CUPS not printed from other computer

,

NethServer Version: 7.3 final
Module: cups
On the other computers can not print to a printer connected to the server.
/var/log/cups/error_log on server:
E [31/Jan/2017:20:52:49 +0300] Returning HTTP Forbidden for Get-Printer-Attributes (ipp://192.168.0.1:631/printers/HP_LaserJet_1320) from 192.168.0.30 E [31/Jan/2017:21:14:55 +0300] Returning HTTP Forbidden for Get-Printer-Attributes (https://192.168.0.1:631/printers/HP_LaserJet_1320) from 192.168.0.30 E [31/Jan/2017:21:20:08 +0300] Returning HTTP Forbidden for Get-Printer-Attributes (http://192.168.0.1:631/printers/HP_LaserJet_1320) from 192.168.0.30

The test page is printed from the server properly.
Someone struggling with this error?

I haven’t had time to spin up a vm of NS to set up a print server, but in the past on an ubuntu basic print server this was caused where the user you authenticated with when you added the printer to the client pc isn’t allowed to print… I think… You should be able to play with the cups config file /etc/cups.cupsd.conf and add Allow All to the first option in the Policy Authentication section. I think that deals with the permissions you are having issues with.
There are a lot of different things you can change in the config file, and its fairly intuitive. I hope this helps. If this doesn’t get you in the right direction let me know and I’ll dig up one of my old print servers in storage and copy the config for you to compare with. I hope this helps.
Dale

1 Like

I also have never had a problem with CUPS. Until then stood ClearOS - everything worked. On other systems SLES and openSUSE - there, too, everything works, but there’s some ambush on level ground.

In my /etc/cups/cupsd.conf:
ServerAdmin admin@iv.lan
LogLevel warn
MaxLogSize 1m
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd

Allow remote access

Port 631
Listen /var/run/cups/cups.sock
SystemGroup admin
DefaultAuthType Basic
< Location />

Allow remote administration…

Order allow,deny
Allow all
< /Location>

I can’t get if you already resolve your problem.

The problem is not solved. I wrote that on the other redundant system I used to work, but on the NS7 does not work.

Do, but for some reason it happened - do not understand (I originally did not climb at all configs and set up through the web interface).
The cupsd.conf in “Limit All” section has been registered “Deny From All” and “Allow From 127.0.0.1”.

  < Limit All>
    Order deny,allow
    Deny From All
    Allow From 127.0.0.1
  < /Limit>

Ah ah ah! :scream: Where does it come from - is not clear. I removed the print-server module, to reinstall a package cups, install again print-server module, take the default configuration and reconfigure. I check that the section would “Limit All” looked like.

 < Limit All>
    Order deny,allow
  < /Limit>

Everything is working. :beer:

2 Likes

Glad you got it working @tavrist! Few things are more frustrating than trying to figure out why something that should work, doesn’t. Lol

2 Likes

NOT SOLVED!!!
WTF???

Why?
Returning HTTP Forbidden for Get-Printer-Attributes (https://ns.iv.lan:631/printers/HP_LaserJet_1320) from 192.168.0.30

It centos a curve CUPS?

Again no longer print !!! Help to find out why the seal is broken.

Some parasite found in cups:
Deny From All

The deny value might be coming from a template. You can try to override it with a custom template.

mkdir -p /etc/e-smith/templates-custom/etc/cups/cupsd.conf/
cp /etc/e-smith/templates/etc/cups/cupsd.conf/80PolicyDefault /etc/e-smith/templates-custom/etc/cups/cupsd.conf/

Tweak the
/etc/e-smith/templates-custom/etc/cups/cupsd.conf/80PolicyDefault file to your needs.

Then execute:

signal-event nethserver-cups-update

PS: maybe the template shipped with NethServer should be updated to follow upstream.

Thank you, did. I’ll be watching.

@tavrist, could you share the modifications you needed? We may try to merge them into the default configuration.
Thank you.

cat /etc/e-smith/templates-custom/etc/cups/cupsd.conf/80PolicyDefault
# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
#    Deny From All
#    Allow From 127.0.0.1
  </Limit>
</Policy>

I believe that the lines are commented out, I should not be. The same server, rather than the usual computer. Task Server to give access to the printer, and then for some reason, registers can be accessed only with localhost.

upd: I also believe that when you install CUPS must be installed: gutenprint-cups, cups-ipptool, cups-lpd.
I set them manually.

1 Like

CUPS access should be allowed by default only from trusted network.

If you need to change any policy, you should be able to do it from CUPS web interface.
AFAIK you shouldn’t need to edit the configuration file.

So I and configure through a Web interface, only the changes in this section of the “Limit All” for some reason did not apply! Fixed hands - worked, but the next time some updating I got back to the school of the “Limit All” section. And no longer print. How do you imagine this kind of work in production? Updated system - all printers have fallen off! Or after each update to check whether all the printers print a test page? If I’m going to allow this, I went to look for another job.

And for trusted networks have a firewall, which indicates that the port 631 only for the green network.
I am wrong?

To avoid this problem, follow @dnutan suggestion and change the configuration file using ta template-custom.

By the way, if this is a common scenario, I will gladly implement an improvement but I surly need the help of some CUPS expert :wink:

If you need to open the port to other networks, you can use the firewall rules from the web interface.

I had already done it. Now I will be watching - whether will break again :slight_smile:

I just had the exact same issue in my fresh NS7 final install. I would like to +1 on a permanent fix for this.
I run the NS as a central print server at home (among other things), because I only have one printer and several clients. And unplugging and replugging is a hassle.