Chapter 28. Managing Guests and Internal Users

Table of Contents

Internal Users (users managed by PaperCut NG)
Implementation by Example
Internal Users Options
Changing Internal User Passwords
Batch Internal User Import and Update

PaperCut NG is designed to keep user management simple and automated by synchronizing against an external user directory source such as Active Directory, Open Directory, eDirectory or LDAP. This simplifies administration of the system by avoiding the need to manage a separate database of users, passwords, user details and groups. Synchronizing against a user directory is the recommended way to manage user accounts, and ensures:

The first option should always be to manage users in a user directory, but there are some situations where this is not possible or not ideal, for example:

For these situations, PaperCut NG provides the internal users feature. The following section discusses how to get started with the internal users feature, and how to configure it to suit your environment. Internal users are best thought of as user accounts that only exist inside PaperCut NG and are independent of the domain, network or operating system.

Internal Users (users managed by PaperCut NG)

The internal users feature allows management of users inside PaperCut NG, removing the need to create or manage them in an external user directory. There are several ways the feature can be utilized:

  • Selected staff can be given access to create internal user accounts. This gives staff control over who can receive a new account, preventing the creation of unwanted accounts (e.g. with offensive usernames).

  • Users can be given the ability to create their own internal accounts via a web based registration form. This can be useful for providing guests the ability to register their own accounts and begin printing immediately, removing the need for staff intervention.

  • Administrators can create a new batch of internal users via a text based file import. This can be used to import or update a set of users that are managed separately to the regular domain users. For more information about the internal users batch import and update feature, see the section called “Batch Internal User Import and Update”.

The following sections present several different environments and how the internal users feature can be used to accommodate them. For information about specific configuration, the section called “Internal Users Options” provides full details about each available option.

Implementation by Example

Scenario One: Manually Managed Guest Accounts

North Shore University has a campus that occasionally hosts students from other universities. These guest students do not have a login in the universities domain, and it is considered too much effort to go through "official channels" to create one for them.

The administrator would like to provide selected staff the ability to create PaperCut NG accounts for these guest students as needed. To go about this, the administrator performs the following:

  1. The guest students are first provided with access to computers or network resources using the generic login guest, password guest.

  2. The generic guest login is marked as Unauthenticated using the PaperCut NG administration interface. This option is available on the user's details page.

  3. Navigates to OptionsUser/Group SyncInternal User Options.

  4. Checks the Enable internal users option, and under Access control selects Only admins can create users.

  5. The Confirmation message is tailored to provide relevant information such as how to log in.

  6. Presses Apply.

  7. PaperCut NG administrator access is assigned to the staff who will be responsible for creating the new student guest accounts. The administrator right Create internal users is required for this purpose. For more information about assigning administrator rights see the section called “Assigning Administrator Level Access”.

  8. Ensures that the PaperCut NG client software is running on workstations where guest printing will be allowed.

The system is now configured to allow selected staff the ability to create internal accounts for the guest students. When a guest student prints from the generic guest login, the PaperCut NG client tool will display the authentication popup. This will allow them to enter their personal username and password, assigned by the administrator when registering their internal user account.

Staff can create an internal user account for a guest student as follows:

  1. Log into the PaperCut NG administration interface, and select the Create internal user... action from the Actions menu of the Users tab.

  2. Complete the from and press Register.

Scenario Two: Automated Guest Management (self-registration)

West Face College is a large community college that regularly has members of the public visiting to use the library resources.

It is not feasible to create a domain login for every visitor, and manually creating an internal user account for each guest would require too much time of the administrators or staff, so the decision is made to automate the process and allow guests to register their own internal user accounts.

To set up the internal users feature and allow guest self-registration, the administrator performs the following:

  1. The guests are first provided with access to computers or network resources using the generic login guest, password guest.

  2. The generic guest login is marked as Unauthenticated using the PaperCut NG administration interface. This option is available on the user's details page.

  3. Navigates to OptionsUser/Group SyncInternal User Options.

  4. Checks the Enable internal users option, and under Access control selects Users can register their own account.

  5. Checks Display registration links on login screens so that users will have easy access to the registration interface.

  6. Changes the Link text to Guests click here to register, to provide a better clue for guests.

  7. Adds more information about the organization's printing policy, how to access printing resources, etc. under Additional registration instructions. A note is also added to specify that only guests need to register to access printing resources - students or users with existing accounts do not need to register.

  8. Presses Apply.

  9. Ensure that the PaperCut NG client software is running on workstations where guest printing will be allowed.

  10. Creates an information sheet for guests, providing instructions about how to register, how to print, and where to find additional help. Most people will not need this kind of information to work out how to use the system for themselves, but some people appreciate step-by-step instructions.

The system is now configured to allow guests to register their own internal user accounts. When a guest user prints from the generic guest login, the PaperCut NG client tool will display the authentication popup. This will allow them to enter their personal username and password, chosen when registering their internal user account.

