[cups] cannot authenticate

Gene Heskett gheskett at shentel.net
Thu Jan 17 08:28:38 PST 2019


On Thursday 17 January 2019 08:10:09 Daniel Spannbauer wrote:
Thread hijacking, sorta, see way below.
> Hallo,
>
>
> I'm using cups 2.3b4 on a opensuse Tumbleweed.
>
> When I try to delete a print job via the web interface, I have to
> authenticate. But I always get "permission denied".
>
> In the logs I found:
>
> pam_authenticate() returned 10 (User not known to the underlying
> authentication module)
>
> I configured the Systemgroup via "SystemGroup root". So "root" should
> be allowed to delete jobs when I use "@SYSTEM" in cupsd.conf.
>
> But I can't.
>
> Any hints?
>
>
> Regards
>
>
> Daniel
>
>
> -----------------------
>
> cupsd.conf:
>
> <Location />
>   # Allow remote administration...
>   Order allow,deny
>   Allow 10.0.0.0/8
> </Location>
> <Location /admin>
>   # Allow remote administration...
>   Order allow,deny
>   Allow 10.0.0.0/8
> </Location>
> <Location /admin/conf>
>   AuthType Default
>   Require user @SYSTEM
>   # Allow remote access to the configuration files...
>   Order allow,deny
>   Allow 10.0.0.0/8
> </Location>
> <Policy default>
>   JobPrivateAccess default
>   JobPrivateValues default
>   SubscriptionPrivateAccess default
>   SubscriptionPrivateValues default
>   <Limit Create-Job Print-Job Print-URI Validate-Job>
>     Order deny,allow
>   </Limit>
>   <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
> Purge-Jobs Set-Job-Attributes Create-Job-Subscription
> Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job
> Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs
> Close-Job CUPS-Move-Job CUPS-Get-Document>
>     Require user @OWNER @SYSTEM
>     Order deny,allow  
>   </Limit>
>   <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
> CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default
> CUPS-Get-Devices> AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
> Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs
> CUPS-Accept-Jobs CUPS-Reject-Jobs>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit Cancel-Job CUPS-Authenticate-Job>
>     Require user @OWNER @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit All>
>     Order deny,allow
>   </Limit>
> </Policy>
> <Policy authenticated>
>   JobPrivateAccess default
>   JobPrivateValues default
>   SubscriptionPrivateAccess default
>   SubscriptionPrivateValues default
>   <Limit Create-Job Print-Job Print-URI Validate-Job>
>     AuthType Default
>     Order deny,allow
>   </Limit>
>   <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
> Purge-Jobs Set-Job-Attributes Create-Job-Subscription
> Renew-Subscription  Cancel-Subscription Get-Notifications
> Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job
> Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
>     AuthType Default
>     Require user @OWNER @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
> CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
> Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs
> CUPS-Accept-Jobs CUPS-Reject-Jobs>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit Cancel-Job CUPS-Authenticate-Job>
>     AuthType Default
>     Require user @OWNER @SYSTEM
>     Order deny,allow
>   </Limit>
>   <Limit All>
>     Order deny,allow
>   </Limit>
> </Policy>
> <Policy allowallforanybody>
>   <Limit All>
>     Order deny,allow
>     Allow from all
>   </Limit>
> </Policy>
> DefaultPolicy default

I've had a similar problem ever since I installed debian wheezy. I had 
configured (I don't recall now, been too long) myself for the admin at 
the time, but the first time I added another printer, it asked me root 
an roots pw, had them already filled in (still does today), so I figured 
what good did it do me to make me the admin. So eventually I overwrote 
the root in the  user box with my username and entered my password, It 
worked, and still works today. But I've been trying to get better color 
out of a BIG brother MFC, it doesn't use enough ink, without any great 
success, and I noticed a plugged black nozzle a month back, and now it 
says the clean nozzles command is illegal and blocks it. And there is 
not a clean nozzles option from its own control panel.

But because it has had both a network cable and a usb feed, I just 
disconnected the network cable because the usb feed seems faster, and 
verified all 3 profiles were now being driven by the usb cable.  And all 
my test prints have at least partially cleaned its heads. I can still 
see some banding but no missing nozzles. And a clean nozzles command is 
still an invalid command and ignored.  

The log however is complaining about "dirty" files.

And it claims the SERVER ADMIN is root at coyote.  Go figure.
And is well watered with permission denied msgs. Yet, while everything 
in /etc/cups is root:root, or root:lp, or root:sys, I am a member of the 
later two.

Humm, I think I see a problem, everything in /etc/cups/ppd is root:root
I think I'll make them root:sys and see if I can make the color work 
better. Can someone comment on that?

And it didn't help, so I called up a root session of geany and set the 
red to +20 in the default ppd. Zero effect on a test page, so none of 
those advanced settings are making it to the printer.

Some one was attempting to help me a couple months back, but dropped off 
the radar.

This is wheezy, and cups 1.5.3. Is there any chance I could get a later 
version to build useing the existing build-essential kit?

Looks like a no, 2.3b7 bails out of the make at
Linking ippserver...
/usr/bin/ld: ../cups/libcups.a(thread.o): undefined reference to 
symbol 'clock_gettime@@GLIBC_2.2'
/usr/bin/ld: note: 'clock_gettime@@GLIBC_2.2' is defined in 
DSO /lib/i386-linux-gnu/librt.so.1 so try adding it to the linker 
command line
/lib/i386-linux-gnu/librt.so.1: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status
make[1]: *** [ippserver] Error 1
make: *** [all] Error 1

Whats the proper way to fix this?

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>



More information about the cups mailing list