[cups] doubt

Luiz Guilherme Nunes Fernandes narutospinal at gmail.com
Wed Apr 19 10:22:16 PDT 2017 

Well,  i try with pam too, i create one configuration, look but no work in
cups, in webinterface show, "forbidden" , i test with local users work.

I use nslcd program, work with ssh protocol. No have erros in logs cups. i
look in /var/log/secure too and user command "journalctl -xe"

Any ideas?

#@include common-auth
#@include common-account
#@include common-session
#@include common-password


auth required           pam_env.so
auth sufficient         pam_unix.so nullok_secure
auth sufficient         pam_ldap.so use_first_pass
auth required           pam_deny.so

account required        pam_unix.so
account sufficient      pam_ldap.so

session required        pam_limits.so
session required        pam_unix.so
session optional        pam_ldap.so

My cups configuration:

Listen 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

#SystemGroup printers

# Restrict access to the server...
<Location />
  AuthType Default
  Require valid-user
  Order allow,deny
  Allow all
  Satisfy any
</Location>

# Restrict access to the admin pages...
<Location /admin>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow all
</Location>

#######


2017-04-19 14:13 GMT-03:00 Michael Sweet <msweet at apple.com>:

> Luiz,
>
> LDAP browsing support (using the custom schema) was removed many years
> ago, and is completely unrelated to LDAP authentication (which happens via
> PAM).
>
>
>
> > On Apr 19, 2017, at 1:07 PM, Luiz Guilherme Nunes Fernandes <
> narutospinal at gmail.com> wrote:
> >
> > Weel, no work, i try pam_ldap with this configurations.
> >
> > https://itsecureadmin.com/wiki/index.php/LDAP_Printing
> >
> > I installed last version of cups, this software dont work with parameters
> >
> > My part configuration:
> >
> > BrowseLocalProtocols all
> > BrowseRemoteProtocols all
> >
> > BrowseLDAPBindDN uid=cupsd,ou=people,dc=example,dc=org
> > BrowseLDAPPassword <ldap password>
> > BrowseLDAPServer ldaps://ldap-server.example.org/
> > BrowseLDAPDN dc=example,dc=org
> >
> >
> >
> >
> >
> > 2017-04-19 9:52 GMT-03:00 Michael Sweet <msweet at apple.com>:
> >
> >> Luiz,
> >>
> >> Yes, through pam_ldap.  Look at the PAM configuration file for the cups
> >> server (typically /etc/pam.d/cups) and configure as needed to use
> >> pam_ldap.so.
> >>
> >>
> >>> On Apr 19, 2017, at 8:25 AM, Luiz Guilherme Nunes Fernandes <
> >> narutospinal at gmail.com> wrote:
> >>>
> >>> Hi,
> >>>     i have one doubt, how i can use authentication with protocol LDAP
> in
> >>> Cups service? i need for webinterface and for add printers shared for
> >> users.
> >>>
> >>> --
> >>> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> >> -------------------------->>>>>>>>>>>>>>>>>>>
> >>>
> >>> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem
> ao
> >>> Pai, senão por mim >
> >>>                                                            (João 14:6)
> >>>
> >>>                                                                   Att.
> >>>                                       ♪ ♫  Luiz Guilherme Nunes
> >>> Fernandes  ♫ ♪
> >>>
> >>> <<<<<<<<<<<<<<<<<<<-----------------------------------------
> >> -------------------------->>>>>>>>>>>>>>>>>>>
> >>> _______________________________________________
> >>> cups mailing list
> >>> cups at cups.org
> >>> https://lists.cups.org/mailman/listinfo/cups
> >>
> >> _________________________________________________________
> >> Michael Sweet, Senior Printing System Engineer
> >>
> >> _______________________________________________
> >> cups mailing list
> >> cups at cups.org
> >> https://lists.cups.org/mailman/listinfo/cups
> >>
> >
> >
> >
> > --
> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
> >
> > < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
> > Pai, senão por mim >
> >                                                             (João 14:6)
> >
> >                                                                    Att.
> >                                        ♪ ♫  Luiz Guilherme Nunes
> > Fernandes  ♫ ♪
> >
> > <<<<<<<<<<<<<<<<<<<-----------------------------------------
> -------------------------->>>>>>>>>>>>>>>>>>>
> > _______________________________________________
> > cups mailing list
> > cups at cups.org
> > https://lists.cups.org/mailman/listinfo/cups
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
>



-- 
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

More information about the cups mailing list