FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-06-2008, 09:10 PM
Rainer Dorsch
 
Default Lenny CUPS server and etch CUPS client

Hello,

I have a lenny cups server and an etch cups client running here.

Unfortunately even browsing the printers does not work on the client.

The cups server has these entries in its error_log:

D [06/Jul/2008:23:07:21 +0200] cupsdAcceptClient: 9 from 192.168.2.1:631
(IPv4)
D [06/Jul/2008:23:07:21 +0200] cupsdReadClient: 9 POST /printers/ HTTP/1.1
D [06/Jul/2008:23:07:21 +0200] cupsdAuthorize: No authentication data
provided.
D [06/Jul/2008:23:07:21 +0200] cupsdSendError: 9 code=403 (Forbidden)
D [06/Jul/2008:23:07:21 +0200] cupsdCloseClient: 9



The client config is simple:

topsi:~# cat /etc/cups/client.conf
ServerName 192.168.1.10
topsi:~#

I append the server side config.

Does anybody else see a problem in the server config?

Is anybody else able to print from an etch cups client to a lenny cups server?

Thanks,
Rainer



Server side config:

blackbox:~# cat /etc/cups/cupsd.conf
#
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler. See "man cupsd.conf" for a complete description of this
# file.
#

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel debug

# Administrator user group...
SystemGroup lpadmin


# Only listen for connections from the local machine.
Listen localhost:631
Listen 192.168.1.10:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAllow 192.168

# Default authentication type, when authentication is required...
DefaultAuthType Basic
DefaultEncryption IfRequested

# Restrict access to the server...
<Location />
Order allow,deny
Allow localhost
Allow 192.169.2.*
</Location>

# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs
Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
# Order deny,allow
Order allow,deny
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
# Order deny,allow
Order allow,deny
</Limit>
</Policy>

#
#
blackbox:~#

--
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdorsch@web.de
jabber: rdorsch@jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 01:57 AM
"Brian McKee"
 
Default Lenny CUPS server and etch CUPS client

On Sun, Jul 6, 2008 at 5:10 PM, Rainer Dorsch <rdorsch@web.de> wrote:
> Allow 192.169.2.*
> </Location>

That looks weird when the rest of your file seems to be referring to a
192.168.1.0/24 subnet....

Brian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 02:00 AM
"Brian McKee"
 
Default Lenny CUPS server and etch CUPS client

> # Only listen for connections from the local machine.
> Listen localhost:631
> Listen 192.168.1.10:631
> Listen /var/run/cups/cups.sock

Oh - and I meant to point these lines out. It 1.10 is the server than
I believe it won't listen to your client. Try Port 631 instead of
those first two Listen lines and see if that works. You can of course
tighten that down further if you are inclined.

Brian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 09:09 PM
Rainer Dorsch
 
Default Lenny CUPS server and etch CUPS client

Am Montag, 7. Juli 2008 schrieben Sie:
> > # Only listen for connections from the local machine.
> > Listen localhost:631
> > Listen 192.168.1.10:631
> > Listen /var/run/cups/cups.sock
>
> Oh - and I meant to point these lines out. It 1.10 is the server than
> I believe it won't listen to your client. Try Port 631 instead of
> those first two Listen lines and see if that works. You can of course
> tighten that down further if you are inclined.
>

Brian,

thanks for your reply.

I do not see what is wrong with that, Listen specifies a (local) interface to
listen to:

http://www.cups.org/doc-1.1/sam.html#Listen

Nevertheless, I tried the Port directive and removed the first two Listen
directives and I saw no change at all (i.e. same error message in the
error_log):

D [07/Jul/2008:23:05:23 +0200] cupsdAcceptClient: 9 from 192.168.2.1:631
(IPv4)
D [07/Jul/2008:23:05:23 +0200] cupsdReadClient: 9 POST /printers/ HTTP/1.1
D [07/Jul/2008:23:05:23 +0200] cupsdAuthorize: No authentication data
provided.
D [07/Jul/2008:23:05:23 +0200] cupsdSendError: 9 code=403 (Forbidden)
D [07/Jul/2008:23:05:23 +0200] cupsdCloseClient: 9


Thanks,
Rainer


--
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdorsch@web.de
jabber: rdorsch@jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-07-2008, 09:23 PM
"Karl O. Pinc"
 
Default Lenny CUPS server and etch CUPS client

On 07/07/2008 04:09:13 PM, Rainer Dorsch wrote:

Am Montag, 7. Juli 2008 schrieben Sie:
> > # Only listen for connections from the local machine.
> > Listen localhost:631
> > Listen 192.168.1.10:631
> > Listen /var/run/cups/cups.sock


If this is OT, my apologies. I've not been following this
thread.

