I've been advised, more or less btw in an otherwise scarcely related thread, to quit using my KVM switch (which has spare USB ports touted by the maker especially for printserving) as a printserver.
So I plugged the printer (an HP psc 1315v) into my #1 machine; and I've been telling Firefox 127.0.0.1:631 on each of the machines, and trying to get it to work.
I thought I had it; and when I print at all, it's most often from Alpine 2.0. So I've been trying to print one Alpine message from each machine.
One at least told me the printer seemed not to be connected. The others have adamantly done nothing.
Since all I know of printing would go in a gnat's eye, and Alpine has several printing options (none of which I understand well), my first thought is to try to find out if I have a pure Alpine problem, a pure CUPS problem, or something else. Can anybody tell??
On Wed, 2008-10-29 at 19:12 +0000, Beartooth wrote:
Since all I know of printing would go in a gnat's eye, and Alpine has several printing options (none of which I understand well), my first thought is to try to find out if I have a pure Alpine problem, a pure CUPS problem, or something else. Can anybody tell??
Try the printing trouble-shooter: System->Administration->Printing, then Help->Troubleshoot.
Tim. */
Beartooth wrote:
I've been advised, more or less btw in an otherwise scarcely related thread, to quit using my KVM switch (which has spare USB ports touted by the maker especially for printserving) as a printserver.
So I plugged the printer (an HP psc 1315v) into my #1 machine; and I've been telling Firefox 127.0.0.1:631 on each of the machines, and trying to get it to work.
I thought I had it; and when I print at all, it's most often from Alpine 2.0. So I've been trying to print one Alpine message from each machine.
One at least told me the printer seemed not to be connected. The others have adamantly done nothing.
Since all I know of printing would go in a gnat's eye, and Alpine has several printing options (none of which I understand well), my first thought is to try to find out if I have a pure Alpine problem, a pure CUPS problem, or something else. Can anybody tell??
Dumb question - is the new printer connection set as the default printer? I am guessing that the USB connection through the KVM switch was the default printer on each machine.
Mikkel
On Wed, 29 Oct 2008 14:59:56 -0500, Mikkel L. Ellertson wrote:
Beartooth wrote:
I've been advised, more or less btw in an otherwise scarcely related thread, to quit using my KVM switch (which has spare USB ports touted by the maker especially for printserving) as a printserver.
So I plugged the printer (an HP psc 1315v) into my #1 machine; and I've been telling Firefox 127.0.0.1:631 on each of the machines, and trying to get it to work.
I thought I had it; and when I print at all, it's most often from Alpine 2.0. So I've been trying to print one Alpine message from each machine.
One at least told me the printer seemed not to be connected. The others have adamantly done nothing.
Since all I know of printing would go in a gnat's eye, and Alpine has several printing options (none of which I understand well), my first thought is to try to find out if I have a pure Alpine problem, a pure CUPS problem, or something else. Can anybody tell??
Dumb question - is the new printer connection set as the default printer? I am guessing that the USB connection through the KVM switch was the default printer on each machine.
I think so. They all show it twice, in fact : as psc-1310- series-, and either the same with underlines instead of hyphens, or with a "2" at the end.
I've just tried the troubleshooter on two or three of the machines, against each iteration of the printer, and gotten reports, but no solution.
Beartooth wrote:
On Wed, 29 Oct 2008 14:59:56 -0500, Mikkel L. Ellertson wrote:
Dumb question - is the new printer connection set as the default printer? I am guessing that the USB connection through the KVM switch was the default printer on each machine.
I think so. They all show it twice, in fact : as psc-1310- series-, and either the same with underlines instead of hyphens, or with a "2" at the end.
I've just tried the troubleshooter on two or three of the machines, against each iteration of the printer, and gotten reports, but no solution.
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Mikkel
Mikkel L. Ellertson wrote:
Beartooth wrote:
On Wed, 29 Oct 2008 14:59:56 -0500, Mikkel L. Ellertson wrote:
Dumb question - is the new printer connection set as the default printer? I am guessing that the USB connection through the KVM switch was the default printer on each machine.
I think so. They all show it twice, in fact : as psc-1310- series-, and either the same with underlines instead of hyphens, or with a "2" at the end.
I've just tried the troubleshooter on two or three of the machines, against each iteration of the printer, and gotten reports, but no solution.
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Mikkel
Oops - type. It should be: ippd://<address>:631/<something> not ippd://<address>/631/<something>
Mikkel
On Wed, 29 Oct 2008 15:21:00 -0500, Mikkel L. Ellertson wrote:
Mikkel L. Ellertson wrote:
[...]
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Oops - type. It should be: ippd://<address>:631/<something> not ippd://<address>/631/<something>
I've just reversed the default on #4; going to #3.
Mikkel L. Ellertson wrote:
Oops - type. It should be: ippd://<address>:631/<something> not ippd://<address>/631/<something>
Actually, CUPS suggests ipp:// not ippd . Also CUPS does not give the :631 for this protocol, only for http://<IP address>:631/ . Probably it doesn't matter?
Timothy Murphy wrote:
Mikkel L. Ellertson wrote:
Oops - type. It should be: ippd://<address>:631/<something> not ippd://<address>/631/<something>
Actually, CUPS suggests ipp:// not ippd . Also CUPS does not give the :631 for this protocol, only for http://<IP address>:631/ . Probably it doesn't matter?
Yes - another type on my part. I was not having a good day.
Mikkel
On Wed, 29 Oct 2008 15:18:31 -0500, Mikkel L. Ellertson wrote:
Beartooth wrote:
On Wed, 29 Oct 2008 14:59:56 -0500, Mikkel L. Ellertson wrote:
Dumb question - is the new printer connection set as the default printer? I am guessing that the USB connection through the KVM switch was the default printer on each machine.
I think so. They all show it twice, in fact : as psc-1310- series-, and either the same with underlines instead of hyphens, or with a "2" at the end.
I've just tried the troubleshooter on two or three of the machines, against each iteration of the printer, and gotten reports, but no solution.
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
On #1, Where the printer is and I am now, I see almost identical entries :
==== ===== ===== =====
Search in Printers: Clear
Showing 2 of 2 printers. Sort Descending psc-1310-series- (Default Printer) Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: idle, accepting jobs, published. Device URI: hp:/usb/psc_1310_series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users
psc-1310-series-2 Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: processing, accepting jobs, published. Device URI: usb://hp/psc%201310%20series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users ===== ===== ===== =====
On the second one, presently not the default, I see "usb" twice; since this is the machine *with* the printer, I should make it the default, right?
And on the others, assuming identical entries, the opposite?
I'll either do that, or post additional replies if I find any surprises. (The troubleshooter did install a driver on at least one machine; and there are at least two reports on each machine.)
Beartooth wrote:
On #1, Where the printer is and I am now, I see almost identical entries :
==== ===== ===== =====
Search in Printers: Clear
Showing 2 of 2 printers. Sort Descending psc-1310-series- (Default Printer) Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: idle, accepting jobs, published. Device URI: hp:/usb/psc_1310_series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users
psc-1310-series-2 Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: processing, accepting jobs, published. Device URI: usb://hp/psc%201310%20series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users ===== ===== ===== =====
On the second one, presently not the default, I see "usb" twice; since this is the machine *with* the printer, I should make it the default, right?
And on the others, assuming identical entries, the opposite?
I'll either do that, or post additional replies if I find any surprises. (The troubleshooter did install a driver on at least one machine; and there are at least two reports on each machine.)
Strange that you have 2 entries. On the machines without the printer, you should be using the on that has: Device URI: ipp://<something>
You may have to make the changes I listed in another e-mail - the one describing what checkboxes to make sure are checked.
On the machine with the printer attached, try printing a test page on each printer, and see what works best. Set that as the default, and remove the other printer. Then move on the setting the other versions of CUPS. You should be able to administer all the CUPS setups from one machine, and you should see an ipp:// printer on all the machines that do not have a printer attached.
Once you have things working the way you want, you should be able to delete all the usb://hp/psc%201310%20series?serial=CN4AIC71YKO2 and the hp:/usb/psc_1310_series?serial=CN4AIC71YKO2 entry on all except the machine with the printer attached.
Mikkel
On Wed, 29 Oct 2008 15:48:27 -0500, Mikkel L. Ellertson wrote: [...]
Strange that you have 2 entries. On the machines without the printer, you should be using the on that has: Device URI: ipp://<something>
Probably at some point before all this, fiddling with CUPS, I tried an add button.
You may have to make the changes I listed in another e-mail - the one describing what checkboxes to make sure are checked.
I've just gone through them again. Every machine has every box checked, except the one for Kerberos and the one for cancelling other people's jobs.
On the machine with the printer attached, try printing a test page on each printer, and see what works best. Set that as the default, and remove the other printer.
The one I had as default did OK, and the other didn't print, nor even make printer noises; I deleted it.
Then move on the setting the other versions of CUPS.
I.e., delete down to the best setting, I take it.
I'm on #2 at the moment. Neither one printed anything! And the result was the same on #3 and #4.
You should be able to administer all the CUPS setups from one machine,
I tried that again this morning. No joy. If I type http://192.168.x.y:631/admin into firefox on 192.168.x.z, I get a 503 from privoxy : connect failed.
and you should see an ipp:// printer on all the machines that do not have a printer attached.
I tried googling ipp to see if the problem were a misapprehension about that -- and couldn't make head nor tail of what I found.
Once you have things working the way you want, you should be able to delete all the usb://hp/psc%201310%20series?serial=CN4AIC71YKO2 and the hp:/usb/psc_1310_series?serial=CN4AIC71YKO2 entry on all except the machine with the printer attached.
With the "Delete Printer" button??
On Thu, 2008-10-30 at 14:17 +0000, Beartooth wrote:
I've just gone through them again. Every machine has every box checked,
Every box? So they're going to share out the printer that they've remotely accessed from another box? I see an opportunity for infinite regression happening here, as the next box does the same.
