[Bug 400588] New: Printing to another CUPS server with via IPP fails with client-error-not-authorized
https://bugzilla.novell.com/show_bug.cgi?id=400588 Summary: Printing to another CUPS server with via IPP fails with client-error-not-authorized Product: openSUSE 11.0 Version: Final Platform: i386 OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Printing AssignedTo: jsmeix@novell.com ReportedBy: hpj@urpla.net QAContact: jsmeix@novell.com CC: hpj@urpla.net Found By: Beta-Customer Hi Johannes, I have access to printers of a customer via a VPN, who is running cups-1.1.23, which worked fine up until now after upgrade of my server to 11.0 (coming from 10.2). Local printing works fine, but printing to a printer, attached to the remote cups server resulted in: D [16/Jun/2008:16:54:04 +0200] cupsdAcceptClient: 8 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:04 +0200] cupsdReadClient: 8 POST / HTTP/1.1 D [16/Jun/2008:16:54:04 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:04 +0200] Get-Printer-Attributes ipp://localhost/printers/ky2000gl D [16/Jun/2008:16:54:04 +0200] cupsdProcessIPPRequest: 8 status_code=0 (successful-ok) D [16/Jun/2008:16:54:05 +0200] cupsdAcceptClient: 9 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:05 +0200] cupsdReadClient: 9 POST /printers/ky2000gl HTTP/1.1 D [16/Jun/2008:16:54:05 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:05 +0200] Print-Job ipp://localhost/printers/ky2000gl D [16/Jun/2008:16:54:05 +0200] print_job: auto-typing file... D [16/Jun/2008:16:54:05 +0200] Print-Job client-error-not-authorized: The printer or class is not shared! D [16/Jun/2008:16:54:05 +0200] cupsdProcessIPPRequest: 9 status_code=403 (client-error-not-authorized) D [16/Jun/2008:16:54:05 +0200] cupsdCloseClient: 9 D [16/Jun/2008:16:54:06 +0200] cupsdAcceptClient: 9 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:06 +0200] cupsdReadClient: 9 POST /printers/ HTTP/1.1 D [16/Jun/2008:16:54:06 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:06 +0200] CUPS-Get-Printers D [16/Jun/2008:16:54:06 +0200] cupsdProcessIPPRequest: 9 status_code=0 (successful-ok) D [16/Jun/2008:16:54:06 +0200] cupsdCloseClient: 9 D [16/Jun/2008:16:54:06 +0200] cupsdAcceptClient: 9 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:06 +0200] cupsdReadClient: 9 POST /classes/ HTTP/1.1 D [16/Jun/2008:16:54:06 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:06 +0200] CUPS-Get-Classes D [16/Jun/2008:16:54:06 +0200] cupsdProcessIPPRequest: 9 status_code=0 (successful-ok) D [16/Jun/2008:16:54:06 +0200] cupsdCloseClient: 9 D [16/Jun/2008:16:54:06 +0200] cupsdAcceptClient: 9 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:06 +0200] cupsdReadClient: 9 POST /printers/ HTTP/1.1 D [16/Jun/2008:16:54:06 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:06 +0200] CUPS-Get-Default D [16/Jun/2008:16:54:06 +0200] cupsdProcessIPPRequest: 9 status_code=0 (successful-ok) D [16/Jun/2008:16:54:06 +0200] cupsdCloseClient: 9 D [16/Jun/2008:16:54:06 +0200] cupsdAcceptClient: 9 from 172.16.23.107:631 (IPv4) D [16/Jun/2008:16:54:06 +0200] cupsdReadClient: 9 POST / HTTP/1.1 D [16/Jun/2008:16:54:06 +0200] cupsdAuthorize: No authentication data provided. D [16/Jun/2008:16:54:06 +0200] Get-Jobs ipp://lisa5:631/printers/ky2000gl D [16/Jun/2008:16:54:06 +0200] cupsdProcessIPPRequest: 9 status_code=0 (successful-ok) D [16/Jun/2008:16:54:06 +0200] cupsdCloseClient: 9 I tried hard to disable any authorization on access to my local cups locations "/", "/classes", "/printers", and even "/printers/ky2000gl", but problem persists. The remote cups has this in cupsd.conf: <Location /> Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From @LOCAL Allow From 172.16.23.0/24 </Location> My local one has (new keys, I tried commented out): <Location /> #AuthType None #AuthClass Anonymous Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 127.0.0.2 Allow From @LOCAL Allow From 172.16.24.0/24 </Location> Both are set to require authorization on access to "/admin". When I print a web page from konqueror to the remote printer, a knotify dialog opens, with: A print error occurred. Error message received from system: cupsdoprint -P 'ky2000gl' -J 'http://somepage.html' -H 'tyrex.lisa.loc:631' -U 'hp' -o ' copies=1 multiple-document-handling=separate-documents-collated-copies number-up=2 orientation-requested=3' '/tmp/kde-hp/kdeprint_rdNAYitz' : execution failed with message: client-error-not-authorized triggering the log messages above. Obviously somewhere between cups-1.2.7 (from 10.2) and cups-1.3.7 from 11.0, the IPP protocol implementation has changed to require an authentification incompatible with cups-1.1.23. I've tried to solve the problem myself, but only to ran into other issues: lppasswd seems to be unable to create/change its passwd file. Given, that /etc/cups is owned by root, and lppasswd is lp:sys with sticky bit set, that is no wonder, when it tries to create /etc/cups/passwd.new. Shouldn't /etc/cups be owned by lp:lp? Baffled.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c1 --- Comment #1 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-16 10:29:25 MDT ---
