authentication failure / Require group fails

Viktor viktor at cs.rwth-aachen.de
Wed Jun 18 07:11:15 PDT 2008 

Hello,

I'm running cups 1.2.7 on debian etch, kernel 2.6.18-6-686.
Authentication for user and group is done via LDAP (running on a separate ldap-server), which works fine.
What I want to tell the server is:
only machines from subnets 137.226.114 and 137.226.116 may have access
users only may print when member of group student
only members of group Staff may administrate

Here is my cupsd.conf:
ServerName printserver.informatik.rwth-aachen.de
Printcap /var/run/cups/printcap
DefaultEncryption Required
<Location />
Order deny,allow
Deny From All
Allow From 127.0.0.1
Allow From 137.226.114.*
Allow From 137.226.116.*
Allow From 137.226.244.128
</Location>
<Location /admin>
Order deny,allow
Deny From All
Allow From 127.0.0.1
Allow From 137.226.114.*
Allow From 137.226.116.*
Allow From 137.226.244.128
Satisfy All
AuthType Basic
Require group Staff
</Location>
Timeout 30
SSLPort 443
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log
MaxLogSize 5m
PreserveJobHistory On
MaxJobs 100
ServerRoot /etc/cups
Browsing Off
===== End of cupsd.conf =====

But what happens is not what I expected:
After I created a ssl-certificate, I am able to access the web-interface via https://printserver:443. When clicking on "Administration", it appears a dialog for login. Giving a username from group Staff and the correct password, the authentication fails. Only root is accepted, and as root I can acces to all functions in /admin.

Here the output from /var/log/cups/access.log when user from Staff tries to access /admin:
137.226.116.89 - - [18/Jun/2008:15:14:40 +0200] "GET /admin/ HTTP/1.1" 401 0 - -

And here the output from /var/log/cups/access.log when root tries to login:
137.226.116.89 - root [18/Jun/2008:15:15:01 +0200] "GET /admin/ HTTP/1.1" 200 0 - -

It seems that cups did not recognize the username, but in fact I really don't know what is happening or why it doesn't work as expected.

What does I make wrong? Where must I search to find out how to make it work?

Please help! I'm quite discouraged. Thank you for any hint.

Viktor

More information about the cups mailing list