Its is really not working.
Jason Bodington
jayman at bodington.ca
Tue Jun 12 11:48:37 PDT 2012
I am sorry if this comes across as harsh or unkind, but what heck have you guys done to your product. I have spend now over 24hs hacking at this and it is still not working. In previous versions, it just worked, now in the latest version 1.5.3 everything seem complicated for the sack of being complicated.
I went from a working cups server completely integrated into my network on Saturday, to a cups server that only work locally after hacking at it for the past 24+ hours.
This is my Conf file.
===============================
#
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Administrator user group...
SystemGroup lpadmin
# Only listen for connections from the local machine.
Listen 10.0.1.200:631
Listen localhost:631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
BrowseAddress @LOCAL
# Default authentication type, when authentication is required...
DefaultAuthType None
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow 10.0.1.0/24
</Location>
# Restrict access to the admin pages...
<Location /admin>
AuthType Default
Order allow,deny
Allow 10.0.1.0/24
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 10.0.1.0/24
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
Allow 10.0.1.0/24
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
Allow 10.0.1.0/24
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
#
#
===============================
I had to add "Allow 10.0.1.0/24" just to see the browser page. To edit things and add a printer, I did more of the same.
Never once did it prompt me for a login or authentication information. I even went and created the same user on the server as on my remote machine and added it to the "lpadmin" group on the server.
I finally was able to add the printer a Brother HL-2040, print test-pages galore. From a remote machine actually sees the HL-2040, finally some luck, when I go to add a new printer.
This is my Properties from the remote machine (Not server).
===============================
Description: HL-2040
Location:
Driver: Brother Brother HL-2040 Foomatic/hl1250 (recommended) (grayscale, 2-sided printing)
Connection: dnssd://Brother%20HL-2040%20series%20%40%20BOD-Server._ipp._tcp.local/cups
Defaults: job-sheets=none, none media=na_letter_8.5x11in sides=one-sided
===============================
Now as for drivers, I use the recommended one as shown here, this the the drivers that are used on the server and works when I print a test page from the server locally. I also tried the other four or five drivers on the remote machine.
When trying to print from the remote machine to the server I get
"Idle - 'Unable to connect to printer; will retry in 30 seconds...'"
So I check the Error Logs
===============================
E [12/Jun/2012:00:29:52 -0400] Unable to encrypt connection from 10.0.1.20 - Error in the push function.
E [12/Jun/2012:09:55:50 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:10:23:18 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:11:51:53 -0400] Unable to encrypt connection from 10.0.1.20 - A TLS packet with unexpected length was received.
E [12/Jun/2012:11:51:58 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:12:18:02 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:12:18:09 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:12:21:04 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:12:23:26 -0400] [CGI] CUPS-Get-Devices request failed with status 1000: Unauthorized
E [12/Jun/2012:12:25:46 -0400] SSL shutdown failed: Error in the push function.
...
===============================
The Access Logs
===============================
...
localhost - - [12/Jun/2012:12:50:29 -0400] "POST /printers/Brother_HL-2040_series HTTP/1.1" 200 398 Print-Job successful-ok
localhost - - [12/Jun/2012:12:56:53 -0400] "POST /printers/Brother_HL-2040_series HTTP/1.1" 200 398 Print-Job successful-ok
10.0.1.20 - - [12/Jun/2012:13:06:21 -0400] "POST /admin/ HTTP/1.1" 200 60 - -
localhost - - [12/Jun/2012:13:06:21 -0400] "POST / HTTP/1.1" 401 91 CUPS-Get-Devices successful-ok
10.0.1.20 - - [12/Jun/2012:13:06:21 -0400] "POST /admin/ HTTP/1.1" 200 1876 - -
10.0.1.20 - - [12/Jun/2012:13:14:48 -0400] "POST /admin/ HTTP/1.1" 200 99 - -
10.0.1.20 - - [12/Jun/2012:13:14:48 -0400] "POST /admin/ HTTP/1.1" 200 5040 - -
10.0.1.20 - - [12/Jun/2012:13:15:31 -0400] "POST /admin/ HTTP/1.1" 200 99 - -
10.0.1.20 - - [12/Jun/2012:13:15:31 -0400] "POST /admin/ HTTP/1.1" 200 5040 - -
10.0.1.20 - - [12/Jun/2012:13:17:20 -0400] "POST /admin/ HTTP/1.1" 200 99 - -
10.0.1.20 - - [12/Jun/2012:13:17:20 -0400] "POST /admin/ HTTP/1.1" 200 5040 - -
10.0.1.20 - - [12/Jun/2012:13:19:28 -0400] "GET /admin/log/access_log HTTP/1.1" 200 6416 - -
10.0.1.20 - - [12/Jun/2012:13:20:33 -0400] "GET /admin/log/error_log HTTP/1.1" 200 2647 - -
10.0.1.20 - - [12/Jun/2012:13:28:23 -0400] "POST /admin/ HTTP/1.1" 200 62 - -
10.0.1.20 - - [12/Jun/2012:13:28:23 -0400] "POST /admin/ HTTP/1.1" 200 12397 - -
10.0.1.20 - - [12/Jun/2012:13:59:25 -0400] "POST /admin/ HTTP/1.1" 200 62 - -
10.0.1.20 - - [12/Jun/2012:13:59:25 -0400] "POST /admin/ HTTP/1.1" 200 12397 - -
10.0.1.20 - - [12/Jun/2012:14:23:44 -0400] "GET /admin/log/error_log HTTP/1.1" 304 0 - -
10.0.1.20 - - [12/Jun/2012:14:24:36 -0400] "GET /admin/log/error_log HTTP/1.1" 304 0 - -
===============================
So it seems it is a question of accessibility, or rather lack of it. Which brings me back to my "Allow 10.0.1.0/24" because there was not other way that I could see to actually access the cups server. This brings me back to my original statement, "complicated for the sack of being complicated". Now don't get me wrong I am the first one to tell anyone to protect you information and secure your system, heck that is why I re-install the server because I want to upgrade to 12.04 from 10.04 and did not want all that legacy files from going from 10.04 > 10.10 > 11.04 ... > 12.04 which could be a potential vulnerability. Why does this have to be so complicated? Why do I have to spend sooooo much time to try and get this fixed, and it is still not fix.
If anyone can explain that to me, or how to fix it I would appreciate it greatly.
And again I mean no malice, I thank all the developers for their hard work. That is not it, it is the frustration of it all, and true emotion does not always come across in plain text. But I would like to get this rectified.
More information about the cups
mailing list