I have access to printers of a customer via a VPN, who is running cups-1.1.23, which worked fine up until now after upgrade of my server to 11.0 (coming from 10.2).
s/after/before -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c2 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kssingvo@novell.com AssignedTo|jsmeix@novell.com |kssingvo@novell.com Status|NEW |ASSIGNED --- Comment #2 from Klaus Singvogel <kssingvo@novell.com> 2008-06-16 10:45:22 MDT --- reassign -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c3 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |hpj@urpla.net --- Comment #3 from Klaus Singvogel <kssingvo@novell.com> 2008-06-16 10:46:27 MDT --- I need the logfile from the server (VPN machine) with cups-1.1.23 Do on this server: - stop cups: rccups stop - remove old logfiles: rm /var/log/cups/error_log* /var/log/cups/access_log* - start cups again: rccups start - do the remote printing - attache the logfiles (/var/log/cups/*log*) via bugzillas attachment mechanism (see below) Don't paste any logfiles! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c4 --- Comment #4 from Klaus Singvogel <kssingvo@novell.com> 2008-06-25 03:42:30 MDT --- Ping... Any infos? Otherwise I'll close the bug with INVALID. I can say, that printing from 11.0 (cups-1.3.7) to SLES10 (cups-1.1.23) is working, here in the company. I assume its a (mis-)configuration issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c5 --- Comment #5 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-25 10:08:17 MDT --- Klaus, sorry for the delay - I just did what you called for, and the result is - empty. I just called lp this time, and it responded: ~> lp -dhp4000 1.lp lp: The printer or class is not shared! but also: ~> LANG=C lpstat -t | grep hp4000 device for hp4000: ipp://lisa5:631/printers/hp4000 hp4000 accepting requests since Fri Jun 20 00:19:12 2008 printer hp4000 is idle. enabled since Fri Jun 20 00:19:12 2008 <DefaultPrinter hp4000> Info HP 4000 Location Verwaltung/Fibu DeviceURI socket://hp4000.jabi.loc:9100 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 </Printer> Do I have to -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c6 Hans-Peter Jansen <hpj@urpla.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|hpj@urpla.net | --- Comment #6 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-25 10:10:28 MDT --- Premature commit. Sorry. Relevant exerpt from /etc/cups/printers.conf: <DefaultPrinter hp4000> Info HP 4000 Location Verwaltung/Fibu DeviceURI socket://hp4000.jabi.loc:9100 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 </Printer> Do I have to enable some shared state explicitely? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c7 --- Comment #7 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-25 10:15:10 MDT --- Created an attachment (id=224362) --> (https://bugzilla.novell.com/attachment.cgi?id=224362) printing on the remote site doesn't result in any log activity While I think, it's useless, here's the error_log, the access_log kept empty. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c8 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |hpj@urpla.net --- Comment #8 from Klaus Singvogel <kssingvo@novell.com> 2008-06-25 11:14:58 MDT --- Does the issue happen, when you disable your firewall(s)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c9 Hans-Peter Jansen <hpj@urpla.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|hpj@urpla.net | --- Comment #9 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-25 11:46:43 MDT --- Yes -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c10 --- Comment #10 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-25 12:22:11 MDT --- Created an attachment (id=224385) --> (https://bugzilla.novell.com/attachment.cgi?id=224385) Cups protocol flags I managed to capture the broadcast announce of this printer after rming /etc/cups/yes/remote.cache, but since wireshark is unable to export this info into a sane format, I captured its screen.. I have no idea, what makes cups think, that this printer isn't shared. