Wednesday, February 15, 2012

AirPrint in corporate networks (II)


After the configuration of AirPrint to use it on standard printers in small networks, the next step is to extend the AirPrint shared printers in such a way that the printers can be reached from client devices in different subnets. This is basically a rewrite of the original article, but giving additional information and details specific to Linux, in particular to the RHEL and derived such as CentOS and Scientific Linux.

In order to achieve that, we setup a nameserver which, in addition to the usual services, adds specific information related to AirPrint. If we do not have access to the corporate DNS or we prefer not to play with such a server to avoid messing it, we can create an additional nameserver just for the wireless devices (those connecting from the wireless network range).

A very common common scenario for wireless devices is to have a DHCP server to assign IP addresses to these devices. Our particular setup includes several access points which relay DHCP requests to a central DHCP server. This server gives not only IP addresses to wireless devices, but also some additional information such as the address of the modified DNS server as well as a default domain name. Wired devices usually do have fixed IP addresses and they can continue using the corporate DNS, which has no information or knowledge about anything related to AirPrint.

This second version was initially installed on a computer running CentOS 5.6, but a few weeks after that installation we had to migrate the system to a new hardware. In the new hardware, we installed a different version: ScientificLinux 6.1. This distribution is also based on RHEL, so we assume that the following tutorial will be valid for any distribution based on RHEL 6.x. This machine will be referred to as AirPrint gateway server in this tutorial.

If you want to use your Linux box to provide with all the necessary services, you can setup your own DHCP server. If you (your company) already have a DHCP running and do not want to modify it, just do make the necessary changes to take into account the wireless devices.

Our particular scenario (*) is the next one:
Wired computers: 10.36.11.0/24
AirPrint gateway server (DHCP, named, CUPS): 10.36.11.22
Main corporate DNS server: 10.36.11.21
Wireless computers: 10.41.137.192/26 (DHCP range: 202..254)
Domain name: intranet.mycorporation.com

(*) This is just a simplification of the real scenario where some names and values have been changed.

After making the necessary changes to fit your particular scenario, you should add something similar to that to your /etc/dhcpd.conf file:

subnet 10.41.137.192 netmask 255.255.255.192 {
    range 10.41.137.202 10.41.137.254;
    option domain-name "wifi.intranet.mycorporation.com";
    option domain-name-servers 10.36.11.22;
    option routers 10.41.137.193;
    option subnet-mask 255.255.255.192;
    option broadcast-address 10.41.137.255;
}

The goal is to make wireless devices point to a modified DNS instead of the main corporate DNS server as well as to define a default domain name. The new DNS will manage just the necessary information in order to make AirPrint printers reachable. Other additional DNS configurations will be managed by the original nameserver, and the new one will just redirect every DNS query (except those related to AirPrint devices) to the corporate nameserver.

So, the next step is to setup our DNS (bind / named) server on our Linux box. You can find detailed information on how to setup this service. Our particular server will just define the specific zone necessary to access AirPrint from wifi devices, while relying to the main corporate server any other DNS query. You can choose to install either a standard DNS server or a chrooted DNS server.

The location of the configuration directory may vary (/etc/named/named.conf, /var/named/chroot/etc/named.conf). The named.conf file will be modified to include a zone with the necessary definitions in order to allow the wireless devices to discover the printers.

options {
# Add this to your current options ...
    forwarders { 10.36.11.21 ; }; // The main corporate DNS
    forward first;
    allow-query-cache { any; }; // Could be limited to the wifi range
    auth-nxdomain no;
    recursion yes;
};

# Include the file with the zone definitions
zone "wifi.intranet.mycorporation.com" {
    type master;
    file "/var/named/slaves/wifi.intranet.mycorporation.com.zone";
    allow-update { none; };
};

Take into account that if your named installation is chrooted, the zone file will have to be placed under /var/named/chroot/

The zone definition file has two goals: The first one is to define the host acting as a print server (wifiprintserver in this sample). It also has been created a cups server with the definitions of all the printers wanted to be shared via AirPrint. The computer having the role of CUPS server is the same host acting as DHCP server and named server. According to this scenario, the beginning of the zone definition file will look like this:

# cat /var/named/slaves/wifi.intranet.mycorporation.com.zone

$ORIGIN wifi.intranet.mycorporation.com.
$TTL 23200
@   IN   SOA  ns1.wifi.intranet.mycorporation.com.  hostmaster.wifi.intranet.mycorporation.com. (
    2011051612 ; serial
    21600      ; refresh 6h
    3600       ; retry 1h
    604800     ; expire 1week
    23200      ; minimum TTL 12h
    )

    IN   NS   ns1.wifi.intranet.mycorporation.com.

ns1   IN   A   10.36.11.22  ; YOUR_AUXILIARY_DNS_SERVER_IP_ADDR

wifiprintserver IN A 10.36.11.22 ; YOURCUPSPRINTSERVER_IPADDR
lb._dns-sd._udp      IN PTR @
b._dns-sd._udp      IN PTR @

; ******************************

The DNS service can make use of multicast DNS (mDNS) and DNS Service Discovery (DNS-SD) to announce the AirPrint services. After the first section containing the definition of the print server node, it comes the specific area for every printer. The new DNS zone definition file will include entries with a content similar to that exported via avahi_dameon in the previous approach.

Every printer entry will look something like that:

_cups._sub._ipp._tcp     IN PTR corporateprinter01._printer._tcp
_universal._sub._ipp._tcp    IN PTR corporateprinter01._printer._tcp

corporateprinter01._printer._tcp    IN    SRV   0   0   631  wifiprintserver
corporateprinter01._printer._tcp    IN    TXT   (
    "txtvers=1"
    "qtotal=1"
    "rp=printers/corporateprinter01"
    "adminurl=http://wifiprintserver:631/printers/corporateprinter01"
    "ty=HP Laserjet 4050N"
    "product=(GPL Ghostscript)"
    "transparent=t"
    "copies=t"
    "duplex=f"
    "color=f"
    "pdl=application/octet-stream,application/pdf,application/postscript,image/gif,image/jpeg,image/png,image/tiff,text/html,text/plain,application/vnd.cups-postscript,application/vnd.cups-raw,application/vnd.hp-hpgl,image/x-bitmap,image/x-photocd"
    "printer-type=0x90d4"
    "URF=none"
)

; ******************************

In this step, once you have all the services running, your iOS mobile device will already be able to detect the AirPrint enabled printers and to send print jobs to them. There is only one missing task: Trying to automatize the creation of the printer definitions in the zone definition file.

No comments: