authentication failure / Require group fails
Viktor
viktor at cs.rwth-aachen.de
Fri Jun 20 01:15:07 PDT 2008
> Viktor wrote:
> >>> AuthType Basic
> >>> Require group Staff
> >> Run the following command:
> >>
> >> grep Staff /etc/group
> >>
> >> If the command above returns empty, there's your problem.
> >
> > authentication on the printserver is done via LDAP, for users and for groups. So, this command returns an empty line, because the group Staff only exists in the LDAP-database and not in /etc/group.
> >
> > Does cups only look in /etc/group for members of groups, or does cups also ask the LDAP-server?
>
> CUPS uses getgrnam(), which (on Linux) uses nsswitch.conf to determine
> where to get groups. Make sure the groups line in that file includes
> LDAP.
Here the concerning entries of my /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap
Just out of desperation I changed these entries:
passwd: ldap files
group: ldap files
shadow: ldap files
No change in the behaviour of cups.
Now I am really confused. When I log in into the system as a user authentication works fine. Only authentication through cups does not work.
All I see in the logs is that cups doesn't know the user's name while authentication:
in error_log:
d [19/Jun/2008:13:08:03 +0200] cupsdIsAuthorized: username=""
in access_log:
137.226.116.89 - - [19/Jun/2008:13:05:51 +0200] "GET /admin HTTP/1.1" 401 0 - -
137.226.116.89 - - [19/Jun/2008:13:06:08 +0200] "GET /admin HTTP/1.1" 401 0 - -
In my message http://www.cups.org/newsgroups.php?s16385+gcups.general+v16387+T0 I posted the logs of the whole context of one login attempt.
Does anyone know where I can search for the cause?
Thank you,
Viktor
More information about the cups
mailing list