On Fri, 31 Oct 2008 01:37:33 +1030, Tim wrote:
On Thu, 2008-10-30 at 14:17 +0000, Beartooth wrote:
I've just gone through them again. Every machine has every box checked,
[...]
Every box? So they're going to share out the printer that they've remotely accessed from another box? I see an opportunity for infinite regression happening here, as the next box does the same.
OK, I know what infinite regression is, but not enough about how printing (let alone print serving) works to see how it does that.
So which should be unchecked, on which machine? My guess is that the one with the printer should be different, but I don't know in what way.
On Thu, 30 Oct 2008 16:13:10 +0000, Beartooth wrote:
OK, I know what infinite regression is, but not enough about how printing (let alone print serving) works to see how it does that.
So which should be unchecked, on which machine? My guess is that the one with the printer should be different, but I don't know in what way.
I just found an answer in the thread this one branched off from (about the 54 GB). I unchecked the "Show printers ..." box on the machine with the printer. Then I tried to print test pages again. None worked. I cancelled all jobs on all printers, lest I get a deluge when this finally works.
On Thu, 2008-10-30 at 16:34 +0000, Beartooth wrote:
On Thu, 30 Oct 2008 16:13:10 +0000, Beartooth wrote:
OK, I know what infinite regression is, but not enough about how printing (let alone print serving) works to see how it does that.
So which should be unchecked, on which machine? My guess is that the one with the printer should be different, but I don't know in what way.
I just found an answer in the thread this one branched off from (about the 54 GB). I unchecked the "Show printers ..." box on the machine with the printer. Then I tried to print test pages again. None worked. I cancelled all jobs on all printers, lest I get a deluge when this finally works.
CUPS in my opinion has a logical gotcha. If all the printer configuration is done on the server and none on the clients things work with no problem. Having printers on multiple servers is a real pain. It also helps if all the printers are network printers that are accessed over the internet and not plugged in to a machine, -- ======================================================================= Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
Beartooth wrote:
On Wed, 29 Oct 2008 15:48:27 -0500, Mikkel L. Ellertson wrote:
You should be able to administer all the CUPS setups from one machine,
I tried that again this morning. No joy. If I type http://192.168.x.y:631/admin into firefox on 192.168.x.z, I get a 503 from privoxy : connect failed.
1: Check that Cups is actually listening on the network. Run this command as root on the machine where the printer is:
netstat --inet --inet6 --listen --program --numeric | grep cupsd
Does it say "192.168.x.y:631" or "127.0.0.1:631"?
2: Do you have a packet filter ("firewall") on the machine where the printer is? Have you opened the IPP ports in the packet filter?
Björn Persson
On Thu, 30 Oct 2008 22:44:19 +0100, Björn Persson wrote:
Beartooth wrote:
On Wed, 29 Oct 2008 15:48:27 -0500, Mikkel L. Ellertson wrote:
You should be able to administer all the CUPS setups from one machine,
I tried that again this morning. No joy. If I type http://192.168.x.y:631/admin into firefox on 192.168.x.z, I get a 503 from privoxy : connect failed.
1: Check that Cups is actually listening on the network. Run this command as root on the machine where the printer is:
netstat --inet --inet6 --listen --program --numeric | grep cupsd
Does it say "192.168.x.y:631" or "127.0.0.1:631"?
No, neither.
[root@Hbsk2 ~]# netstat --inet --inet6 --listen --program --numeric | grep cupsd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 2526/cupsd tcp 0 0 :::631 :::* LISTEN 2526/cupsd udp 0 0 0.0.0.0:631 0.0.0.0:* 2526/cupsd [root@Hbsk2 ~]#
(Btw, the formatting is bad here, too: I have to run fairly large fonts in my gnome-terminal to be able to read with any comfort, alas!)
2: Do you have a packet filter ("firewall") on the machine where the printer is? Have you opened the IPP ports in the packet filter?
How do I tell?
I have whatever F9 defaults to; I've tried to disable SELinux, but not I think succeeded.
Lacking the skills to be sure whether I've been cracked, let alone those to recover, I try to be paranoid; I install denyhosts, for instance, and likely other defenses that don't spring to mind.
Also, the router that my ISP supplies (Netgear MBR 814) supplies several kinds of defenses, which I have tried to set with caution. When I want to do bittorrent, for instance, I have to go change the router settings for a while. (I try to leave them changed long enough to give back more that I take, before I change them back; but I haven't actually used the torrent in months, so they are probably tight.)
Beartooth wrote:
On Thu, 30 Oct 2008 22:44:19 +0100, Björn Persson wrote:
1: Check that Cups is actually listening on the network. Run this command as root on the machine where the printer is:
netstat --inet --inet6 --listen --program --numeric | grep cupsd
Does it say "192.168.x.y:631" or "127.0.0.1:631"?
No, neither.
[root@Hbsk2 ~]# netstat --inet --inet6 --listen --program --numeric | grep cupsd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 2526/cupsd tcp 0 0 :::631 :::* LISTEN 2526/cupsd udp 0 0 0.0.0.0:631 0.0.0.0:* 2526/cupsd [root@Hbsk2 ~]#
OK, "0.0.0.0" means "all addresses" in this case, so that's good. Cups is listening on the network.
2: Do you have a packet filter ("firewall") on the machine where the printer is? Have you opened the IPP ports in the packet filter?
How do I tell?
Run system-config-firewall and on the page "Trusted Services" check the box "Network Printing Server (IPP)".
Lacking the skills to be sure whether I've been cracked, let alone those to recover, I try to be paranoid; I install denyhosts, for instance, and likely other defenses that don't spring to mind.
I don't think Denyhosts affects IPP, but if you have installed some product that's called a firewall, then it has probably replaced Fedora's packet filter. In that case you should allow IPP in that product instead of in system-config-firewall.
Also, the router that my ISP supplies (Netgear MBR 814) supplies several kinds of defenses, which I have tried to set with caution. When I want to do bittorrent, for instance, I have to go change the router settings for a while. (I try to leave them changed long enough to give back more that I take, before I change them back; but I haven't actually used the torrent in months, so they are probably tight.)
Yes, it's important that the Netgear router block IPP traffic if you're going to allow printing and administration over the network. Otherwise, as you said, some script kiddie might think it fun to print gibberish or mess with your printer configuration. It's also a safeguard against any security holes in Cups that could otherwise be exploited to crack your computer. Because of the way this kind of routers work, it most likely blocks anything that you haven't explicitly allowed.
You should also be aware that if your wireless network is open, then anyone who happens to be in the neighbourhood will also be able to access your printer.
Björn Persson
Björn Persson wrote:
1: Check that Cups is actually listening on the network. Run this command as root on the machine where the printer is:
netstat --inet --inet6 --listen --program --numeric | grep cupsd
Does it say "192.168.x.y:631" or "127.0.0.1:631"?
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
Beartooth wrote:
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
The telnet client is handy to have. The telnet server is the one you would normally want to remove.
Mikkel
On Sat, 01 Nov 2008 11:26:06 -0500, Mikkel L. Ellertson wrote:
Beartooth wrote:
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
The telnet client is handy to have. The telnet server is the one you would normally want to remove.
Apps like pirut and the packagekit give me only a single choice, telnet or no telnet, without any indication of role; and rpm -q says "not installed." So I had supposed, absent any indication to the contrary, that it was a single package, comprising if not functioning as both a server and a client -- and nobody ever told me "Get rid of telnet server," but simply "Get rid of telnet." Also, if I plug the numbers in to "telnet 192.168.a.b 631" I get an error saying "command not found."
If I try "yum install telnet-client" or "...telnet_client," or "...telnetclient," I get a message saying no such package is available.
If I put a space between the words, as if telnet and client were two apps, it tells me client is not available, and offers to install telnet -- one unitary thing.
How then can you get a client without a server? If I let yum install this one thing, is there then (only then) a way to split it and get rid of half? Remember I neither have nor am likely to acquire the savvy to handle electronic attacks.
Beartooth wrote:
On Sat, 01 Nov 2008 11:26:06 -0500, Mikkel L. Ellertson wrote:
Beartooth wrote:
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
The telnet client is handy to have. The telnet server is the one you would normally want to remove.
Apps like pirut and the packagekit give me only a single choice, telnet or no telnet, without any indication of role; and rpm -q says "not installed." So I had supposed, absent any indication to the contrary, that it was a single package, comprising if not functioning as both a server and a client -- and nobody ever told me "Get rid of telnet server," but simply "Get rid of telnet." Also, if I plug the numbers in to "telnet 192.168.a.b 631" I get an error saying "command not found."
If I try "yum install telnet-client" or "...telnet_client," or "...telnetclient," I get a message saying no such package is available.
If I put a space between the words, as if telnet and client were two apps, it tells me client is not available, and offers to install telnet -- one unitary thing.
How then can you get a client without a server? If I let yum install this one thing, is there then (only then) a way to split it and get rid of half? Remember I neither have nor am likely to acquire the savvy to handle electronic attacks.
There are different packages: telnet (the client) and telnet-server.
hth
On Sat, 01 Nov 2008 09:41:14 -0800, Mike Wright wrote:
Beartooth wrote:
[...]
How then can you get a client without a server? If I let yum install this one thing, is there then (only then) a way to split it and get rid of half? Remember I neither have nor am likely to acquire the savvy to handle electronic attacks.
There are different packages: telnet (the client) and telnet-server.
Oho! Then all those who said "get rid of telnet" really *meant* "get rid of telnet-server." Right?
So does that mean I should run "yum install telnet" on all machines? With the server on none? Or only the client on only the machine with the printer? What responds to "telnet 192.168.a.b 631" on a machine with no telnet at all?
For that matter, what about "ssh 192.168.a.b 631" instead? I am at least relatively familiar with ssh.
