Moving a working Suse Linux CUPS PC to a newsubnet IP address

Paul McIlfatrick paul.mcilfatrick at bt.com
Tue Aug 28 04:22:49 PDT 2007 

> Sigh... nobody in this thread adviced you to do that. Instead, you have
> (amongst other things) been asked to try the following:
>
>   # Another shot into the dark:
>   #
>   # Your config is relying on the "@LOCAL" shortcut/macro. In case this
>   # one does not work as expected, you may want to try and replace it
>   # with multiple lines like
>   #
>   #   Allow From 10.230.197.*
>   #   Allow From 10.230.198.*
>   #   Allow From 10.230.199.*
>   #
>   # and restart cupsd.
>
>
> > Anything else that I can try?
>
> First try the above things. To make it even more explicit, and to re-
> move any potential ambigiousness, here is the config you should try:
>
> <Location />
>   # Allow remote administration...
>   Order allow,deny
>   #Allow @LOCAL
>   Allow From 10.230.197.*
>   Allow From 10.230.198.*
>   Allow From 10.230.199.*
>   Allow From 10.230.189.*
> </Location>
>
> <Location /admin>
>   AuthType BasicDigest
>   AuthClass Group
>   AuthGroupName sys
>   # Allow remote administration...
>   Order allow,deny
>   #Allow @LOCAL
>   Allow From 10.230.197.*
>   Allow From 10.230.198.*
>   Allow From 10.230.199.*
>   Allow From 10.230.189.*
> </Location>
>
> <Location /admin/conf>
>   AuthType Basic
>   Require user @SYSTEM
>   Order allow,deny
>   #Allow @LOCAL
>   Allow From 10.230.197.*
>   Allow From 10.230.198.*
>   Allow From 10.230.199.*
>   Allow From 10.230.189.*
> </Location>

Added the above to the cupsd.conf and it did not change anything as we were still able to access the http://printhost:631/ CUPS admin page from any PC which is on the same 10.230.199.x subnet as the CUPS PC but the Windows server on the 10.230.189.x subnet still gets the '403 Forbidden' message when trying to access this page.

BTW on Friday last, I commented out @LOCAL and I found that everyone was unable to view the printers available in CUPS by issuing the \\printhost command on their PCs and also my team was not able to access any printers within the admin page. Restoring @LOCAL re-enabled everyone but showed that all our subnets (10.230.189.*, 10.230.197.*, 10.230.198.*, 10.230.199.*) are covered by @LOCAL.

The http://printhost:631/ CUPS admin page can only be accessed from a PC that is on the same subnet as the CUPS PC but we want to change this to allow PCs on other subnets to access this page.


Thanks


Paul McIlfatrick

More information about the cups mailing list