lpadmin and lprm will not work without a password

Rob Parenti rparenti at mdc.edu
Wed Dec 14 05:50:17 PST 2011 

Michael, Thank you.  That fixed it.

I had mis-configured client.conf.  Even though I had specified itself as the server, it treated it as a remote server, as you suggested.  It works perfectly now.

Regards
Rob

> On Dec 13, 2011, at 2:17 PM, Rob Parenti wrote:
> > I connect the same way on my production system. Logged in as root over ssh.
> >
> > I used the vmware console, thinking that would be as local as I could get, and gave it a try with the same results.
> >
> > I changed the AuthTypes to Basic, intending to use local Unix credentials.  No go.
> >
> > I logged in as an AD domain user (grasping at straws here). Nope.
> >
> > Can you point me to a summary of how to configure CUPS to allow the root user to perform lpadmin functions, or best practices?
>
> The default CUPS configuration gives you this.  If you do anything with client.conf, the CUPS_SERVER environment variable, or the "-h" option to point to a server then you have to provide username and password.
>
> (and if Basic authentication doesn't work, check the error_log for errors from PAM which supplies the authentication framework on Linux...)
>
> A very insecure option would be to disable authentication in the default policy, or to whitelist access from specific addresses with "Allow address" and "Satisfy any" in the policy.
>
> >
> > Thanks ...
> >
> >> You are connecting to the cupsd on your test system remotely; the local =
> >> certificate/peer credential stuff only works over domain sockets.
> >>
> >>
> >> On Dec 13, 2011, at 11:19 AM, Rob Parenti wrote:
> >>
> >>> I feel I=92ve tried everything, and don=92t see anything relevant in =
> >> the forums.  I have two separate CUPS/1.4.6 servers, SLES 11.1, one =
> >> Production and one Testing.  The CUPS configurations are virtually =
> >> identical in every way I can see.  The Production server always works =
> >> great.  The Testing server always requires me to enter the root password =
> >> for every lpadmin command.  Otherwise I get =93lpadmin: Unauthorized=94. =
> >> I use scripts, as root, to submit batches of lpadmin commands, so the =
> >> password really interferes with a large batch.  But more importantly, it =
> >> needs to work exactly like the Production machine.
> >>> =20
> >>> I=92m including access_log, error_log, and cupsd.conf.  Everything on =
> >> the web interface works just fine.  I=92m trying to use lpadmin, as =
> >> root, connected with ssh.  Could it be file permissions I missed =
> >> somewhere?
> >>> =20
> >>> Regards
> >>> RobP
> >>> =20
> >>> Access_log
> >>> 147.70.10.205 - - [13/Dec/2011:14:06:17 -0500] POST /admin/ HTTP/1.1 =
> >> 401 0 - -
> >>> =20
> >>> Error_log
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdAcceptClient: 9 from =
> >> 147.70.10.205:631 (IPv4)
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdReadClient: 9 POST /admin/ =
> >> HTTP/1.1
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdSetBusyState: Active clients
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdAuthorize: No authentication data =
> >> provided.
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdIsAuthorized: username=3D
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdSendHeader: 9 WWW-Authenticate: =
> >> Basic realm=3DCUPS
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdCloseClient: 9
> >>> D [13/Dec/2011:14:06:17 -0500] cupsdSetBusyState: Not busy
> >>> =20
> >>> LogLevel debug
> >>> ErrorLog /var/log/cups/error_log
> >>> ServerAdmin a at b.com
> >>> MaxLogSize 0
> >>> AccessLog /var/log/cups/access_log
> >>> AccessLogLevel all
> >>> PageLog /var/log/cups/page_log
> >>> PageLogFormat %p %j %P %u %T %{job-name} Printcap MaxJobs 0 =
> >> MaxPrinterHistory 0 PreserveJobFiles Yes
> >>> =20
> >>> SystemGroup root operators
> >>> User lp
> >>> Group lp
> >>> RemoteRoot remote
> >>> Port 631
> >>> =20
> >>> Browsing On
> >>> BrowseOrder Allow,Deny
> >>> BrowseAllow 999.99.13.*
> >>> =20
> >>> DefaultAuthType None
> >>> DefaultEncryption Never
> >>> =20
> >>> <Location />
> >>> Order Allow,Deny
> >>> Allow =46rom 127.0.0.1
> >>> Allow =46rom 999.99.4.*
> >>> Allow =46rom 999.99.8.*
> >>> Allow =46rom 999.99.10.*
> >>> Allow =46rom 999.99.11.*
> >>> Allow =46rom 999.99.13.*
> >>> </Location>
> >>> =20
> >>> <Location /admin>
> >>> AuthType Basic
> >>> AuthClass System
> >>> Order Allow,Deny
> >>> Allow =46rom 127.0.0.1
> >>> Allow =46rom 999.99.10.*
> >>> Allow =46rom 999.99.13.*
> >>> </Location>
> >>> =20
> >>> <Location /admin/conf>
> >>> AuthType Basic
> >>> Require user @SYSTEM
> >>> Order Allow,Deny
> >>> Allow =46rom 127.0.0.1
> >>> Allow =46rom 999.99.10.*
> >>> Allow =46rom 999.99.13.*
> >>> </Location>
> >>> =20
> >>> <Location /jobs>
> >>> Order Allow,Deny
> >>> Allow =46rom 127.0.0.1
> >>> Allow =46rom 999.99.13.*
> >>> </Location>
> >>> =20
> >>> <Location /printers>
> >>> Order Allow,Deny
> >>> Allow =46rom 127.0.0.1
> >>> Allow =46rom 999.99.13.*
> >>> </Location>
> >>> =20
> >>> =20
> >>> =20
> >>> _______________________________________________
> >>> cups mailing list
> >>> cups at easysw.com
> >>> http://lists.easysw.com/mailman/listinfo/cups
> >>
> >> _________________________________________________________
> >> Michael Sweet, Senior Printing System Engineer, PWG Chair
> >>
> >
> > _______________________________________________
> > cups mailing list
> > cups at easysw.com
> > http://lists.easysw.com/mailman/listinfo/cups
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
>

More information about the cups mailing list