If the KVM switch's printserver really was what suddenly crippled my #1 machine, it's certainly worth a lot of effort setting up another way. (And yes, I still realize that we don't know for sure; that's still just the working hypothesis.) At least, it's worth it to me -- even though, at the moment, I'm getting more confused rather than less so ... <sigh>
Beartooth wrote:
On Sat, 01 Nov 2008 09:41:14 -0800, Mike Wright wrote:
Beartooth wrote:
[...]
How then can you get a client without a server? If I let yum install this one thing, is there then (only then) a way to split it and get rid of half? Remember I neither have nor am likely to acquire the savvy to handle electronic attacks.
There are different packages: telnet (the client) and telnet-server.
Oho! Then all those who said "get rid of telnet" really *meant* "get rid of telnet-server." Right?
So does that mean I should run "yum install telnet" on all machines? With the server on none? Or only the client on only the machine with the printer? What responds to "telnet 192.168.a.b 631" on a machine with no telnet at all?
For that matter, what about "ssh 192.168.a.b 631" instead? I am at least relatively familiar with ssh.
The above ssh command won't work.
As somebody earlier pointed out telnet is a very handy tool for checking to see if other services are running.
Is my mailserver listening? telnet mailserver 25 Can I check my mailbox? telnet popserver 110 Webserver? telnet www 80
If the service answers you can then feed it commands as if you were a real client (which you actually are).
Services typically answer with the advice "to escape type ^]". (That means control-].) If you get back to the telnet> prompt type quite to exit.
As to where to install it? At least on one machine. Preferably the one that you use for most of your testing; although, I don't see any harm in installing it on your other machines. If you are afraid that somebody else may use it to "look around" install it onto a USB stick and mount the stick onto whichever machine you're testing from. That way you can be certain that your telnet client is removed when you remove the stick.
Telnet can be a very good friend.
hth, :m)
On Sat, 2008-11-01 at 18:08 +0000, Beartooth wrote:
Oho! Then all those who said "get rid of telnet" really*meant* "get rid of telnet-server." Right?
Yes, but there's more to it than that. Having a telnet server is a security risk. Using telnet over an open wire is a security risk (what you type is not encrypted, so passwords can be snooped on, etc.).
So, do not use telnet where you don't have to. But it's certainly a useful tool to try and connect to some server to see what it responds with. You can connect to a webserver, etc., using the telnet client, and what you do is no riskier than using a web browser. Just don't type confidential stuff when not encrypted.
So does that mean I should run "yum install telnet" on allmachines?
Only if you want to be able to use the telnet program on them to connect to some server.
With the server on none?
I wouldn't install a telnet server anywhere. You don't need it, as you've got plenty of other better options for remote accessing a machine, such as SSH. It's not like we don't have better options that we're forced to make do with telnet.
What responds to "telnet 192.168.a.b 631" on a machine with no telnet at all?
A telnet server listens on port 23, by default. And you could log in and have a remote shell through it. Without that server, you can't do *that*. But, you can use the telnet client to connect with other types of servers (mail, HTTP, etc.), and those servers will be the thing that responds. Some will be useable, some can't really be interacted with in a useful manner.
If you telnet to port 631, it'll be the CUPS server that responds, if it can (CUPS has to be working, and allowing connections over the network that you're trying to access it).
For that matter, what about "ssh 192.168.a.b 631" instead? I am at least relatively familiar with ssh.
That's not going to work, as CUPS listening on port 631 won't know anything about the SSL encryption that SSH uses, and there's a different syntax for specifying non-default ports with SSH.
Telnet is little more than a remote terminal over a network.
On Sun, 02 Nov 2008 05:34:19 +1030, Tim wrote:
On Sat, 2008-11-01 at 18:08 +0000, Beartooth wrote:
Oho! Then all those who said "get rid of telnet" really*meant* "get rid of telnet-server." Right?
Yes, but there's more to it than that. Having a telnet server is a security risk. Using telnet over an open wire is a security risk (what you type is not encrypted, so passwords can be snooped on, etc.).
So, do not use telnet where you don't have to. But it's certainly a useful tool to try and connect to some server to see what it responds with. You can connect to a webserver, etc., using the telnet client, and what you do is no riskier than using a web browser. Just don't type confidential stuff when not encrypted.
Aha : I used it only a little when I did use it (mainly just to do remote email at a provider that ran linux); I had no idea it could connect to any server but its own; knowing that helps a lot. Many thanks!
So does that mean I should run "yum install telnet" on allmachines?
Only if you want to be able to use the telnet program on them to connect to some server.
Then for the time being, I guess, it should suffice to have only the client, only on the machine with the printer. It's installing now.
With the server on none?
I wouldn't install a telnet server anywhere. You don't need it, as you've got plenty of other better options for remote accessing a machine, such as SSH. It's not like we don't have better options that we're forced to make do with telnet.
It is a consolation not to be mistaken at all points, as Gandalf says to Gimli in the eaves of Fangorn.
What responds to "telnet 192.168.a.b 631" on a machine with no telnet at all?
A telnet server listens on port 23, by default. And you could log in and have a remote shell through it.
That must be what I did in the bad old W98 days, in order to be able to run Pine on a linux machine, before I had linux at home. I *think* I had a shell there; I certainly did in my last years working, when I ran OS/2 on my workstation, but Pine on an AIX machine in the basement.
Without that server, you can't do *that*. But, you can use the telnet client to connect with other types of servers (mail, HTTP, etc.), and those servers will be the thing that responds. Some will be useable, some can't really be interacted with in a useful manner.
CUPS being one of the useful ones; that's all I'm likely to try for now, since I'm used to running ssh on the LAN at need.
If you telnet to port 631, it'll be the CUPS server that responds, if it can (CUPS has to be working, and allowing connections over the network that you're trying to access it).
If I have a Firefox tab open to it, does that mean it's working? I suppose, after the changes I made (yesterday, I think) to the Trusted tab on the firewall, it should be.
For that matter, what about "ssh 192.168.a.b 631" instead? I am at least relatively familiar with ssh.
That's not going to work, as CUPS listening on port 631 won't know anything about the SSL encryption that SSH uses, and there's a different syntax for specifying non-default ports with SSH.
Telnet is little more than a remote terminal over a network.
Well, I made my living on one of those for years, cataloging foreign language materials into a library. This may be easier than I was beginning to expect. Many many thanks!
===== ===== ===== Oops! I just got this (edited slightly) :
[btth@Hbsk2 ~]$ telnet 192.168.a.b 631 Trying 192.168.a.b... telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ===== ===== =====
Fwiw, ssh from this machine to that one did work.
Beartooth wrote:
Oops! I just got this (edited slightly) :
[btth@Hbsk2 ~]$ telnet 192.168.a.b 631 Trying 192.168.a.b... telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ===== ===== =====
Fwiw, ssh from this machine to that one did work.
This could mean that the packet filter ("firewall") on 192.168.a.b allows SSH (port 22) but rejects IPP (port 631).
Run system-config-firewall and allow "Network Printing Server (IPP)". Do this on the machine with the printer, so that the clients can access it to print, and also on all machines whose printer configurations you want to administer through the web interface from another machine.
Björn Persson
On Sun, 02 Nov 2008 03:47:32 +0100, Björn Persson wrote:
Beartooth wrote:
[...]
telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ===== ===== =====
Fwiw, ssh from this machine to that one did work.
[...]
Run system-config-firewall and allow "Network Printing Server (IPP)". Do this on the machine with the printer, so that the clients can access it to print, and also on all machines whose printer configurations you want to administer through the web interface from another machine.
It was already allowed, at least on the machine (#1) with the printer. Reading the cursor-pop-up messages, I also allowed the client. I mean to do the same on the other machines. I hope that's right.
On Sun, 02 Nov 2008 05:34:19 +1030, Tim wrote: [....]
So, do not use telnet where you don't have to. But it's certainly a useful tool to try and connect to some server to see what it responds with. You can connect to a webserver, etc., using the telnet client, and what you do is no riskier than using a web browser. Just don't type confidential stuff when not encrypted.
[...]
A telnet server listens on port 23, by default. And you could log in and have a remote shell through it. Without that server, you can't do *that*. But, you can use the telnet client to connect with other types of servers (mail, HTTP, etc.), and those servers will be the thing that responds. Some will be useable, some can't really be interacted with in a useful manner.
If you telnet to port 631, it'll be the CUPS server that responds, if it can (CUPS has to be working, and allowing connections over the network that you're trying to access it).
[...]
Telnet is little more than a remote terminal over a network.
I have just hit major weirdness. On machine #1, where I just installed telnet an hour or so ago, and where it ran but failed to connect, I've just tried again with a new target -- and suddenly bash doesn't see telnet any more!
===== ===== ===== ===== [btth@Hbsk2 ~]$ telnet 192.168.a.b 631 Trying 192.168.a.b... telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ssh 192.168.a.b btth@192.168.a.b's password: Last login: Thu Oct 30 09:51:51 2008 from 192.168.a.q [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ ===== ===== ===== =====
In between those, I ran rpm -q telnet on a different gnome- terminal tab, and then "yum install telnet" again on a root tab. Both assured me telnet was there.
Beartooth wrote:
[btth@Hbsk2 ~]$ telnet 192.168.a.b 631 Trying 192.168.a.b... telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ssh 192.168.a.b btth@192.168.a.b's password: Last login: Thu Oct 30 09:51:51 2008 from 192.168.a.q [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found [btth@Msgv ~]$ ===== ===== ===== =====
In between those, I ran rpm -q telnet on a different gnome- terminal tab, and then "yum install telnet" again on a root tab. Both assured me telnet was there.
If this occured to me I would start by re-booting.
Incidentally, you have to put in the correct IP address of your server - 192.168.a.b was just supposed to be an indicator.
On Sun, 02 Nov 2008 00:51:26 +0000, Timothy Murphy wrote:
Beartooth wrote:
[....]
[btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found ===== ===== ===== =====
[...]
