On Tue, 08 Mar 2016, Karl Forner wrote:

On an ubuntu 14.04 box, freeIPA enrolled, I am no longer authorized to
administer cups via the web UI.
It used to work before the freeIPA enrollment and it works with a local
account, so I strongly suspect that it is related to freeIPA.

Steps to reproduce:
open http://localhost:631/admin
click on "Add Printer"
a popup opens asking for CUPS credentials.
If I type my credentials (freeIPA user), it fails.

From the /var/log/auth.log:
Mar  8 15:14:58 pyro cupsd: pam_unix(cups:auth): authentication failure;
logname= uid=0 euid=0 tty=cups ruser= rhost=localhost  user=karl
Mar  8 15:14:58 pyro cupsd: pam_sss(cups:auth): Request to sssd failed.
Permission denied

I added many local groups to my freeIPA user:
If I enter the credentials of a local account (non managed by freeIPA), it

What's wrong ?
Just an idea:
You probably have AppArmor running and its default policy might prevent
cupsd to talk to sssd socket.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to