For a guest to create an internal user account, they must:

  1. Click the Register as a New User link on a login screen (the web interface login screen, or on the authentication popup), or access the registration web interface directly at http://[server-name]:9191/register.

  2. Complete the from and press Register.

Scenario Three: Managing Users in a Non-Domain Environment

Southmark Inc. is a medium sized ten person real estate office service the local area. Their network consists of a mix of Windows XP and Windows Vista workstations connected to a workgroup based network. No user directory / domain exists, and setting one up is not a current priority. They would like to take control of their printing costs and volumes, and use PaperCut NG to identify the amount of printing performed by each staff member.

Because no user directory exists, PaperCut NG will be used to maintain user accounts, details and passwords for all staff. To set this up, the administrator performs the following:

  1. Navigates to OptionsUser/Group SyncInternal User Options in the PaperCut NG administration interface.

  2. Ensures that the Enable internal users option is enabled.

  3. Removes (sets to blank) the value for Prefix usernames with:. There is no need for an internal username prefix, because all users will be internal!

  4. Collects a chosen username and password from each staff member. This is used to construct a batch import file, using the format specified in the section called “Batch Internal User Import File Format”.

  5. Imports the batch file into PaperCut NG using server-command to create a new internal user account for each staff member, following the directions in the section called “Batch Internal User Import and Update”.

  6. Follows the directions in the section called “User Client Deployment” to deploy the client software to each workstation in the office.

  7. When staff send print jobs from their workstations, they arrive at the print server under the generic guest username. The administrator marks this generic account as Unauthenticated using the PaperCut NG administration interface. This option is available on the user's details page.

The batch of internal user accounts has now been imported, ready for the staff to use them. When a staff member next sends a print job, the PaperCut NG client tool will display the authentication popup. This will allow them to enter their personal username and password, provided to them on arrival, having been assigned by the administrator in the batch import file.

Internal Users Options

The options for configuring internal users are located at OptionsUser/Group SyncInternal User Options in the administration interface.

Internal users options

Figure 28.1. Internal users options

The available options are:

  • Enable internal users - enables or disables the feature in general. If the feature is disabled, internal users will not be able to be created.

  • Access control - determines who may create internal users. The available options are:

    • Users can register their own account - A web based interface will be available for users to register their own account. This allows users to register their own accounts without intervention from staff or administrators.

      Web based internal user registration interface

      Figure 28.2. Web based internal user registration interface

    • Only admins can create users - Only administrators will be able to create users via the PaperCut NG administration interface. For information about delegating this access to additional users see the section called “Assigning Administrator Level Access”.

      Creating an internal user from the administration interface

      Figure 28.3. Creating an internal user from the administration interface

  • Display registration links on login screens - When enabled, PaperCut NG login screens will display a Register as a New User link. Clicking this link takes the user to the web based registration interface, allowing the user to create their own internal user account. If disabled, registration links will not appear, and users may only access the web based registration interface by navigating to the URL at http://[server-name]/register.

    Login screen showing the registration link

    Figure 28.4. Login screen showing the registration link

  • Link text - The text used for registration links on login screens. The default link text is Register as a New User. An example of alternate link text might be Guests click here to register.

  • Additional registration instructions - This option allows providing additional instructions to users when registering, and are displayed above the web based registration form. Specific instructions will vary from site to site, but could include information such as how to log in and print, how to add credit to their account, or where to find additional help.

  • User must enter an email address - Enable this option to require that the user enters an email address. If disabled, entering an email address is optional.

  • Allow user to choose their own identity number - If enabled, the user will be able to enter/choose their own identity number. The chosen identity number must be at least 6 digits, and must be unique. If disabled, a unique identity number will be automatically generated for the user. Identity numbers may be used for logging into some devices where only a numeric keypad is available.

  • Allow user to choose their own ID PIN - If enabled, the user will be able to enter/choose their own ID PIN. The chosen PIN must be at least 4 digits. If disabled, a random PIN will be automatically generated for the user.

  • Prefix usernames with: (optional) - This prefix will be applied to the username of all users registering via the web based interface. E.g. if a user chooses the name john, and the username prefix is guest-, their allocated username will be guest-john. This prevents name clashes with existing or future users from the configured user/group sync source, and immediately identifies the user as being internal.

  • Confirmation message - This message is displayed to the user after they have completed registration. It may also be emailed to the user (see next option).

  • Also email confirmation message to user - If this option is enabled the confirmation message will be emailed to the user after registration (if an email address was provided).

Tip

  • An alternative to the PaperCut NG client tool's authentication popup is to use a print release station in Release Any mode. After ensuring that guest users have their own internal account, this will allow users to submit a print job under a guest/generic login, then authenticate at the release station and choose which job(s) they would like to release. For more information about setting up a release station see Chapter 10, Hold/Release Queues & Print Release Stations.

  • To delete an internal user, navigate to their User Details page in the administration interface by clicking on the user in the User List, then select the Delete user item from the Actions list. The domain/network-level User and Group Synchronization settings and opperations do not affect and will not delete internal users.