If this occurred to me I would start by re-booting.
Exactly what I thought! I shut them all down last night, and am in process of bringing them back up now.
Incidentally, you have to put in the correct IP address of your server - 192.168.a.b was just supposed to be an indicator.
I did; but there are some people who seem to cringe at giving a LAN address in public -- so I substituted a & b for the last two, in my posts only.
Beartooth wrote:
I have just hit major weirdness. On machine #1, where I just installed telnet an hour or so ago, and where it ran but failed to connect, I've just tried again with a new target -- and suddenly bash doesn't see telnet any more!
===== ===== ===== ===== [btth@Hbsk2 ~]$ telnet 192.168.a.b 631 Trying 192.168.a.b... telnet: connect to address 192.168.a.b: No route to host [btth@Hbsk2 ~]$ ssh 192.168.a.b btth@192.168.a.b's password: Last login: Thu Oct 30 09:51:51 2008 from 192.168.a.q [btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found
You're on the wrong machine. You installed Telnet on Hbsk2. Then you SSHed into Msgv, where Telnet is not installed.
Björn Persson
On Sun, 02 Nov 2008 03:47:36 +0100, Björn Persson wrote:
Beartooth wrote:
[btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found
You're on the wrong machine. You installed Telnet on Hbsk2. Then you SSHed into Msgv, where Telnet is not installed.
Oh, blitherition! I gave them names just so I could keep track, and I *still* mix them up. <sob, gasp, sound of head beating on computer ...>
Meanwhile, I've shut all four machines down, and am in process of booting them up again -- whereupon I'll go into system-config-firewall and enable both IPP server and client as trusted (taking that to mean "trusted within the LAN") on them all; I suppose, now that I know more, I might as well install telnet, too. (I've known it save me, more than once, to be able to get into a machine that couldn't run its X-server.) Stay tuned.
On Sun, 2008-11-02 at 15:47 +0000, Beartooth wrote:
On Sun, 02 Nov 2008 03:47:36 +0100, Björn Persson wrote:
Beartooth wrote:
[btth@Msgv ~]$ telnet 192.168.a.c 631 -bash: telnet: command not found
You're on the wrong machine. You installed Telnet on Hbsk2. Then you SSHed into Msgv, where Telnet is not installed.
Oh, blitherition! I gave them names just so I could keep track, and I *still* mix them up. <sob, gasp, sound of head beating on computer ...>
Meanwhile, I've shut all four machines down, and am in process of booting them up again -- whereupon I'll go into system-config-firewall and enable both IPP server and client as trusted (taking that to mean "trusted within the LAN") on them all; I suppose, now that I know more, I might as well install telnet, too. (I've known it save me, more than once, to be able to get into a machine that can't run its X-server.) Stay tuned.
I should have asked sooner. Why can't ssh get you to a machine without an X-server? -- ======================================================================= If God had intended Man to Watch TV, He would have given him Rabbit Ears. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Sun, 02 Nov 2008 13:56:07 -0600, Aaron Konstam wrote: [...]
I should have asked sooner. Why can't ssh get you to a machine without an X-server?
It can, of course, and has several times. That's how I know that such things can save me. What I was trying to say was that it couldn't hurt to have another way also available.
Of course, it can save me only to the extent I can manage, or find out how to manage, with CLI only.
What I really need, when such things happen, is probably a mythical beast -- something that would let me use the GUI interface on an intact machine to find my way around one that runs but can't launch its own GUI .... <sigh>
On Sun, 2008-11-02 at 21:07 +0000, Beartooth wrote:
It can, of course, and has several times. That's how I know that such things can save me. What I was trying to say was that it couldn't hurt to have another way also available.
It certainly *can* hurt to have a telnet server on a machine, or even use telnet across an insecure network.
On Mon, 03 Nov 2008 18:20:23 +1030, Tim wrote:
On Sun, 2008-11-02 at 21:07 +0000, Beartooth wrote:
It can, of course, and has several times. That's how I know that such things can save me. What I was trying to say was that it couldn't hurt to have another way also available.
It certainly *can* hurt to have a telnet server on a machine, or even use telnet across an insecure network.
Of course. But I'm thinking of times like the many recently, when one or another of my none too new machines couldn't cope at all, at all, with my new wide monitor. Getting to init3 requires a reboot, afaik -- especially in a case such as this, when the machine seems blind and deaf to both the keyboard and the mouse; getting into system-config-display a/ o xorg.conf with ssh or telnet (IF the latter could) would be quicker.
I didn't mean to imply that I was going to install telnet-server.
Tim:
It certainly *can* hurt to have a telnet server on a machine, or even use telnet across an insecure network.
Beartooth:
Of course. But I'm thinking of times like the many recently, when one or another of my none too new machines couldn't cope at all, at all, with my new wide monitor. Getting to init3 requires a reboot, afaik -- especially in a case such as this, when the machine seems blind and deaf to both the keyboard and the mouse; getting into system-config-display a/o xorg.conf with ssh or telnet (IF the latter could) would be quicker.
I didn't mean to imply that I was going to installtelnet-server.
Actually, you do. Since without it, there'd be no way to telnet into the box and do that. It's the telnet server that gives you a command line interface when you telnet into the box.
On the other hand, you don't have to remotely access a box to reconfigure the display, you can do that on the box, itself. Just CTRL +ALT+F1 and you're at a text-only terminal that ought to work on just about every graphics chipset. No rebooting or changing run levels required. Though, once you're in that text interface, you can change run levels, if you want to or need to. e.g. To kick some services back into life after a reconfig.
On Tue, 04 Nov 2008 06:01:49 +1030, Tim wrote: [...]
I didn't mean to imply that I was going to installtelnet-server.
Actually, you do. Since without it, there'd be no way to telnet into the box and do that. It's the telnet server that gives you a command line interface when you telnet into the box.
Then I won't telnet into the box. After all, I never have.
On the other hand, you don't have to remotely access a box to reconfigure the display, you can do that on the box, itself. Just CTRL +ALT+F1 and you're at a text-only terminal that ought to work on just about every graphics chipset. No rebooting or changing run levels required. Though, once you're in that text interface, you can change run levels, if you want to or need to. e.g. To kick some services back into life after a reconfig.
Maybe. When this thing doesn't like a machine's setting, it says "out of range" for a dozen or two seconds -- and goes clear dead black, just as if the machine were shut clear down.
If it does it again, I'll try Ctrl-Alt-F1; but I'll make a small wager it fails.
On Mon, 2008-11-03 at 21:05 +0000, Beartooth wrote:
On Tue, 04 Nov 2008 06:01:49 +1030, Tim wrote: [...]
I didn't mean to imply that I was going to installtelnet-server.
Actually, you do. Since without it, there'd be no way to telnet into the box and do that. It's the telnet server that gives you a command line interface when you telnet into the box.
Then I won't telnet into the box. After all, I never have.
---- I fear that you still don't get it.
This is a rather cool blog about 'Trivial uses for Telnet'... http://evolvedcode.net/content/doc_alttelnet/
which talks about how to use telnet client application to connect to a web server or a pop3 server or an smtp server and talk to the server as if you were just another application communicating with that server so you can test things out or just familiarize yourself with the process itself.
Obviously telnet to the cups port (631) is very much similar as the others (SMTP/POP3/HTTP) except that like the others, the cups server has it's own vocabulary.
In essence, every time you open a web browser and tell it to go to a specific web site, you are doing something similar to opening a connection to that web site with telnet on port 80 (ignoring of course the web browser rendering engine, javascript, etc.).
Craig
On Mon, 03 Nov 2008 15:08:11 -0700, Craig White wrote:
On Mon, 2008-11-03 at 21:05 +0000, Beartooth wrote:
[...]
Then I won't telnet into the box. After all, I never have.
I fear that you still don't get it.
Likely enough, at any time. I've thanked whatever gods there be, more times than I can count, for linux in general and this list in especial.
This is a rather cool blog about 'Trivial uses for Telnet'... http://evolvedcode.net/content/doc_alttelnet/
which talks about how to use telnet client application to connect to a web server or a pop3 server or an smtp server and talk to the server as if you were just another application communicating with that server so you can test things out or just familiarize yourself with the process itself.
On a subject where, just for once, I do have a professional opinion (as a historian of literature and of tongues), I have to say that is one of the best-written pages I have seen in many years on the Web. Many, many thanks for pointing it out! I'm in process of passing the word about it to several other lists.
And at this point I have to beg your forgiveness in advance; I'm going to start another thread, called Telnet Confusion, to recognize the shift in original topic (and to make Pan indent things more visibly!).
This is the second half of a reply to Craig White's post below, put into a new thread because it has departed so far from the original topic. I'm discovering great new stuff -- new to me, that is -- and I want to draw maximal attention to it from others who may be in shoes like mine.
On Mon, 03 Nov 2008 15:08:11 -0700, Craig White wrote: [...]
I fear that you still don't get it.
This is a rather cool blog about 'Trivial uses for Telnet'... http://evolvedcode.net/content/doc_alttelnet/
which talks about how to use telnet client application to connect to a web server or a pop3 server or an smtp server and talk to the server as if you were just another application communicating with that server so you can test things out or just familiarize yourself with the process itself.
Indeed! I just sang its praises in the first half of this reply, on the original thread.
Obviously telnet to the cups port (631) is very much similar as the others (SMTP/POP3/HTTP) except that like the others, the cups server has its own vocabulary.
Ah, if only I had known, back when I was teaching baby language courses, what vast argots the various branches of Computer Science would develop -- once it came into existence, of course.
In essence, every time you open a web browser and tell it to go to a specific web site, you are doing something similar to opening a connection to that web site with telnet on port 80 (ignoring of course the web browser rendering engine, javascript, etc.).
Ignoring a lot of things I wouldn't know if they bit me never mind where, to be sure.
But in the present context, there seem to be some I can't ignore -- some that (afaict) reflect the settings on my terminal, and some that are apparently matters of notation and vocabulary.
