SMB vs HTTP vs HTTPS

So… more on printing. Alongside documenting the service (and cobbling a nice new stylesheet together to replace the old, somewhat kludgy one) I’ve been doing some work with a stopwatch on the relative speeds of SMB vs IPP/HTTP and IPP/HTTPS. The results are slightly unusual.

  • SMB – Printing from Ubuntu and OS X is under 10 seconds for most jobs.
  • IPP/HTTP – Very fast from Windows, but Ubuntu and OS X normally around the region of 30-40 seconds.
  • IPP/HTTPS – Very fast from Windows, but Ubuntu and OS X normally in the region of 15 minutes. Yes, minutes.

I really need to convince people that SMB is a viable solution and isn’t the massive security risk they seem to think it is. It’s faster, easier and more efficient, at least until I can work out how to make a *nix CUPS server talk to SafeCom.

IPP over HTTPS, the acronyms continue!

Following our massive success of printing using SMB, and being told it was a security hole we then evaluated IPP. IPP works fine, as long as we clobber it so that it works over HTTP.

Trouble is, of course, that HTTP isn’t secure. So we need to use HTTPS, which brings with it a whole new and exciting swathe of problems to deal with. Put simply – it doesn’t work at the moment.

I’m currently trying to break in to the server at the other end so that I can see what’s going on other than the cryptic messages which get dumped to the client. I strongly suspect that somebody has forgotten to tick a box, or that HTTP authentication is disabled or using the wrong realm.

It will work, I really mean it! Even if I have to rip apart CUPS and Kerberos and slam them together in a Frankenstein’s Monster of a print system with authentication to the AD (although I’d really rather not – CUPS is a mess internally and Kerberos would involve Yet Another Server).

Update: I managed to break into the server, admittedly by getting myself set as an admin. Once inside I discovered that as I suspected HTTP authentication was disabled entirely. A quick click to turn it on, set the default domain and realm, and force clients to use HTTPS. Job done.

Next up, documentation and implementation.

It’s coming…

Yes, it’s true. Printing from your own PCs – the #2 item on student surveys about IT for quite a while now – is just around the corner and should be open for use by Week 6 (just in time for all those lovely assignments), with a few caveats.

The University's SafeCom printers, working from my laptop.
The University's SafeCom printers, on my laptop.

Firstly, the initial offering will be ‘Windows only’. As in, Windows (XP, Vista and 7) will work properly and everything else will work after a fashion but be unsupported. This is because of a curious implementation of the protocol at Microsoft’s end which means that clients using CUPS (OS X and Linux, this is you) will print fine, but not know when printing has been done. Some systems such as Ubuntu will then helpfully try to print again, so if you don’t remember to manually clear your print queue then you’ll end up with 100 copies of those lecture slides and no credit. This is very much a work in progress, and I’m actively working on some alternatives to solve this problem. In the meantime, when this is released all OS X and Linux users make sure you follow the guides very, very carefully.

Continue reading “It’s coming…”