05. Configuration

It is recommended to configure the Print Proxy System first and then the Print Server System.

Proxy Server Configuration

EBF Print can address several enterprise printing systems (multi-tenant capability), requiring an assignment between tenants and their respective enterprise print server systems. This assignment is configured through the Print Proxy and stored in the configuration file:

/etc/ebf/print/proxy.yaml

An example of this file with a configured print server (rules section) and a given identity provider (identity section) looks as follows for a connected MobileIron EMM system.

# limit the supported SSL/TLS protocols
#  by removing unwanted from the brackets
server: 
  host: 127.0.0.1 
  port: 8443 
  ssl: 
    keystore: /var/lib/ebf/print/proxy.p12 
    enabled: true
    protocols: [TLSv1.2]

identity:
  provider:
    mobile_iron: 
      host: emm.example.com 
      username: 'admin' 
      password: 'admin' 

      # possible values: user_uuid, user_id, user_email, 
      #  user_first_name, user_last_name, user_display_name, 
      #  user_custom_1, user_custom_2, user_custom_3, user_custom_4, 
      # user_custom_<attribute_name> 
      user_attribute: user_id 

      # possible values: device_custom_<attribute_name> 
      # where <attribute_name> is case sensitive
      group_attribute: device_custom_Institute

rules: 
# - user: 'john doe' 
#   group: 'sales' 
#   printer:'ipp://sales.example.de:631/ipp/print/John%27s%20Printer' 

  - printer: 'ipp://print.example.de:631/ipp/print/QA%20Printer' 

Privileged ports (less than 1024) are not allowed as the service should be operated and started with a restricted user. Existing Print Servers can be linked to the users via user and/or group identifiers. The first rule that matches the transferred data (user/group) is applied and the print job will be forwarded accordingly. Only one printer can be assigned at the same time.

‚#‘ is used for comments and makes the entry inactive.

1. Edit the system configuration file for Print Proxy using LINUX vi Editor as an example:
   $ vi /etc/ebf/print/proxy.yaml
   
2. Start editing with entering ‘Insert mode’ with ‘i‘, ESC to end ‚Insert mode’.
3. End the change with ESC ‘:x’ to save the settings.
4. Check the file with ‘cat’ ‘filename’.

Identity Provider

MobileIron

Example in the proxy.yaml configuration file

identity:
  provider:
    mobile_iron:
      host: emm.example.com
      username: 'admin'
      password: 'admin'
      user_attribute: user_id
      group_attribute: device_custom_Group

Microsoft Intune

Example in the proxy.yaml configuration file

identity:
  provider:
    intune:
      client_id: 32f91de8-2d75-436c-8709-d491169add7e
      client_secret: GF23Zj~C~SGD62N_8e3kOZ2pO-n2X.5YaI
      tenant: 0142169f-fb83-43c4-9d19-5f2869fdb9f7
      user_attribute: user_id
      group_attribute: group_id

Workspace ONE

Example

identity:
  provider:
    workspace_one:
      host: emm.example.com
      username: 'admin'
      password: 'admin'
      tenant_code: 8nsrP0FSnlqWeizpCIh6yuw5WwV1MY5sskw4wVZA3e4=
      user_attribute: user_name
      group_attribute: organization_group_name

1. Input your changes with ‚i‘ (enter Insert Mode)
2. End Insert Mode with ‘ESC’
3. End the input with ‘ESC :x’ to save the changes
4. The server can now be started and its status can be checked with following commands:
   

   Server Start	$ systemctl start ebf-print-proxy
   Server Status	$ systemctl status ebf-print-proxy
   Logs	$ journalctl -u ebf-print-proxy
   Detailed Logs	$ journalctl -u ebf-print-proxy -o verbose
   Live Logs	$ journalctl -f -u ebf-print-proxy
   Activate Service Autostart	$ systemctl enable ebf-print-proxy
   Service Status Check	$ systemctl status ebf-print-proxy (service should be enabled)

Firewall Setting

To enable the Print Proxy Admin Portal within a browser, firewall configuration within the Print Proxy appliances is required. The port previously defined in the configuration file for the Print Proxy Admin Portal must be enabled:

$ sudo firewall-cmd --zone=Public --add-port=8080/tcp -–permanent

$ sudo firewall-cmd -–reload

Network Appliance Configuration

If the print environment (Proxy or Server) networks require further configuration, this is also possible through the bash console of the respective appliances:

$ sudo nmtui

Proxy Portal (only for MobileIron)

The configuration for the Print Proxy interface is contained in the configuration file:

/etc/ebf/print/admin.yaml

An example of this file is as follows:

server:
  port: 80

token:
  secret: 'secret'

mobile_iron:
  host: emm.example.com
  username: 'admin'
  password: 'admin'

  configuration_suffix: ' EBF Print'

profile:
  display_name: 'EBF Print'

The „configuration_suffix“ entry is appended to the profile name assigned by the administrator when the print profile is created to allow filtering in any EMM profile lists. The profile „display_name“ is visible in profile settings on the iOS device. Customize the file „admin.yaml“ for Print Proxy with the LINUX vi Editor for example:

$ vi /etc/ebf/print/admin.yaml

1. Start editing with entering ‘Insert mode’ with ‘i‘, ESC to end ‚Insert mode’.
2. End the change with ESC ‘:x’ to save the settings.
3. Check the file with ‘cat’ ‘filename’.
4. The Print Admin console can now be started and its status be checked:
   

   Server Start	$ systemctl start ebf-print-admin
   Server Status	$ systemctl status ebf-print-admin
   Logs	$ journalctl -u ebf-print-admin
   Activate Service Autostart	$ systemctl enable ebf-print-admin
   Service Status Check	$ systemctl status ebf-print-admin (service should be enabled)

Print Server Configuration

The configuration of the Print Server occurs through the configuration file:

/etc/ebf/print/server.yaml

An example with two configured Print Servers in the section „printers“ is as follows:

# limit the supported SSL/TLS protocols
#  by removing unwanted from the brackets
server:
  host: "192.168.1.1" 
  port: 8631
  ssl:
    enabled: true
    protocols: [TLSv1, TLSv1.1, TLSv1.2]
 
spool: /var/spool/ebf/print

printers: 
  -
    name: "QA Printer" 
    connection: "lpd://10.4.0.1/QAPrinter"
    driver: /usr/share/ebf/print/default.ppd
  -
    name: "DEV Printer" 
    location: "Dev Room" 
    connection: "lpd://10.4.0.2/DEVPrinter" 
    driver: /usr/share/ebf/print/default-pcl.ppd

• Port: No privileged port (less than 1024) can be used for the server port, the service should be operated with a restricted user to allow the service to start.
• Connection: The attribute „connection“ contains the address of the enterprise (FollowMe) printing solution or simply the raw printer IP. The printer name that appears on the iOS device is taken directly from the „name“ attribute and must match the name in the URL from the „printer“ attribute in „proxy.yaml“ from Print Proxy Configuration.
• Location: The „location“ attribute is displayed as additional information in the printer properties on the iOS device.

Editing the configuration file for the EBF Print Server can be achieved for example using the LINUX vi Editor on the appliance system with the following call:

$ vi systemctl /etc/ebf/print/server.yaml

1. Start editing with entering ‘Insert mode’ with ‘i‘, ESC to end ‚Insert mode’.
2. End the change with ESC ‘:x’ to save the settings.
3. Check the file with ‘cat’ ‘filename’.

The server can now be started and its status checked. The commands are described below: