How to use Jamf Pro to deploy printers on managed Macs
This guide is for the Jamf Pro admin who wants to deploy print queues on managed macOS devices, such as MacBooks.
Prior to PaperCut NG/MF version 19.1, the easiest way to deploy PaperCut managed print queues to your macOS devices, is to use Mobility Print shared print queues. This article focuses on these environments.
If you’re interested in deploying printers with Jamf Pro to managed iOS devices, check out How to use Jamf Pro to deploy printers on managed iOS devices (iPhones and iPads).
Mobility Print takes care of:
- printer discovery
- provide authenticated printing
- enabling optional features such as Secure Print Release and Find-Me printing in PaperCut NG/MF.
Mobility Print is also flexible to work in any environment:
- virtually any printer model is supported
- user authentication can be done against directories like Active Directory, G Suite (Google Cloud Directory), Azure AD, manually created users in PaperCut NG/MF or custom sources
- support for small or very large networks spanning large geographical areas
- load balanced environments to support tens of thousands of users
With Jamf Pro, you get all the benefits of Mobility Print on your managed macOS devices, without the need for users to spend time opening a setup page to install their printers or for users to have admin rights.
To configure Mobility Print using Jamf Pro:
- Determine the script parameters
- Create your printer script
- Add your printer script to Jamf Pro
- Verify your deployment
Before you start
You need the following:
- Jamf Pro: 10.12.0+
- PaperCut NG/MF: 17.0.0+
- PaperCut Mobility Print: 1.0.2406+
- macOS 10.13 (High Sierra)
You need to be a:
- Jamf Pro administrator (or have relevant permissions) and should already have
- macOS clients managed by Jamf Pro
- existing, and appropriate groups in Jamf Pro.
- PaperCut NG/MF administrator (or have relevant permissions).
If you are new to PaperCut NG/MF, the easiest way to get up and running is to:
- Install PaperCut NG 40-day trial.
- In the Admin web interface, go to Enable Printing > Mobile & BYOD.
For versions earlier than 19.1, the Mobile & BYOD section can be found under the Options tab.
- Follow the steps to install and configure Mobility Print.
Determine the script parameters
- Log in to your PaperCut Mobility Print server. When logging in from the server console, this is usually https://localhost:9164
- Make note of the Hostname / Fully Qualified Domain Name (FQDN) displayed in the footer.
- Click Select Printers; then confirm that the print queue you want to deploy is listed as Published.
- Make a note of its name, for example “Find-Me”
Create your printer script
At a high level we will use a shell script, deployed via Jamf, that will:
- interrogate the PaperCut NG/MF Mobility Print server
- create an appropriate PPD (printer driver)
- create a print queue.
- Save (or download) the following script. You will need to paste it into the Jamf Pro console later.
#!/bin/bash mobilityhost=$4 name=$5 location=$6 info=$7 mobilityqueue="ipps://$mobilityhost:9164/printers/$name" # Make sure the print queue isn't already installed. lpstat -p $name &> /dev/null if [ $? == "0" ] then echo "$name already exists, exiting." exit 1 fi # CUPS & PaperCut Mobility Print prefer to use an AirPrint compatible driver. We can use inbuilt MacOS Binaries to build this file: # Make sure the binary exists. if [ -f /System/Library/Printers/Libraries/ipp2ppd ] then # Use ipp2ppd to build the appropriate PPD /System/Library/Printers/Libraries/ipp2ppd $mobilityqueue /tmp/$name.tmp > "/tmp/$name" if [ "$?" -ne "0" ]; then echo "ipp2ppd errored." exit 1 fi else echo "/System/Library/Printers/Libraries/ipp2ppd missing." exit 1 fi # Add the print queue. if [ -f /tmp/$name ] then lpadmin -p "$name" -E -v "$mobilityqueue" -i "/tmp/$name" -L "$location" -D "$info" -o auth-info-required=username,password -o printer-error-policy=retry-job if [ "$?" -ne "0" ]; then echo "lpadmin errored." exit 1 fi else echo "/tmp/$name is missing" exit 1 fi #CleanUp if [ -f /tmp/$name ] then rm /tmp/$name fi if [ -f /tmp/$name.tmp ] then rm /tmp/$name fi
Add your printer script to Jamf Pro
- Log in to your Jamf Pro instance, for example:
- Click the cog icon in the top left of the screen to open All Settings.
- In the left menu, click Computer Management; then click Scripts.
- Click + New.
- In Display Name, enter the name of your script.
- Click the Script tab.
- Paste the script you created in Create your printer script.
- Click the Options tab.
- Add the following four parameter names:
- Click Save.
- Navigate to Computers > Policies.
- Click + New.
- In Display Name, enter a name for your printer policy.
- In Triggers, select the events that will initiate the policy.
- In the left menu, click Scripts; then click Configure.
- Click Add next to the script you just created.
- In Parameter Values, enter the information that you collected in Determine the script parameters .
- MobilityHost: mobility.papercut.com
- QueueName: Find-Me
- Location: Melbourne
- Info: Find-Me
- Click the Scope tab.
- Deploy to the appropriate Target Computers and Target Users.
- Click Save.
Verify your deployment
Depending on your Jamf Pro environment, you may be able to trigger the deployment of your new PaperCut Mobility Print queue via the following command in a terminal (requires sudo access):
sudo jamf policy
Once the print queue is on your macOS client machine, open the PaperCut NG/MF admin interface then scroll down to the Real-time Activity display on the Dashboard tab. Here you will see any new jobs come in and what happens with them.
Error Policy for print queue
You might want to fine tune the user experience on a macOS client with the way errored print jobs are handled.
This is controlled in the script via the following command line argument:
The options available are defined by lpadmin’s capabilities as defined here: https://www.cups.org/doc/man-lpadmin.html
stop-printer may be more appropriate for some situations.
Prompting for passwords
As IPP/IPPS is an unauthenticated protocol. When using CUPS, PaperCut Mobility handles the authentication. This is controlled by the following command line argument:
You might want to change this to
negotiate, which in some scenarios may prompt for the username and password less.
Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our Support Portal for further assistance.