On Tue, 08 Mar 2016, Karl Forner wrote:
Hello,
On an ubuntu 14.04 box, freeIPA enrolled, I am no longer authorized to
administer cups via the web UI.
It used to work before the freeIPA enrollment and it works with a local
account, so I strongly suspect that it is related to freeIPA.
Steps to reproduce:
open http://localhost:631/admin
click on "Add Printer"
a popup opens asking for CUPS credentials.
If I type my credentials (freeIPA user), it fails.
From the /var/log/auth.log:
Mar 8 15:14:58 pyro cupsd: pam_unix(cups:auth): authentication failure;
logname= uid=0 euid=0 tty=cups ruser= rhost=localhost user=karl
Mar 8 15:14:58 pyro cupsd: pam_sss(cups:auth): Request to sssd failed.
Permission denied
M
I added many local groups to my freeIPA user:
(sys),4(adm),7(lp),27(sudo),109(lpadmin),
If I enter the credentials of a local account (non managed by freeIPA), it
works.
What's wrong ?
Just an idea:
You probably have AppArmor running and its default policy might prevent
cupsd to talk to sssd socket.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project