Thus for instance, following along the second paragraph, about NetCat -- or rather, trying to follow -- I get this :
===== ===== ===== ===== telnet> NC -v -v {address} {port}^[[D^[[D^[[D^H^H^H^H^H^[[3~^C [btth@Hbsk ~]$ telnet telnet> ^[[A^[[D^C [btth@Hbsk ~]$ NC -v -v 192.168.0.8 631 bash: NC: command not found [btth@Hbsk ~]$ telnet telnet> NC -v -v 192.168.0.8 631 ?Invalid command telnet> NC -v -v {192.168.0.8} {631} ?Invalid command telnet> ===== ===== ===== =====
If only by trial and error, I think I can set up a different terminal emulation (xterm instead of my usual gnome terminal, for instance, which is configured primarily for Alpine), and avoid all that gibberish caused by trying to use the backspace and arrow keys.
But it isn't obvious to me, unless I haven't had enough coffee yet, why the last two commands are both invalid. All that's obvious is that, despite Mr. Welsh's exemplary lucidity, I am reading his text otherwise than he expects.
On Tue, 2008-11-04 at 16:43 +0000, Beartooth wrote:
This is the second half of a reply to Craig White's post below, put into a new thread because it has departed so far from the original topic. I'm discovering great new stuff -- new to me, that is -- and I want to draw maximal attention to it from others who may be in shoes like mine.
On Mon, 03 Nov 2008 15:08:11 -0700, Craig White wrote: [...]
I fear that you still don't get it.
This is a rather cool blog about 'Trivial uses for Telnet'... http://evolvedcode.net/content/doc_alttelnet/
which talks about how to use telnet client application to connect to a web server or a pop3 server or an smtp server and talk to the server as if you were just another application communicating with that server so you can test things out or just familiarize yourself with the process itself.
Indeed! I just sang its praises in the first half of this reply, on the original thread.
Obviously telnet to the cups port (631) is very much similar as the others (SMTP/POP3/HTTP) except that like the others, the cups server has its own vocabulary.
Ah, if only I had known, back when I was teaching baby language courses, what vast argots the various branches of Computer Science would develop -- once it came into existence, of course.
In essence, every time you open a web browser and tell it to go to a specific web site, you are doing something similar to opening a connection to that web site with telnet on port 80 (ignoring of course the web browser rendering engine, javascript, etc.).
Ignoring a lot of things I wouldn't know if they bit me never mind where, to be sure.
But in the present context, there seem to be some I can't ignore -- some that (afaict) reflect the settings on my terminal, and some that are apparently matters of notation and vocabulary.
Thus for instance, following along the second paragraph, about NetCat -- or rather, trying to follow -- I get this :
===== ===== ===== ===== telnet> NC -v -v {address} {port}^[[D^[[D^[[D^H^H^H^H^H^[[3~^C [btth@Hbsk ~]$ telnet telnet> ^[[A^[[D^C [btth@Hbsk ~]$ NC -v -v 192.168.0.8 631 bash: NC: command not found [btth@Hbsk ~]$ telnet telnet> NC -v -v 192.168.0.8 631 ?Invalid command telnet> NC -v -v {192.168.0.8} {631} ?Invalid command telnet> ===== ===== ===== =====
If only by trial and error, I think I can set up a different terminal emulation (xterm instead of my usual gnome terminal, for instance, which is configured primarily for Alpine), and avoid all that gibberish caused by trying to use the backspace and arrow keys.
But it isn't obvious to me, unless I haven't had enough coffee yet, why the last two commands are both invalid. All that's obvious is that, despite Mr. Welsh's exemplary lucidity, I am reading his text otherwise than he expects.
---- the author was writing from a 'Windows' perspective and Windows and Macintosh are not case-sensitive operating systems.
The command telnet or TELNET or TeLnEt on Windows would launch the same telnet program as case has no meaning on Windows. On Linux, you would have to have an exact match because telnet, TELNET and TeLnEt are potentially 3 different programs and only an exact match would matter.
The command nc (or NC in the case insensitive Windows world), refers to the 'netcat' program which is a telnet on super steroids. I would suggest that for the time being at least, you ignore netcat and just use telnet.
Craig
On Tue, 2008-11-04 at 16:43 +0000, Beartooth wrote:
If only by trial and error, I think I can set up a different terminal emulation (xterm instead of my usual gnome terminal, for instance, which is configured primarily for Alpine), and avoid all that gibberish caused by trying to use the backspace and arrow keys.
In many cases (probably most cases), when using telnet to talk to some non telnet server, you will not be able to use the backspace and cursor keys.
You're not talking to a command line interpreter, which would let you edit a command line, then execute it when you press enter. You're sending characters to something that's expecting a very limited range of input. If telneting to a HTTP server, for instance, a command might be GET followed by what to get. It has to be typed letter perfect. If you type any other character then try to correct it, you've sent those characters *plus* the editing characters to the server.
Generally, they're acting on each character as they're sent, not on a prepared command line, to be sent all at once.
On Sat, 2008-11-01 at 17:34 +0000, Beartooth wrote:
On Sat, 01 Nov 2008 11:26:06 -0500, Mikkel L. Ellertson wrote:
Beartooth wrote:
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
The telnet client is handy to have. The telnet server is the one you would normally want to remove.
Apps like pirut and the packagekit give me only a single choice, telnet or no telnet, without any indication of role; and rpm -q says "not installed." So I had supposed, absent any indication to the contrary, that it was a single package, comprising if not functioning as both a server and a client -- and nobody ever told me "Get rid of telnet server," but simply "Get rid of telnet." Also, if I plug the numbers in to "telnet 192.168.a.b 631" I get an error saying "command not found."
If I try "yum install telnet-client" or "...telnet_client," or "...telnetclient," I get a message saying no such package is available.
If I put a space between the words, as if telnet and client were two apps, it tells me client is not available, and offers to install telnet -- one unitary thing.
How then can you get a client without a server? If I let yum install this one thing, is there then (only then) a way to split it and get rid of half? Remember I neither have nor am likely to acquire the savvy to handle electronic attacks.
---- telnet.i386 : The client program for the telnet remote login protocol. telnet-server.i386 : The server program for the telnet remote login protocol.
Craig
On Sat, 2008-11-01 at 16:02 +0000, Beartooth wrote:
On Sat, 01 Nov 2008 15:40:42 +0000, Timothy Murphy wrote:
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
I take care not to install telnet, or to remove it if anaconda installs it.
---- please try to glean some of the wisdom being offered to you rather than just respond with an answer that indicates that you don't understand what is being written.
Telnet-server is typically a bad install package when you already have ssh server installed and it handles encryption whereas telnet connections are generally not encrypted.
The telnet client is always available to Linux, Windows and Macintosh users as it is the primary method of testing/troubleshooting a connection.
Thus the command, telnet SOME_HOME_OR_IP SOME_PORT_NUMBER means that you can test all sorts of connections such as smtp servers, imap servers, web servers, cups servers (as in Timothy's example above).
Craig
Timothy Murphy wrote:
Björn Persson wrote:
1: Check that Cups is actually listening on the network. Run this command as root on the machine where the printer is:
netstat --inet --inet6 --listen --program --numeric | grep cupsd
Does it say "192.168.x.y:631" or "127.0.0.1:631"?
Isn't it easier just to say telnet 192.168.a.b 631 Doesn't this tell you if you are connected to the CUPS server much more simply?
That's essentially the same test that Beartooth already did when he typed "http://192.168.x.y:631/admin" into Firefox. He was told that the connection failed. The next step is then to find out *why* the connection failed. To that end I asked him to check the two reasons I thought were most likey. By using the netstat command that you quoted we found out that Cups does indeed listen for requests from other machines, so that reason is now eliminated.
If we were to suspect that Firefox or Privoxy was misbehaving, then testing with Telnet instead would be valuable. Since the connection currently fails for Telnet too, there's no reason to suspect Firefox or Privoxy.
Björn Persson
Beartooth wrote:
On #1, Where the printer is and I am now, I see almost identical entries :
==== ===== ===== =====
Search in Printers: Clear
Showing 2 of 2 printers. Sort Descending psc-1310-series- (Default Printer) Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: idle, accepting jobs, published. Device URI: hp:/usb/psc_1310_series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users
psc-1310-series-2 Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: processing, accepting jobs, published. Device URI: usb://hp/psc%201310%20series?serial=CN4AIC71YKO2
May I recommend you start here? Find out which one of these entries works, use it, and delete the other. Don’t look into network printing until you’ve got local printing working reliably.
Having two entries for the same printer on the same computer is an opportunity for both CUPS and you to get confused.¹
Once you’ve got local printing working, then you may want to start from scratch on other PC, so you know you’re sharing the printer entry that works.
Hope this helps,
James.
¹ There are sometimes good reasons for doing so, mind, but that’s more advanced stuff.
On Thu, 30 Oct 2008 21:29:41 +0000, James Wilkinson wrote: [...]
May I recommend you start here? Find out which one of these entries works, use it, and delete the other. Don’t look into network printing until you’ve got local printing working reliably.
Having two entries for the same printer on the same computer is an opportunity for both CUPS and you to get confused.¹
Once you’ve got local printing working, then you may want to start from scratch on other PC, so you know you’re sharing the printer entry that works.
[...]
¹ There are sometimes good reasons for doing so, mind, but that’s more advanced stuff.
Yes, somebody else recommended that, and I did it as soon as I was sure he meant it.
The current situation is that printing works on #1, where the printer is -- and not from the others.
On Thu, 2008-10-30 at 21:52 +0000, Beartooth wrote:
On Thu, 30 Oct 2008 21:29:41 +0000, James Wilkinson wrote: [...]
May I recommend you start here? Find out which one of these entries works, use it, and delete the other. Don’t look into network printing until you’ve got local printing working reliably.
