We have a network-wide CUPS server that offers authenticated printer access to all our campus users. We've been pretty disappointed with the way Mac clients handle bad printing authentication, though.
In any other authentication dialog, when a user types in a bad username or password, the window shakes briefly, allowing the user to re-enter. With printers, this isn't the case. It'll happily accept (and even save to the keychain, if specified) bad credentials. The authentication dialog is dismissed, and the user then has to deal with the print jobs showing up as "On hold (authentication required)". To get their job printed, they need to select it in the printer's queue, click "Resume", then re-enter appropriate credentials.
Is there a way to get failed printing authentication to work more intuitively for Mac OS X clients?
We're trying to support a BYOD environment, but our end users have been really confused by this. It's made even worse by the way it pre-populates the user's full login name (e.g. "Smith, John"), which tends to make them think to use their local machine passwords.
I don't know of a way to get the Mac to behave/respond differently natively, but you may have better luck writing a printer setup script that uses
lpadmin
where you can specify the printer/printer path as well as credentials. You could attempt to authenticate withlpadmin
(and-o auth-info-required=username,password
); not sure if there's any feedback to stdout when that commands executed though, and it also has to be run withsudo
.You can disable the pre-population (in OS X 10.5+ I believe) with:
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool NO
This alone may reduce the number of incorrect authentication attempts along with clear documentation on what credentials to use (I usually phrase it like, "use the same network username and password you use on your Windows computer at the office").