7 Replies Latest reply on Apr 19, 2013 10:10 AM by Jason Pelletier

    Direct print with AD passthrough for Windows and OS X

    Jason Pelletier Tracker

      I am not sure if this is possible but am hoping that it is. We are using Uniprint 8.3 and have Windows and OS X machines all authenticating against Active Directory. Student printing is going well using their ID cards but we are not using AD usernames as the student's login name, instead we're using their swipecard ID as their login name.The same goes for staff although we charge different rates for students and staff.


      All that aside, what we want to be able to do is to use direct print for staff, not have them use Popup and pass their AD username to Pharos (pulling from their logon name in the OS they are currently logged into, OS X or Windows) allowing the print job to print and accounting to take place for that print job so that we can report on it when needed. In theory this might allow our linux users to print as well assuming we can capture the logon name too.


      Ideally we would not have to change their logonID in Pharos from swipe card to their AD credentials because we'd like to authenticate them via AD but if we have to we can.


      Has anyone done this or can anyone point me in the right direction on how I could go about pulling this one off?

        • Re: Direct print with AD passthrough for Windows and OS X

          My institution is doing something similar to what you are talking about but we have a 3 system process.  We use AD for authentication, Blackboard for the tender and then the Pharos print system.


          In Pharos we have them all grouped as either employee or student, no matter who you are the Pharos system charges that person but we give a ridiculous amount to all faculty and staff each semester, so if they run out they are abusing the system.  For students we have it set for $25.00 printing in Bb, and if they exceed that amount then it pulls from another tender they have associated with their card that they can add funds to.  So, the AD part is to associate a job with the person who printed it and they can either swipe their card or type in their AD username and password.


          We thought about not using the Bb system but that would mean someone would have to accept cash from the students and manually put it on their cards, with Blackboard they can do it themselves. 


          It was a custom configuration the Pharos implementation team did to get this functioning but it is working for us so I know it can be done for you.

          • Re: Direct print with AD passthrough for Windows and OS X
            Alex Schumacher Wayfarer

            We're in the midts of testing something like this. Users authenticate with their AD credentials to print, not their card ID, so the situation is a little different.


            For Staff, they login to their computers using their AD credentials. When they print, we've configured the Popup Questions to only popup if they are using a CostCenter (third party charging). Otherwise there is no popup question for them - it just goes directly to the printer. Also, if they only have one cost center, it automatically uses it and doesn't pop-up. If you're not using cost centers, you should be able to do the same thing. This is for both Held and Direct Queues.


            It's not actually capturing their username or AD password, it's just sending a job from thier computer as the current logged-in user, which is the same as their username in Pharos, since they authenticate via AD. To Pharos, this just looks like a print job sent from that user's account. If it's Direct, it prints, if it's held, they still need to fully authenticate to release the print job. So, in a way, it's not really "secure" print, as anyone could print from that computer if the user forgot to logoff or something, but for our situation it's good enough, and better than requireing them to login every time they want to print.


            Hopefully that made sense! Let me know if you have any specific questions.

              • Re: Direct print with AD passthrough for Windows and OS X
                Jason Pelletier Tracker

                That makes sense. The question then really is how do you get the username to pass with the job? In our tests if we don't use popup Pharos isn't accounting the job at all. We are also looking at cost centers as well. I assume that you have custom scripts to handle when to show Popup and when not to?

                  • Re: Direct print with AD passthrough for Windows and OS X
                    Alex Schumacher Wayfarer

                    We do have some custom scripts to handle certain things, but I believe that if you configure the popup quesion to not require the username or password, it will pass the current users' name through with the job. Maybe something happening in a custom script that I'm not aware of, and Pharos wrote the scripts for us when we first purchased the server.


                    We are still testing it, and here's what we've done so far that seems to work well.


                    • New job cost method for Staff (instead of students) printing
                    • New print queus for the printers (direct, Must Use Popup - Yes, Question - Cost Centers)
                    • New popup quesion for the queues, and the only question is for the cost center.


                    With all that, it's working for us. You could call Pharos to see if they can help some more, but I found that searching through the help documentation from the Pharod Administrator console gave me the most information.

                • Re: Direct print with AD passthrough for Windows and OS X
                  Paul LaFollette Guide

                  We are using AD authentication, and for costing we're having the Students use their ID cards to identify their account/funds through a gateway to a Diebold/CBord system.  Students sign in to the Pharos release stations using their AD credentials (after that they swipe their ID cards... you get the idea).


                  To get Pharos to recognize the AD accounts, we have it set in the registry of the server to look to the AD domain for authentication.  When signing in at a Pharos station, once authenticated on the AD, Pharos then adds the username to it's user database through a script we got from Pharos.  But that doesn't accomodate Direct printing.


                  To accomodate Direct printing for the printing, we have a script that updates the user database in Pharos with the AD usernames, thus our Pharos user database gets updated with the new usernames ... and because Pharos then knows the user's usernames the Direct printing will then work.


                  How you do it on your network will vary (of course).  When we add users to the AD, we use a "home-grown" process that triggers a script that adds the new username to multiple systems, including our Pharos system.  The parameters of what the script passes to Pharos is obtainable in the Pharos documentation in the user import information.


                  You may want to seperate users into groups, we are not doing that.  Can't help you with that.  To bill/cost the employees you could have "funds" put into their Pharos account, or you could have it do "Arrears" where Pharos simply tallies the number of pages and cost totals.


                  We built another "home grown" app that scans the Pharos print queues and gives me totals for specified time frames and then let's me "bill" the department accounts assigned to the different print queues (we're billing departments according to the amount of printing in the print queues assigned to said department).


                  There are a number of ways you could do it.

                  • Re: Direct print with AD passthrough for Windows and OS X
                    Nic Meadows Ranger

                    The key question for you is, what information is sent as the username with the print job to the Pharos server? If you are using AD authenication, regardless of how the your users authenticate the AD SamAccountName should be used as the username for the print job. This should be the same for Windows,Macs and Linux. There should be no need to use Popups at all - unless you need them for cost centres or similar. The only thing you may have to tweak are the regular expression to correctly extract the username, as often with Macs and Linux you end up with additional information with the username (i.e. computername) Otherwise it is possible to add scripts to the logon event, which is used by both held and direct queues, that will take whatever AD attribute you have and look it up against AD to return the SamAccountName which you then change in the script so that it matches the username in Pharos. You'll need to write a little exe for the AD stuff, but it is very straight forward. (From a programming perspective.) Nic