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c11 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WORKSFORME --- Comment #11 from Klaus Singvogel <kssingvo@novell.com> 2008-06-26 03:58:57 MDT --- I have no idea neither. The bad news is, that I cannot reproduce it here, even I'm running cups-1.3.7 on my workstation and cups-1.1.23 on my server. Therefore I think this is a network configuration issue at your site. If you can tell me what I should do to reproduce it, I'm going to fix it. But otherwise I'll going to close it. Sorry. But I don't see any other chance to help you here. Feel free to reopen, when this is possible. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c12 Hans-Peter Jansen <hpj@urpla.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | --- Comment #12 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-26 17:19:22 MDT --- Okay, Klaus, I did another round of research and tests, and this seems to be an issue in certain cases (mainly from users updating from Mac OS-X Tiger to Leopard). I found references for a DefaultShared config option, but that didn't helped, since it's meant for local printers only?!? Then I analyzed the policy sections in more details, since I discovered, that I was able to print from a shell account on my local server to the remote server, but not from a local 11.0 client. Obviously, that makes the difference to the remote site, but not to the local site (since I'm able to print in my local net just fine). But no matter, how strong I messed with /etc/cups/cupsd.conf, the result stays the same, and since I use a nfs shared home here, the output of lpoptions -p hp4000 is exactly the same: ~> lpoptions -p hp4000 copies=1 job-hold-until=no-hold job-priority=50 number-up=1 auth-info-required=none printer-info='HP 4000' printer-is-accepting-jobs=1 printer-is-shared=0 printer-location=Verwaltung/Fibu printer-make-and-model='HP LaserJet 2100 Series Postscript (recommended) on lisa5' printer-state=4 printer-state-change-time=1214521671 printer-state-reasons=none printer-type=18911302 (Yes, it's a 2100N, for historical reasons, it kept the hp4000 name). But since the problem varies inside the 11.0 environment, I reopen this issue, and will attach my current cupsd.conf for the sake of completeness. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c13 --- Comment #13 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-26 17:21:14 MDT --- Created an attachment (id=224711) --> (https://bugzilla.novell.com/attachment.cgi?id=224711) my current /etc/cups/cupsd.conf file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c14 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |hpj@urpla.net --- Comment #14 from Klaus Singvogel <kssingvo@novell.com> 2008-06-30 06:19:23 MDT --- I currently have no idea any longer what to do and what not to do. The required information is in bad way distributed in this bugzilla entry: "do this", "later I did this - but wait it might not be relevant", "don't do this" - "we are printing from MacOS", "printing from 11.0", etc. *puzzled* Please provide a simple (!) description of "how to reproduce". Attache all (!) the required configuration files with the "Attachement" functionality of our bugzilla server, if you're not using default configurations. Thanks for understanding. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User hpj@urpla.net added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c15 Hans-Peter Jansen <hpj@urpla.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|hpj@urpla.net | --- Comment #15 from Hans-Peter Jansen <hpj@urpla.net> 2008-06-30 14:15:39 MDT ---
I currently have no idea any longer what to do and what not to do.
The required information is in bad way distributed in this bugzilla entry: "do this", "later I did this - but wait it might not be relevant", "don't do this" - "we are printing from MacOS", "printing from 11.0", etc. *puzzled*
Okay, I admit, this report is a mess, but never mentioned MacOS before now ;-) Klaus, please go back to #11. That setup there essentially works for me, too, as long as I print from WS. Now turn your WS into a server, add another client, and print from there. E.g: Client (cups-1.3) -> WS (cups-1.3) -> Server (cups-1.1). Hopefully you harvest the same dreaded error message from the lp command, as noted in #5. If not, I will dig further. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=400588 User kssingvo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=400588#c16 Klaus Singvogel <kssingvo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WORKSFORME --- Comment #16 from Klaus Singvogel <kssingvo@novell.com> 2008-07-01 01:39:33 MDT --- You did not provide the requested information. Closing with WORKSFORME now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com