Having two entries for the same printer on the same computer is an opportunity for both CUPS and you to get confused.¹
Once you’ve got local printing working, then you may want to start from scratch on other PC, so you know you’re sharing the printer entry that works.
[...]
¹ There are sometimes good reasons for doing so, mind, but that’s more advanced stuff.
Yes, somebody else recommended that, and I did it as soon as I was sure he meant it.
The current situation is that printing works on #1, where the printer is -- and not from the others.
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers. Any configuration you do on the clients will undoubtedly screw things up. One exception. In the /etc/cups/client.conf file you can fill in the ServerName line with the address of the server. Leave the admin boxes alone. -- ======================================================================= All men are mortal. Socrates was mortal. Therefore, all men are Socrates. -- Woody Allen ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Fri, 2008-10-31 at 08:50 -0500, Aaron Konstam wrote:
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers.
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
* enable Network Printing Client (IPP) packets through the firewall by selection System->Administration->Firewall, selecting the "Network Printing Client (IPP)" check-box and clicking Apply.
Tim. */
On Fri, 31 Oct 2008 14:22:18 +0000, Tim Waugh wrote:
On Fri, 2008-10-31 at 08:50 -0500, Aaron Konstam wrote:
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers.
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
- enable Network Printing Client (IPP) packets through the firewall by
selection System->Administration->Firewall, selecting the "Network Printing Client (IPP)" check-box and clicking Apply.
WOW!! What a difference! I did that on machine #2 (only, so far).
When I click on Printers, I see what the machine thinks are *nine* : my wife's downstairs is there twice, once as itself and once with "-fax" appended to it. All the other seven are my one machine, once as default with my name for the machine it's on, but no IP; the others have either an IP or some other indication where they are; I'm seeing it double on #1 (as default and not), and double on #4 (with its same correct IP both times, not together); sometimes it shows as published, sometimes not.
I tried to print the router's table, with IP and MAC numbers, from a browser (Konqueror, despite the fact i run Gnome); but it just asked me if the printer were connected.
Iiuc, I should go do the same on the other two clients (machine #3 and #4, no printer attached), but *not* on #1, which does have the printer, and must therefore be acting as the server. Right?
On Fri, 31 Oct 2008 17:43:14 +0000, Beartooth wrote:
On Fri, 31 Oct 2008 14:22:18 +0000, Tim Waugh wrote:
[...]
- enable Network Printing Client (IPP) packets through the firewall by
selection System->Administration->Firewall, selecting the "Network Printing Client (IPP)" check-box and clicking Apply.
WOW!! What a difference! I did that on machine #2 (only, so far).
When I click on Printers, I see what the machine thinks are *nine* : my wife's downstairs is there twice, once as itself and once with "-fax" appended to it. All the other seven are my one machine, once as default with my name for the machine it's on, but no IP; the others have either an IP or some other indication where they are; I'm seeing it double on #1 (as default and not), and double on #4 (with its same correct IP both times, not together); sometimes it shows as published, sometimes not.
I tried to print the router's table, with IP and MAC numbers, from a browser (Konqueror, despite the fact i run Gnome); but it just asked me if the printer were connected.
Iiuc, I should go do the same on the other two clients (machine #3 and #4, no printer attached), but *not* on #1, which does have the printer, and must therefore be acting as the server. Right?
I did that, but did not try again to print, nor to configure anything on one machine from another.
I did check the printers listed -- and found no two lists the same.
#1 shows its own printer, and nothing else, not even my wife's.
#2, as previously reported, shows my wife's twice, and mine seven different ways on three identifiable (by me) machines.
#3 shows my wife's twice, and mine four times, if you accept the designation "default" as telling me it's on #1.
#4 machine shows my wife's twice, and mine five times, identifying them in various ways.
There's more detail, among which it may be of interest that, somewhere in all that, I noticed an identification of a printer on one machine, and a driver of a different machine.
Whoo - ooo -- oooie!
On Fri, 2008-10-31 at 17:43 +0000, Beartooth wrote:
On Fri, 31 Oct 2008 14:22:18 +0000, Tim Waugh wrote:
On Fri, 2008-10-31 at 08:50 -0500, Aaron Konstam wrote:
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers.
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
- enable Network Printing Client (IPP) packets through the firewall by
selection System->Administration->Firewall, selecting the "Network Printing Client (IPP)" check-box and clicking Apply.
WOW!! What a difference! I did that on machine #2 (only, so far).
When I click on Printers, I see what the machine thinks are *nine* : my wife's downstairs is there twice, once as itself and once with "-fax" appended to it. All the other seven are my one machine, once as default with my name for the machine it's on, but no IP; the others have either an IP or some other indication where they are; I'm seeing it double on #1 (as default and not), and double on #4 (with its same correct IP both times, not together); sometimes it shows as published, sometimes not.
I tried to print the router's table, with IP and MAC numbers, from a browser (Konqueror, despite the fact i run Gnome); but it just asked me if the printer were connected.
Iiuc, I should go do the same on the other two clients (machine #3 and #4, no printer attached), but *not* on #1, which does have the printer, and must therefore be acting as the server. Right?
Not necessarily. This case is somewhat special. Are you saying you want that printer available to all the client machines. To do that you need to read very carefully the document on the web interface concerning configuring cupsd.conf. Otherwise , you probably will not to be able to print to that printer from the machine it is attached to. If you tell me it is printing to that machine as well as the other machines you have lucked out. -- ======================================================================= We totally deny the allegations, and we're trying to identify the allegators. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Fri, 2008-10-31 at 14:22 +0000, Tim Waugh wrote:
On Fri, 2008-10-31 at 08:50 -0500, Aaron Konstam wrote:
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers.
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
- enable Network Printing Client (IPP) packets through the firewall by
selection System->Administration->Firewall, selecting the "Network Printing Client (IPP)" check-box and clicking Apply.
Tim. */
Not true. One always had to have the appropriate port open. -- ======================================================================= If at first you don't succeed, you must be a programmer. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Fri, 2008-10-31 at 15:35 -0500, Aaron Konstam wrote:
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
[...]
Not true. One always had to have the appropriate port open.
Indeed, but talking about the default installation, Fedora prior to Fedora 9 defaulted to allowing IPP traffic whereas Fedora 9 is the first version to disable that on a default installation.
Tim. */
On Fri, 2008-10-31 at 21:36 +0000, Tim Waugh wrote:
On Fri, 2008-10-31 at 15:35 -0500, Aaron Konstam wrote:
This used to be the case. Unfortunately, starting with Fedora 9, the minimum that is now needed on the clients has changed from "none" to:
[...]
Not true. One always had to have the appropriate port open.
Indeed, but talking about the default installation, Fedora prior to Fedora 9 defaulted to allowing IPP traffic whereas Fedora 9 is the first version to disable that on a default installation.
Tim. */
OK, I concede the point. -- ======================================================================= One family builds a wall, two families enjoy it. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
On Fri, 31 Oct 2008 08:50:59 -0500, Aaron Konstam wrote: [...]
The current situation is that printing works on #1, where the printer is -- and not from the others.
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers. Any configuration you do on the clients will undoubtedly screw things up. One exception. In the /etc/cups/client.conf file you can fill in the ServerName line with the address of the server. Leave the admin boxes alone.
This confuses me. It reads as if the problem were using several printers from one machine.
Not so. I have only one printer, but I need to be able to use it from at least four machines -- the PCs at my desk. (If I can eventually also use it from the wireless laptops a/o from my wife's PC downstairs (all of them on the LAN, at least when at home and booted), so much the better.)
Are we at cross-purposes? Or am I just imagining so?
On Fri, 2008-10-31 at 17:20 +0000, Beartooth wrote:
On Fri, 31 Oct 2008 08:50:59 -0500, Aaron Konstam wrote: [...]
The current situation is that printing works on #1, where the printer is -- and not from the others.
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers. Any configuration you do on the clients will undoubtedly screw things up. One exception. In the /etc/cups/client.conf file you can fill in the ServerName line with the address of the server. Leave the admin boxes alone.
This confuses me. It reads as if the problem were using several printers from one machine.
Not so. I have only one printer, but I need to be able to use it from at least four machines -- the PCs at my desk. (If I can eventually also use it from the wireless laptops a/o from my wife's PC downstairs (all of them on the LAN, at least when at home and booted), so much the better.)
Are we at cross-purposes? Or am I just imagining so?
The machine with the printer is the server and the printer should be configured on that machine. Printing will be possible from all the printers on the LAN without any further configuration. The machines will all have to be on the same LAN for this to work. If they are on different LANS the SERVERNAME must be filled in in clients.conf.
I print from my wireless laptop to a printer on the server and a printer on my wife's XP. But all configuration of printers are on my server machine. -- ======================================================================= Are you sure the back door is locked? ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net
Aaron Konstam wrote:
Ok, here is the deal. Configure all the printers on the server. On the clients do no configuration at all ,none. And you will be able to print to all the printers. Any configuration you do on the clients will undoubtedly screw things up. One exception. In the /etc/cups/client.conf file you can fill in the ServerName line with the address of the server. Leave the admin boxes alone.
I don't understand this. Are you saying that if you do nothing on the client(s) they will find the printer(s) ?
On Wed, 29 Oct 2008 15:18:31 -0500, Mikkel L. Ellertson wrote:
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Machine #3 has only one listing, which of course is the default; but it says usb :
===== ===== ===== ===== Printers Home Administration Classes Documentation/Help Jobs Printers
Search in Printers: Clear
Showing 1 of 1 printer. Sort Descending psc_1310_series_ (Default Printer) "/usr/lib/cups/filter/foomatic-rip failed" Description: hp psc 1310 series Location: Printer Driver: HP PSC 1310 Foomatic/hpijs (recommended) Printer State: processing, accepting jobs, published. Device URI: usb://hp/psc%201310%20series?serial=CN4AIC71YKO2
Print Test Page Stop Printer Reject Jobs Move All Jobs Cancel All Jobs Unpublish Printer Modify Printer Set Printer Options Delete Printer Set As Default Set Allowed Users Sort Descending ===== ===== ===== =====
On Wed, 29 Oct 2008 15:18:31 -0500, Mikkel L. Ellertson wrote: [...]
