" -D "$printer_q_name" -o auth-info-required=negotiateOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-13-2015 08:28 AM
Thank you everyone for the responses, sorry for the late reply , but there were a few other fires i had to deal with I will try all the scripts and see if that helps
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-16-2015 06:46 AM
lpadmin -p "Secureprint" -E -v smb://servername/printqueue -P "PATH-TO-PPD" -D "Secureprint" -o auth-info-required=negotiate/Applications/UniFLOW/MomUd.ppd
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Resources/Generic.ppdUsing this method adds the printer fine and also prints fine using AD credentials. The only issue is that uniFLOW (NT-Ware/Cannon software) doesn't recognize the price of a sheet of paper properly and automatically prints in color.
If only NT-Ware/Cannon could fix their software to recognize cost and color properly so we can avoid using the Mac Client would be amazing.
