Re: [opensuse-factory] 10.3 Alpha3 cups problem

Mon, 16 Apr 2007 06:45:26 -0700 

Klaus Singvogel wrote:

I doubt it's a bug; very likely a configuration issue only.

Please check your cups configuration, and configure it in that way
that remote people (even the attackers?) are allowed to print to your
local attached printers.

No, I don't have enough time to explain the cups system (and the
required configuration) to you now. Sorry.

Regards,
        Klaus.
My cups config is set up to accept connections from hosts on the LAN, the broadcast is seen and the printers are recognised by the other systems on the LAN, e.g: On the remote, fresh install of 10.2 x86_64 and upgraded to 10.3 Alpha3 from factory: barrabas is the local system with the USB printers attached and Boycie is one of the x86_64 systems on the LAN. 
I even tried explicitly setting up "AllowUser" for printers.conf.

Boycie:~ # lpr .bash_history
Boycie:~ # lpq
photosmartc4100serie is ready
Rank    Owner   Job     File(s)                         Total Size
active  root    1       .bash_history                   1024 bytes
Boycie:~ # lpq -P deskjet840c
deskjet840c is ready
no entries

Boycie:~ # lpr -P deskjet840c .bash_history
Boycie:~ # lpq -P deskjet840c
deskjet840c is ready
Rank    Owner   Job     File(s)                         Total Size
active  root    2       .bash_history                   1024 bytes


On the local:-
barrabas:/usr/src/linux-2.6.21-rc7 # lpq
photosmartc4100serie is ready
no entries
barrabas:/usr/src/linux-2.6.21-rc7 # lpq -P deskjet840c
deskjet840c is ready
no entries
I've used YaST to setup the local cups so that it's queue should be enabled to remotes. It all used to work when all boxes were at 10.2, then I upgraded the x86 box to 10.3 Alpha with no change in the cups config and the problem arose that the 2 x86_64 boxes are not able to access either of the two printers. I can't find an answer as to why access_log says "successful" and error_log says "Forbidden". 
cupsd.conf
==========
#
# "$Id: cupsd.conf.in 5454 2006-04-23 21:46:38Z mike $"
#
#   Sample configuration file for the Common UNIX Printing System (CUPS)
#   scheduler.  See "man cupsd.conf" for a complete description of this
#   file.
#
ServerName barrabas.site

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel info

# Administrator user group...
SystemGroup sys root

# Only listen for connections from the local machine.
Listen *:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAllow 192.168.10.0
BrowseAddress @LOCAL
# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
Order allow,deny
Allow From localhost
Allow From 127.0.0.2
Allow From @LOCAL
</Location>

# Restrict access to the admin pages...
<Location /admin>
Encryption Required
Order allow,deny
Allow From localhost
Allow From 192.168.10.0/24
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow From localhost
Allow From 192.168.10.0/24
</Location>
# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an adminstrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription G et-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> 
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an adminstrator to authenticate... <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUP S-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default> 
AuthType Basic
Require user @SYSTEM
Order allow,deny
</Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order allow,deny
</Limit>
</Policy>

#
# End of "$Id: cupsd.conf.in 5454 2006-04-23 21:46:38Z mike $".
#

printers.conf
=============
# o /etc/cups/printers.conf
# Printer configuration file for CUPS v1.2.10
# Written by cupsd on 2007-04-14 01:54
<Printer deskjet840c>
Info HEWLETT-PACKARD DESKJET 840C
Location USB printer on //HP/DESKJET%20840C?serial=HU05V1T104KV
DeviceURI usb://HP/DESKJET%20840C?serial=HU05V1T104KV
State Idle
StateTime 1159628529
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
</Printer>
<DefaultPrinter photosmartc4100serie>
Info HP Photosmart C4100 series
Location USB printer on //HP/Photosmart%20C4100%20series?serial=MY6CMH72JX04J7 
DeviceURI usb://HP/Photosmart%20C4100%20series?serial=MY6CMH72JX04J7
State Idle
StateTime 1176471730
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
AllowUser [EMAIL PROTECTED]
AllowUser [EMAIL PROTECTED]
OpPolicy default
ErrorPolicy stop-printer
</Printer>

Regards
Sid.


Sid Boyce wrote:
This problem was also seen in Alpha2 factory. Local printing works, remote doesn't from 2 x86_64 10.2 boxes. 
/var/log/cups/error_log shows on every attempt
E [14/Apr/2007:01:56:39 +0100] Get-Printer-Attributes: Forbidden
E [14/Apr/2007:01:56:39 +0100] Get-Printer-Attributes: Forbidden
E [14/Apr/2007:01:56:46 +0100] Get-Printer-Attributes: Forbidden
E [14/Apr/2007:01:56:49 +0100] Get-Printer-Attributes: Forbidden
E [14/Apr/2007:01:56:49 +0100] Get-Printer-Attributes: Forbidden

/var/log/access_log shows on every attempt
192.168.10.5 - - [14/Apr/2007:02:00:54 +0100] "POST /printers/photosmartc4100serie HTTP/1.1" 403 289 Get-Printer-Attributes successful-ok
remote lpq says printer is ready, no print is spooled, "lpr filename" simply doesn't print or spool. I set up the remotes to use the local print queue and the printer issues ipp broadcasts. remote access is enabled. At some stage earlier in 10.3 Alpha there wasn't a problem. think cups 1.2.7 (???) was installed when I first had it happen, same at 1.2.10-2. The 10.2 x86_64 boxes are at cups 1.2.7-12.1. 

Can cups 1.2.7 print to a server running 1.2.10? I've tried everything.

I have to check bugzilla to see if it has been reported.
Regards
Sid.
--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach 
Microsoft Windows Free Zone - Linux used for all Computing Tasks

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach 
Microsoft Windows Free Zone - Linux used for all Computing Tasks

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to