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
I have just reversed the default on #2; going to #1
Mikkel L. Ellertson wrote:
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>/631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Dear Mikkel,
Are you suggesting one should use the ipp:// URI rather than http:// ? I always use the http one, on the grounds that I've heard of http . Is there really any difference? I assume one is not really using http, just the protocol.
It's a pity CUPS gives an inordinately long URI for USB printers.
Timothy Murphy wrote:
Mikkel L. Ellertson wrote:
If you are using the CUPS web administration, look at the "Device URI:" line. One should be a USB device, and one an ippd://<address>:631/<something> - the ipp:// one should be the default on all but the machine with the printer attached.
Dear Mikkel,
Are you suggesting one should use the ipp:// URI rather than http:// ? I always use the http one, on the grounds that I've heard of http . Is there really any difference? I assume one is not really using http, just the protocol.
Yes, I am for the printer URI. http: is HyperText Transfer Protocol - ipp: is Internet Printing Protocol (If I have the acronyms correct.) In any case, it is one of the printing protocols, and it is designed for network printers. On the other hand, http: is not designed to be a printer protocol. To a large extent, it is replacing the older lpr protocol.
When you are accessing the CUPS web interface, you would still use http:// to get the human-readable interface. But your printer should not be doing this.
It's a pity CUPS gives an inordinately long URI for USB printers.
Well, part of the reason for this is to make sure you are printing to the correct printer, even if it is plugged into a different port, or in a different order. It also makes sure you are talking to the correct function on multi-function devices.
I don't know it there are USB printers that support different print queues, but I imagine that would also affect the URI. I know it does on ipp printers and print servers. (The last <something> in the URI is normally the print queue.)
Mikkel
On Wed, 29 Oct 2008 19:12:54 +0000, Beartooth wrote:
I've been advised, more or less btw in an otherwise scarcely related thread, to quit using my KVM switch (which has spare USB ports touted by the maker especially for printserving) as a printserver.
So I plugged the printer (an HP psc 1315v) into my #1 machine; and I've been telling Firefox 127.0.0.1:631 on each of the machines, and trying to get it to work.
Monday UPDATE
I've followed all the kind advice in this thread, and also fiddled and futzed and fooled between whiles -- chiefly by deleting superfluous printers that had crept in, a finite series of them, but a tedious one. I kept deleting till I got down to the one right printer, if I could, and then configuring that, over and over. And I have a partial result.
Machines #2, #3, and #4 all show my wife's printer downstairs, as well as another. (Machine #1 does not.) #2 and #4 have the other, set to default, as the real machine on #1 -- though for a while they kept insisting it did not exist. Machine #3 has the "other" printer shown with a URI saying "file: /dev/null" -- and won't let me remove it!
Actually, #2 and #4 show that, too; they also show a name with spaces, which #3 is refusing to accept. Possibly related is that in the midst of all this, CUPS started demanding https instead of http to go from one of its own locations to another ...
Machines #2 and #4 have just successfully sent test pages to the printer on machine #1. Machine #3 failed.
I'm in process of adding a printer to #3, cloning all the settings off the others. Maybe after that, and after making it the default, it will let me delete the useless one ...
*Later* : #3 keeps rejecting the settings on the other machines, and leading me to quire different settings -- which also fail.
On Mon, 2008-11-03 at 22:06 +0000, Beartooth wrote:
I've followed all the kind advice in this thread, and alsofiddled and futzed and fooled between whiles -- chiefly by deleting superfluous printers that had crept in, a finite series of them, but a tedious one. I kept deleting till I got down to the one right printer, if I could, and then configuring that, over and over. And I have a partial result.
Machines #2, #3, and #4 all show my wife's printerdownstairs, as well as another. (Machine #1 does not.) #2 and #4 have the other, set to default, as the real machine on #1 -- though for a while they kept insisting it did not exist. Machine #3 has the "other" printer shown with a URI saying "file: /dev/null" -- and won't let me remove it!
You might want to tell us specifically what you did to achieve all this, rather than just the results. Very little fiddling should be needed from a fresh start, but some amount of fiddling might be needed to undo a pre-mangled system.
On a fresh system, all you should have to do is connect a printer to the print server computer, and let it sort itself out, or manually set that printer up on the server. Or a bit of both (I renamed the automatic named printer settings to something less annoying). Whichever way you go, once the server can print to its own printer, it's working, and you'd then configure the server to let the rest of the LAN make use of it. That's a two-parter, allowing CUPS through the firewall (*), and configuring CUPS administration options related to sharing (**),
* On my LAN, all the PCs are trusted explicitly, so I took the easy option of setting the firewall to trust eth0 as a whole, rather than particular ports. There's another barrier between the LAN and the internet. Firewall on each PC get in the way of print serving, and also some print clients. As I recall, it got in the way of automatically discovering the print server on the LAN. The print server can periodically announce its presence, but the firewall stopped that.
** Share out that printer to the LAN but it doesn't need sharing to the internet, unless you have a mixture of different isolated subnets, where that option will allow crossing from one subnet to another. Perhaps you might want to allow remote administration of the server, and allow users to cancel any jobs, but that's icing on the cake, it's not needed just to be able to print. You may also want the server to include printers on other CUPS servers, if you had other ones on the premises. But, again, that's not needed. And can get messy if you have several servers publishing their own printers, plus republishing the other server's printers.
On the clients, you shouldn't need to do anything. They should automatically find out about all the printers available on the LAN, and automatically list them as printable to. This should take a few moments, not ages. All you should have to do, if you had more than one choice, would be to pick a default.
Having said that, if you're reconfiguring a system which already had printers configured all over the place on the clients, you'd want to remove all those configurations, and then let them find the servers by themselves, again.
On Tue, 04 Nov 2008 20:20:48 +1030, Tim wrote:
On Mon, 2008-11-03 at 22:06 +0000, Beartooth wrote:
[...]
Machines #2, #3, and #4 all show my wife's printerdownstairs, as well as another. (Machine #1 does not.) #2 and #4 have the other, set to default, as the real machine on #1 -- though for a while they kept insisting it did not exist. Machine #3 has the "other" printer shown with a URI saying "file: /dev/null" -- and won't let me remove it!
You might want to tell us specifically what you did to achieve all this, rather than just the results. Very little fiddling should be needed from a fresh start, but some amount of fiddling might be needed to undo a pre-mangled system.
I can't tell you, alas!,for two reasons. I would have, if I could remember. But I didn't keep good track; and, you might know, I did a whole series of things on one machine -- and then realized I had somehow gotten off #3 and onto #2 ...
On a fresh system, all you should have to do is connect a printer to the print server computer, and let it sort itself out, or manually set that printer up on the server. Or a bit of both (I renamed the automatic named printer settings to something less annoying). Whichever way you go, once the server can print to its own printer, it's working, and you'd then configure the server to let the rest of the LAN make use of it. That's a two-parter, allowing CUPS through the firewall (*), and configuring CUPS administration options related to sharing (**),
I'm thinking a fresh start is indeed indicated, yet again -- or at least a nearly fresh one.
Let me see if I have this straight. Having done most of the two footnoted parts above (maybe all -- I tried to), I *think* I can just go from client to client, deleting *all* printers (if all will let me; last time I tried that, as I said above, there was one that seemed immortal, afaict).
If/when I get thepresent entries deleted, they will presumably once again find my wife's printer downstairs. They did last time, doubly : once as a printer and once as a fax. Does it hurt to have that there? Should I re-delete it, or maybe go shut her machine down (she's out of town) before I start telling clients to find printers?
- On my LAN, all the PCs are trusted explicitly, so I took the easy
option of setting the firewall to trust eth0 as a whole, rather than particular ports. There's another barrier between the LAN and the internet. Firewall on each PC get in the way of print serving, and also some print clients. As I recall, it got in the way of automatically discovering the print server on the LAN. The print server can periodically announce its presence, but the firewall stopped that.
I did that, iiuc : marked both eth0 and ippp+ as trusted on all clients and on the server.
** Share out that printer to the LAN but it doesn't need sharing to the internet, unless you have a mixture of different isolated subnets, where that option will allow crossing from one subnet to another.
I don't have such complications -- it's all on plain LAN, without subnets. But I don't follow how I share it only to the LAN -- unless that's what trusting eth0 and ippp+ do, perhaps??
Perhaps you might want to allow remote administration of the server,and allow users to cancel any jobs, but that's icing on the cake, it's not needed just to be able to print.
OK.
You may also want the server to include printers on other CUPS servers, if you had other ones on the premises. But, again, that's not needed. And can get messy if you have several servers publishing their own printers, plus republishing the other server's printers.
That's the one thought that gives me pause about my wife's printer. We don't normally fax things, nor receive faxes; but I can easily imagine it becoming convenient to be able to print to one another's printers, for instance if one breaks down or runs out of ink/ toner/whatever. Otoh, it sounds like a large can of worms ...
On the clients, you shouldn't need to do anything. They should automatically find out about all the printers available on the LAN, and automatically list them as printable to. This should take a few moments, not ages. All you should have to do, if you had more than one choice, would be to pick a default.
I haven't (yet, at least) done a thing about my wife's machine nor printer -- not made it either a client or a server.
Having said that, if you're reconfiguring a system which already had printers configured all over the place on the clients, you'd want to remove all those configurations, and then let them find the servers by themselves, again.
Hmmm ... Does that mean I need to go reconfigure my wife's CUPS in any case??
Beartooth:
Let me see if I have this straight. Having done most of the two footnoted parts above (maybe all -- I tried to), I *think* I can just go from client to client, deleting *all* printers (if all will let me; last time I tried that, as I said above, there was one that seemed immortal, afaict).