  • The special [Internal Users] group contains all internal users. It can be used to produce reports showing information about internal users, or to apply a bulk user operation on all internal users.

Changing Internal User Passwords

When using the Internal User functionality of PaperCut NG, there may be a need for the Internal User to change their password. This can be done by users and administrators.

  • Administrators can reset the password via the users details page in the PaperCut NG Application Server Administration Console. There is a "Change Password Link" located near the Internal User Settings heading.

    Changing an internal user password from the administration interface

    Figure 28.5. Changing an internal user password from the administration interface

  • The Internal User can reset their password via the User Web pages by clicking on Change Details.

    Changing an internal user password from the user web page

    Figure 28.6. Changing an internal user password from the user web page

    Tip

    Administrators can turn on or off the ability for Internal Users to change their password by using the Config Editor and modifying the key: internal-users.user-can-change-password

Batch Internal User Import and Update

This section covers the batch importing and updating of internal users. Internal users are managed internally by PaperCut NG, and may be used in addition to those in the configured user directory source. For more information about internal users see the section called “Internal Users (users managed by PaperCut NG)”. For information about importing and updating regular users see the section called “Batch User Data Import and Update”.

The batch internal user import and update feature allows the administrator to import users, user information and optionally update existing internal user details by reading data from a simple text file. In addition to being able to create internal users, it enables administrators to update the following user data:

  • Password

  • Credit balance

  • Restriction status

  • Full name

  • Email address

  • Department

  • Office

  • Card/ID Number

  • Card/ID PIN

  • Notes

Important

An internal user can be deleted by selecting the Delete user action while viewing the user. Features to simplify the deletion of multiple users (a 'batch delete') will be introduced in a future version.

Examples of where the batch user import feature is useful include:

  • Several guests to the organization will be arriving at the same time and will require their own accounts in PaperCut NG.

  • A set of users needs to be managed separately / externally to the existing user directory source. For example, the users of a certain computer lab require their own accounts in PaperCut NG, but it is not possible to create accounts for them in the existing user directory.

  • Details for existing internal users needs to be updated.

To perform a batch internal user import:

  1. Manually inspect your file in a text editor and ensure it's in the prescribed tab-delimited format as detailed at the section called “Batch Internal User Import File Format”.

  2. Follow the directions in the section called “Server Commands (server-command)” to run the server-command batch-import-internal-users.

    For example, to import/update internal users from a file import.tsv on a Windows system:

    C:\> cd "C:\Program Files\PaperCut NG\server\bin\win"
    server-command batch-import-internal-users "C:\extra users\import.tsv"
                                

    Note that the import path should be quoted if it contains spaces.

  3. The import process will start running in the background. See the App. Log tab in the administration interface to check the status of the import or if any errors were encountered.

Caution

Batch imports are a major operation, modifying data en masse. Best practice suggests:

  • Always run a backup before proceeding with the import.

  • First experiment/test the import process with a small batch of users before moving onto the full batch.

Batch Internal User Import File Format

The import file is in tab delimited format and contains the following fields in the given order:

No.FieldDescriptionOptional?Limitations

1.

Username

The internal user's username. If the policy is to use a username prefix for internal users, include the prefix here (e.g. guest-user123).

Mandatory

Max. 50 characters

2.

Password

The user's password

Optional - although internal users cannot log in without a password

3.

Credit Balance

The user's credit balance

Optional - balance not set if blank

A number with no currency symbol or separators, using a full stop for the decimal separator.

Correct: 1.23

Incorrect: $1.23 or 1,23 or 1,023.00

4.

Restricted Status

The user's restricted status. (Y/N)

Optional - restricted status not set if blank

5.

Full Name

The user's full name

Optional - full name not set if blank

Max. 255 characters

6.

Email

The user's email address

Optional - email not set if blank

Max. 255 characters

7.

Department

The user's department or faculty

Optional - department not set if blank

Max. 200 characters

8.

Office

The user's office or location

Optional - office not set if blank

Max. 200 characters

9.

Card/ID Number

The user's identity/card number

Optional - card/id number not set if blank

Max. 200 characters, case insensitive

10.

Card/ID PIN

The user's card PIN number

Optional - card/id PIN not set if blank. If the field is '-' then the PIN is set to zero.

Max. 20 digits

11.

Notes

Notes about the user.

Optional - notes not set if blank

Max. 2000 characters

Table 28.1. Internal User Import File Format

Other limitations: Although any actual limit to the size of an import file should be large enough for any purpose, we recommend keeping the file size below 10MB.

Tip

  • If an optional field is not specified in the import file then it will not be updated. To remove or "blank out" an existing value, use a single "-" (hyphen / dash).

  • A simple way to create a tab delimited file is to create a spreadsheet in Microsoft Excel, then save it in the Text (Tab delimited) format.

For some examples of using tab-delimited files, see the section called “Import File Format Examples”.