However, it appears there's mention of messing with cupsd.conf,
and I just struggled through trying to configure a cups server
on a headless box.

Rather than muck about in cupsd.conf, which only got me
trouble in my browser with messages that indicated I needed
to upgrade cups, I instead used ssh to tunnel ipp traffic
so that I could access the headless cupsd host via a
localhost address on the box where the browser lives.

On the box where you have your browser:

su - ; # be root
ssh -L 632:localhost:631 you@cupsserver.example.com

Then fire up your browser and go to:
http://localhost:632/

When you're done configuring, exit the ssh session.

I found a few links (printers) would take me back
to http://localhost:631/, the wrong url, but mostly
things worked fine and I was able to configure a cups
server on a box that does not run a browser.

Regards,

Karl <kop@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-08-2008, 06:39 PM
"Brian McKee"
 
Default Lenny CUPS server and etch CUPS client

On Mon, Jul 7, 2008 at 5:09 PM, Rainer Dorsch <rdorsch@web.de> wrote:
> I do not see what is wrong with that, Listen specifies a (local) interface to
> listen to:
> http://www.cups.org/doc-1.1/sam.html#Listen

Ahh... reading that link I see I didn't understand the Listen
directive correctly. Your setup isn't being affected by that.

> Nevertheless, I tried the Port directive and removed the first two Listen
> directives and I saw no change at all (i.e. same error message in the
> error_log):
>
> D [07/Jul/2008:23:05:23 +0200] cupsdAcceptClient: 9 from 192.168.2.1:631
> (IPv4)
> D [07/Jul/2008:23:05:23 +0200] cupsdReadClient: 9 POST /printers/ HTTP/1.1
> D [07/Jul/2008:23:05:23 +0200] cupsdAuthorize: No authentication data
> provided.

That word 'authentication' makes me think that's the next thing to look at.

Brian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-08-2008, 09:02 PM
Rainer Dorsch
 
Default Lenny CUPS server and etch CUPS client

Am Dienstag, 8. Juli 2008 schrieb Brian McKee:
> On Mon, Jul 7, 2008 at 5:09 PM, Rainer Dorsch <rdorsch@web.de> wrote:
> > I do not see what is wrong with that, Listen specifies a (local)
> > interface to listen to:
> > http://www.cups.org/doc-1.1/sam.html#Listen
>
> Ahh... reading that link I see I didn't understand the Listen
> directive correctly. Your setup isn't being affected by that.
>
> > Nevertheless, I tried the Port directive and removed the first two Listen
> > directives and I saw no change at all (i.e. same error message in the
> > error_log):
> >
> > D [07/Jul/2008:23:05:23 +0200] cupsdAcceptClient: 9 from 192.168.2.1:631
> > (IPv4)
> > D [07/Jul/2008:23:05:23 +0200] cupsdReadClient: 9 POST /printers/
> > HTTP/1.1 D [07/Jul/2008:23:05:23 +0200] cupsdAuthorize: No authentication
> > data provided.
>
> That word 'authentication' makes me think that's the next thing to look at.
>
> Brian

I am wondering if what I see is related to bug

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489892

Are there any working cups server configurations with a local network?

Regards,
Rainer

--
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdorsch@web.de
jabber: rdorsch@jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 10:31 PM
Rainer Dorsch
 
Default Lenny CUPS server and etch CUPS client

Problem solved:

I restarted from the cupsd.conf which came with the current cups package and
found that in a Limit directive the "Order allow,deny" is not a good idea.

Am Sonntag, 6. Juli 2008 schrieb Rainer Dorsch:
> * <Limit All>
> # * *Order deny,allow
> * * Order allow,deny
> * </Limit>


This is my working cupsd.conf:

blackbox:/etc/cups# cat /etc/cups/cupsd.conf
#
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler. See "man cupsd.conf" for a complete description of this
# file.
#

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel debug2

# Administrator user group...
SystemGroup lpadmin
#ServerAdmin rdorsch@web.de

# Only listen for connections from the local machine and the ethernet
Listen *:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
Order allow,deny
# Allow @LOCAL
Allow from 192.168.0.0/16
</Location>

# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs
Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
# Order allow,deny
</Limit>
</Policy>

#
#
blackbox:/etc/cups#


--
Rainer Dorsch
Lärchenstr. 6
D-72135 Dettenhausen
07157-734133
email: rdorsch@web.de
jabber: rdorsch@jabber.org
GPG Fingerprint: 5966 C54C 2B3C 42CC 1F4F 8F59 E3A8 C538 7519 141E
Full GPG key: http://pgp.mit.edu/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org