If desperate, one could go into /etc/cups/ and remove the entries for particular printers. I'm not sure how it handles missing files, but you could load the file and remove all the configuration data, leaving just the two comment lines at the top of printers.conf.
If/when I get thepresent entries deleted, they will presumably once again find my wife's printer downstairs. They did last time, doubly : once as a printer and once as a fax. Does it hurt to have that there? Should I re-delete it, or maybe go shut her machine down (she's out of town) before I start telling clients to find printers?
I can't see a problem with their being a paper printer and a fax printer on the list, unless they're named so badly that you can't pick the right one, but a rename would sort that out.
If that computer's not in use, you could remove it from the equation while you set the rest up.
Tim:
- On my LAN, all the PCs are trusted explicitly, so I took the easy
option of setting the firewall to trust eth0 as a whole, rather than particular ports.
I did that, iiuc : marked both eth0 and ippp+ as trusted on all clients and on the server.
I wouldn't go marking ppp as trusted, that's the interface to the world. That's throwing the firewall away, completely.
** Share out that printer to the LAN but it doesn't need sharing to the internet, unless you have a mixture of different isolated subnets, where that option will allow crossing from one subnet to another.
I don't have such complications -- it's all on plain LAN, without subnets. But I don't follow how I share it only to the LAN -- unless that's what trusting eth0 and ippp+ do, perhaps??
CUPS has two administration options in this area, share printers (to the local network), and allow printing from the internet (share it to anyone and everything). The first will only allow printing within the boundary of what's considered the local network.
Firewall configuration is a separate issue. Allowing *connections* between interfaces and ports, and where the allowing and disallowing happens (with the local network, and the external network, separately).
We don't normally fax things, nor receive faxes; but I can easily imagine it becoming convenient to be able to print to one another's printers, for instance if one breaks down or runs out of ink/ toner/whatever. Otoh, it sounds like a large can of worms ...
Or, if one printer has features that the other does not (colour, double-sided, collating, etc.), or you're going to print something intended for the other person (it can sit in their printer out tray). There's a plethora of reasons why you might do that.
On the other hand, if you have one printer that you want to be able to use anywhere, and another that will only be used with the computer it sits next to, then share out the first one, and don't share the second one.
I haven't (yet, at least) done a thing about my wife's machine nor printer -- not made it either a client or a server.
So, that's still got the factory pre-configuration, so to speak? In that case, I'd leave it alone while you play with the rest of your network, and you can *look* at what it does as you go along.
Having said that, if you're reconfiguring a system which already had printers configured all over the place on the clients, you'd want to remove all those configurations, and then let them find the servers by themselves, again.
Hmmm ... Does that mean I need to go reconfigure my wife's CUPS in any case??
Now I'm confused. If you hadn't done anything to it before, why would you need to now?
On Fri, 07 Nov 2008 03:12:09 +1030, Tim wrote:
Beartooth:
Let me see if I have this straight. Having done most of the two footnoted parts above (maybe all -- I tried to), I *think* I can just go from client to client, deleting *all* printers (if all will let me; last time I tried that, as I said above, there was one that seemed immortal, afaict).
If desperate, one could go into /etc/cups/ and remove the entries for particular printers. I'm not sure how it handles missing files, but you could load the file and remove all the configuration data, leaving just the two comment lines at the top of printers.conf.
I'll bear that in mind.
If/when I get the present entries deleted, they will presumably once again find my wife's printer downstairs. They did last time, doubly : once as a printer and once as a fax. Does it hurt to have that there? Should I re-delete it, or maybe go shut her machine down (she's out of town) before I start telling clients to find printers?
I can't see a problem with their being a paper printer and a fax printer on the list, unless they're named so badly that you can't pick the right one, but a rename would sort that out.
If that computer's not in use, you could remove it from the equation while you set the rest up.
Tim:
- On my LAN, all the PCs are trusted explicitly, so I took the easy
option of setting the firewall to trust eth0 as a whole, rather than particular ports.
I did that, iiuc : marked both eth0 and ippp+ as trusted on all clients and on the server.
I wouldn't go marking ppp as trusted, that's the interface to the world. That's throwing the firewall away, completely.
It was Ippp+, not ppp+; but I changed it back, to be sure. ^ ^
** Share out that printer to the LAN but it doesn't need sharing to the internet, unless you have a mixture of different isolated subnets, where that option will allow crossing from one subnet to another.
I don't have such complications -- it's all one plain LAN, without subnets. But I don't follow how I share it only to the LAN -- unless that's what trusting eth0 and ippp+ do, perhaps??
CUPS has two administration options in this area, share printers (to the local network), and allow printing from the internet (share it to anyone and everything). The first will only allow printing within the boundary of what's considered the local network.
Firewall configuration is a separate issue. Allowing *connections* between interfaces and ports, and where the allowing and disallowing happens (with the local network, and the external network, separately).
We don't normally fax things, nor receive faxes; but I can easily imagine it becoming convenient to be able to print to one another's printers, for instance if one breaks down or runs out of ink/ toner/whatever. Otoh, it sounds like a large can of worms ...
Or, if one printer has features that the other does not (colour, double-sided, collating, etc.), or you're going to print something intended for the other person (it can sit in their printer out tray). There's a plethora of reasons why you might do that.
On the other hand, if you have one printer that you want to be able to use anywhere, and another that will only be used with the computer it sits next to, then share out the first one, and don't share the second one.
I haven't (yet, at least) done a thing about my wife's machine nor printer -- not made it either a client or a server.
So, that's still got the factory pre-configuration, so to speak? In that case, I'd leave it alone while you play with the rest of your network, and you can *look* at what it does as you go along.
Having said that, if you're reconfiguring a system which already had printers configured all over the place on the clients, you'd want to remove all those configurations, and then let them find the servers by themselves, again.
Hmmm ... Does that mean I need to go reconfigure my wife's CUPS in any case??
Now I'm confused. If you hadn't done anything to it before, why would you need to now?
I wasn't sure whether the fact that my clients had found her printer constituted "printers configured all over the place on the clients." Now I take you to mean it doesn't.
On Fri, 07 Nov 2008 03:12:09 +1030, Tim wrote: [...]
If desperate, one could go into /etc/cups/ and remove the entries for particular printers. I'm not sure how it handles missing files, but you could load the file and remove all the configuration data, leaving just the two comment lines at the top of printers.conf.
[...] Would you believe that's what it shows now? Yet both Firefox and Opera insist on showing three.
I tried using Hbsk and Hbsk.localdomain (which is what uname shows for this machine) on Opera, but it failed to connect, though I saw it try 127.0.0.1
Tim:
If desperate, one could go into /etc/cups/ and remove the entries for particular printers. I'm not sure how it handles missing files, but you could load the file and remove all the configuration data, leaving just the two comment lines at the top of printers.conf.
Beartooth:
Would you believe that's what it shows now? Yet both Firefox and Opera insist on showing three.
Yes, printers.conf shows "local" printers. I'm betting that the printers showing up in your browsers are not local ones, but ones on another PC and available over the network.
I tried using Hbsk and Hbsk.localdomain (which is what uname shows for this machine) on Opera, but it failed to connect, though I saw it try 127.0.0.1
Tried using them for what?
127.0.0.1 is computer speak for myself, network-wise. All computers connect to themselves at 127.0.0.1. By convention, "localhost" is related to that IP. And by a Linux convention, "localhost.localdomain" is, as well (most likely to satisfy things that want a domain name with at least one dot in it).
Whereas other hostnames are generally applied to other network interfaces, and some services may not listen to them by default, for security reasons, so that they can't be messed with by others over your network.
On Mon, 10 Nov 2008 19:07:19 +1030, Tim wrote:
Tim:
If desperate, one could go into /etc/cups/ and remove the entries for particular printers. I'm not sure how it handles missing files, but you could load the file and remove all the configuration data, leaving just the two comment lines at the top of printers.conf.
Beartooth:
Would you believe that's what it shows now? Yet both Firefox and Opera insist on showing three.
Yes, printers.conf shows "local" printers. I'm betting that the printers showing up in your browsers are not local ones, but ones on another PC and available over the network.
I tried using Hbsk and Hbsk.localdomain (which is what uname shows for this machine) on Opera, but it failed to connect, though I saw it try 127.0.0.1
Tried using them for what?
For 'localhost' in pointing the browser at its own machine.
This is a vexed question here. I've given all the machines names, in hope of better telling them apart under ssh and scp. My router, however (a Netgear MBR 814, from my local access provider) sometimes uses the names and sometimes does not, in displays for me to read; I can't tell what it says to the machines about one another, so I tried things it might be saying.
127.0.0.1 is computer speak for myself, network-wise. All computers connect to themselves at 127.0.0.1. By convention, "localhost" is related to that IP. And by a Linux convention, "localhost.localdomain" is, as well (most likely to satisfy things that want a domain name with at least one dot in it).
Yes, I did know that much; and what I seemed to be seeing was a failure of it. Hbsk went looking for localhost, translated that into 127.0.0.1 -- and them failed to find it. So I thought it might have better luck starting from 'Hbsk'; it was an easy thing to try.
Whereas other hostnames are generally applied to other network interfaces, and some services may not listen to them by default, for security reasons, so that they can't be messed with by others over your network.
When I first started using names, I hoped that might be an additional benefit; I'm glad to hear it may, indeed.
Incidentally, CUPS on *some* machines seems to be doing another strange thing. When I tell it with Firefox to delete a printer, or make on default, or whatever, Firefox opens a tab (labelled 426) telling me I now have to use https with some other machine's IP, 192.168.x.y; it lets me click on it; and then the whole tab goes blank.
Looks to me as if it's trying to delete an unwanted printer not from its own printers.conf (which I know from the command line doesn't have it anyway) but from the other machine it imagines that printer to be attached to. (It isn't.)