paulfromlamoni

Q: connect mac client to mac printer share across subnets

I need to share printers from a Mac.  I need to connect
Mac clients on different subnets to the Mac shared printers.  I installed
a Mac mini, connected to printers via HP JetDirect Socket (port 9100), and
shared them.  I was able to print from the Mac mini, and connect Mac
clients on the same subnet to the shared printers with Bonjour and print.
I moved the Mac mini to its intended location on another subnet.  I
immediately learned that Bonjour does not publish services across
subnets.  I could not find documentation on how to connect to a Mac shared
printer across subnets, but I did find some third party documentation (only some incomplete
documentation from Apple) on how to implement DNS-SD Service Discovery.  I
enabled DNS-SD and was able to publish the printer shares across subnets, but I
was still unable to connect to the printer shares from a Mac client.  I
found some third party documentation (none from Apple) on how to manually connect to a Mac
printer share by specifying the IP address of the server, specifying the CUPS
default IPP protocol, and the print queue name.  I was unable to connect
to the shared printers.  I receive ping replies from my Mac mini, and port
scan reveals that port 631 for IPP, CUPS default, is open.  Printer
sharing is configured so everyone can print. I am able to connect to the Mac
mini with VNC Screen Sharing.  I don’t see how this can be a network
issue.

 

Macs don’t seem to like to connect to our Windows
shared printers because of our PaperCut software, and connecting Mac clients to
Windows printer shares and authentication is beyond the average user,
exacerbated by Macs not behaving the same as Windows when bound to an Active
Directory domain.

 

I called Apple support, they escalated to Apple Enterprise
support.  Apple Enterprise support said they couldn’t help me beyond a
single network with no subnets, but Apple Engineering might be able to solve
the problem for $695.

 

Why do I need to pay $695 to learn how to connect Mac
clients to Mac shared printers, something that should be easy and intuitive and
have documentation readily available?  Windows printer sharing is easy and
intuitive and documentation is readily available, and services are published
across subnets without have to implement DNS-SD.

OS X Mavericks (10.9.4)

Posted on Sep 4, 2014 2:48 PM

Close

Q: connect mac client to mac printer share across subnets

  • All replies
  • Helpful answers

  • by paulfromlamoni,

    paulfromlamoni paulfromlamoni Sep 4, 2014 4:10 PM in response to paulfromlamoni
    Level 1 (0 points)
    Sep 4, 2014 4:10 PM in response to paulfromlamoni

    Please allow me to rephrase myself.

     

    Does anyone know how, or know someone who knows how to connect a Mac client running Mavericks 10.9.4 to printers shared by a Mac running Mavericks 10.9.4 on another subnet?  I have searched for documentation on the Internet with little success.  Apple Enterprise support is limited to one subnet.  Apple Engineering wants $695 for information.

     

    I can connect a Mac directly to any network printer across subnets.  Connecting Macs directly to network printers does not meet our needs.  We connect to Windows print servers now, but we need an alternative.

     

    A Mac client can connect and print to the shares when the Macs are on the same subnet.  The Mac sharing the printers can print when on the other subnet.  Our network allows ping replies and screen sharing between Macs.  Port scan from a Mac client shows port 631 (IPP, which is CUPS default) is open on the Mac sharing printers.  Port scan from a Mac client does not show port 515 (LPR, CUPS alternative) open.  I have implemented DNS-SD on our DNS server. Bonjour on any Mac or Windows can see the DNS-SD published shares.  I have tried to connect by specifying the server IP address, IPP protocol, and print queue name.  A Mac client does not seem to be able to connect to Mac shared printers across subnets.

  • by BobHarris,

    BobHarris BobHarris Sep 4, 2014 5:19 PM in response to paulfromlamoni
    Level 6 (19,272 points)
    Mac OS X
    Sep 4, 2014 5:19 PM in response to paulfromlamoni

    May I ask "Why" you have multiple subnets?

     

    If this is just an accident of having multiple WiFi access pointers which have not been put into "Bridge" mode, then it would be easier to have 1 subnet.

