Disclaimer: This is not an official guide and in no way represents best practices for FreeIPA. It is ugly and involves the digital equivalent of bashing on screws with a hammer. Having said that, when nobody has invented the right screwdriver yet, sometimes you just have to hammer away.

First, some history. We’ve been running separate DHCP, DNS and LDAP servers since we switched from static IP addresses and a Windows NT domain somewhere around ten years ago. The DHCP server was loosely connected with the DNS server, and I had written this beautifully complex (read: messily unreadable) script that would allow you to quickly add a system to both DHCP and DNS. A few months ago, we migrated all of our users over to FreeIPA, and I started the process of migrating our DNS database over. Unfortunately, this meant that our DHCP fixed addresses were being configured separately from our DNS entries.

Last week I investigated what it would take to integrate our DHCP leases into FreeIPA. First I checked on the web to see if something like this had already been written, but the closest thing I could find was a link to a design page for a feature that’s due to appear in FreeIPA 4.x.

So here’s my (admittedly hacky) contribution:

1. sync_dhcp – A bash script (put in /srv, chmod +x)that constantly checks whether the DNS zone’s serial number has changed, and, if it has, runs…
2. generate_dhcp.py – A python script (put in /srv, chmod +x) that regenerates a list of fixed-addresses in /etc/dhcp/hosts.conf
3. dhcpd.conf – A sample dhcpd.conf (put in /etc/dhcp) that uses the list generated by generate_dhcp.py
4. sync-dhcp.service – A systemd service (put in /etc/systemd/system) to run sync_dhcp on bootup
5. make_dns – A script (chmod +x) that allows the sysadmin to easily add new dns entries with a mac address

sync_dhcp does need to know your domain so it knows which DNS zone serial to check, but other than that, the first four files should work with little or no modification. You will need to create a dnsserver user in FreeIPA, give the user read access to DNS entries, and put its password in /etc/dhcp/dnspasswd (readable only by root).

make_dns makes a number of assumptions that are true of our network, but may not be true of yours. It first assumes that you’re using a 10.10.0.0/16 network (yes, I know that’s not right; it’s long story) and that 10.10.9.x and 10.10.10.x IPs are for unrecognized systems. It also requires that you’ve installed freeipa-admintools and run kinit for a user with permissions to change DNS entries, as it’s just basically a fancy wrapper around the IPA cli tools.

Bent Screw Hole Backyard Metal Macros by Steven Depolo used under a CC BY 2.0 license

<tl;dr> There is a decent cups print driver for Canon copiers if you don’t mind using proprietary software and making some manual changes </tl;dr>

Recently, our school got a couple of Canon copy machines that can be configured as network printers, but up until a month ago we only used them as copy machines. Last month, I started the process of getting them configured to print using CUPS, and, in the process, learned a bit about the printers and a lot about how CUPS works.

The first problem I ran into is that Canon’s printer drivers aren’t open source, which led to some crazy problems finding the correct drivers. It turns out that Canon produces two cups print drivers, the first which prints using Canon’s proprietary UFR-II, and the second which prints using PCL or PXL. Both drivers are a pain to find, but once found, install in a halfway-reasonable way.

I was interested to find that the UFR-II driver left some odd shading any time I printed a graphic. The cups test page had a weird gradient in the middle where I’ve never seen a gradient before, and PDFs would print with the same strange gradient. The PCL/PXL driver also had the gradient, but, after mixing a few options (Image Refinement – On, Line Refinement – On, Halftones – High HighResolution), it almost completely disappeared.

The other nice thing about the PCL/PXL driver is that it’s actually mostly using the built-in (open source) tools already available in cups, and the only proprietary parts (at least as far as I can see) are the PPD itself and a small program that adds the extra print options (like double-sided printing, stapling, etc) to the PCL print job. Given all that, I figured there wasn’t much point in sticking with the UFR-II driver, and started working with the PCL/PXL driver.

However, on using the driver, I ran into some other strange problems. The first was that the cups page log didn’t actually show any information on some of the print jobs. After poking at the PPD, I discovered that if an incoming job is PDF, the print driver can’t count the pages, while if it’s PostScript the driver can. That was an easy fix. To force cups to convert incoming PDF jobs into PostScript before passing them to the driver, in the PPD delete the following lines:

*cupsFilter:       "application/vnd.cups-pdf 0 foomatic-rip"
*cupsFilter:       "application/vnd.apple-pdf 25 foomatic-rip"

The second problem was a bit more subtle. Let’s imagine that I want to print a four-page test… 30 times, because I have 30 students in my class. I go to the print dialog, select the staple option, ask for 30 copies, and send it to print. Out of the copier come 120 pages… and one staple. The Canon driver will only staple it once because it’s one job. Because, obviously, if you’re printing 30 copies of the same job, you must want them to be stapled together.

Fortunately, the Canon driver does support an extra “Repeat job” count that you can use in place of the copy count. If you set the “Repeat job” count to 30 and leave the copy count at 1, it will print 30 four-page tests, with each test stapled separately. Unfortunately, this feature is in the advanced settings, while the copy count is sitting right there in the print dialog.

So I wrote a wrapper script for the Canon driver that automatically sets the “Repeat job” count to the copy count, and then sets the copy count to 1. Now the teachers can turn on stapling and set the copy count to whatever they want, and it will print as expected. You do have to change the *FoomaticRIPCommandLine line to say:

*FoomaticRIPCommandLine: "sicgsfilter-autonumpages &user; "&title;" "%A" "%B" "%C" "%D" "%E" "%F" "%G" "%H" "%I""

I also went to the trouble of stripping out a bunch of unused options from the PPD, to make sure that they don’t appear when the teachers are going through the print options.

So now we have Canon copiers that are functioning great as printers, and our teachers love it!