     

    If this is intentional, then I think your only choice is to print via IP addresses assuming your routers will access non-routing IP addresses across a home router.  192.168.*.*, 10.*.*.*, and 172.16.*.* to 172.32.*.* address are not routable IP addresses, just like Bonjour does not cross a subnet boundary.

     

    Again, if you can have a single subnet, it would be easier all around.

  • by paulfromlamoni,

    paulfromlamoni paulfromlamoni Sep 5, 2014 11:30 AM in response to BobHarris
    Level 1 (0 points)
    Sep 5, 2014 11:30 AM in response to BobHarris

    I am not a network specialist, so I didn't get to decide this, but this is definitely no accident.  We are a large organization on a campus with several buildings.  Some subnets are determined by the building, some subnets are determined by the function of the devices on it (servers, printers, etc.), and some subnets are determined by the level of security (public Internet access, administration, etc.).  We operate a Wide Area Network, so some subnets are in different cities.  Most of it is not wireless, but we have at least four wireless subnets in each city, each with multiple Wireless Access Points.  Their may be 89 subnets with potentially 254 addresses per subnet.  Our network specialists are very aware of what is routable and what is not.

  • by paulfromlamoni,Solvedanswer

    paulfromlamoni paulfromlamoni Sep 5, 2014 11:58 AM in response to greg sahli
    Level 1 (0 points)
    Sep 5, 2014 11:58 AM in response to greg sahli

    Thank you for your reply.  I followed the instructions in the sybaspot.com site and in some of the included references to set up DNS-SD.  DNS-SD worked, but I couldn't connect the Mac client to the Mac shared printers.

     

    I also found http://www.papercut.com/products/ng/manual/ch-mac-printing-10-8-9.html#ch-mac-pr inting-10-8-9-sharing-printers.

     

    I expanded my search and found this: http://support.apple.com/kb/PH13940, last modified May 8, 2014.  I started work on my project February 2014.  Apple Support could have told me about this document.

     

    PH13940 says: "The computers must be on the same local network as your Mac".  Apple must not consider multiple subnets one network.

     

    PH13940 says: "Printer sharing is for printers attached directly to your Mac. You don’t need to share network printers, because they are already shared on the network."

     

    Apple must define "network printers" as any printer with a network interface.  Microsoft defines network printers as printers shared by another computer.  TCP/IP ports are local ports on a Windows computer, so TCP/IP connected printers are local printers that can be shared.  Multiple users on a Mac all see the same connected printers.  Multiple users on Windows all see the same local printers, but network printer connections can be different for each user.

     

    Apple must not see any value in accounting for printing and assigning the cost to the user or department.  We need to account for printing and cannot have any users bypassing the system by printing directly to printers.  I have created Access Control lists on the printers to limit connections to the specific IP addresses of our print servers.

     

    The documents about setting up DNS-SD and IPP connections must have assumed USB connected printers on a Mac.  The odd thing is that I was able to share a network printer from the Mac mini when the client Mac was on the same subnet.  Is PH13940 wrong?

     

    I am Microsoft Certified Systems Engineer 1999 and Apple Certified Technical Coordinator 2013.

  • by krwudtke,

    krwudtke krwudtke Apr 13, 2016 2:47 PM in response to paulfromlamoni
    Level 1 (0 points)
    Mac OS X
    Apr 13, 2016 2:47 PM in response to paulfromlamoni

    So Paul, I'm guessing that you got this to work since you marked it as solved. We have the same situation. Our network group wants to move all of the printers to a separate subnet and since we (the desktop support staff) will have to visit each mac to change the printers anyway (most are connected via IP address that will have to change), I want to move them to using mac shared printers instead. (And maybe we could then just send instructions to the users instead of visiting the desks since the driver and settings seem to get pulled from the "server".) Which parts of the links did you actually end up using? Did just DNS-SD do the trick or did more have to be done? I haven't read all of all 3 links.

     

    In relation, have you implemented separator pages on the mac print server? And if so, how? We have them turned on for many of our windows print queues so it would make sense to do the same for the queues served to the macs.

     

    Thanks,

    Kevin