CUPS requer Autenticação [RESOLVIDO]

adrianolangaro
(usa openSUSE)

Enviado em 29/12/2011 - 11:40h

Boa dia gente. Tenho um problema e creio que poderei encontrar ajuda por aqui. Seguinte, tenho um servidor com Ubuntu Server 10.04, nele está instalado o SAMBA (que está funcionando pois consigo acessar as pastas compartilhadas e tudo mais). Levantamos a necessidade de utilizar o CUPS em nossa rede e estou implantando-o. Ele está isntalado e consigo acessar por ipdoserver:631. O problema é que quando necessito de algo administrativo, como Adicionar uma Impressora por exemplo, o CUPS pede autenticação assim:

"401 Não autorizado

Digite o seu nome de usuário e a sua senha ou o nome de usuário e a senha de root para acessar esta página. Se estiver usando a autenticação Kerberos, certifique-se de possuir uma entrada Kerberos válida."

E não sei o que por, clicanco em cancelar, tenho isso:

"401 Não autorizado

Digite o seu nome de usuário e a sua senha ou o nome de usuário e a senha de root para acessar esta página. Se estiver usando a autenticação Kerberos, certifique-se de possuir uma entrada Kerberos válida."

O que será que pode ser? O que é o tal do Kerberos?

Grato pela ajuda! :D

--------------EDIT----------------

O arquivo de configuração do CUPS é esse:

#
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Administrator user group...
SystemGroup lpadmin


# Only listen for connections from the local machine.
Listen 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
BrowseAddress @LOCAL

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
Allow From 192.168.10.161
Allow All
</Location>

# Restrict access to the admin pages...
<Location /admin>
Allow From 192.160.10.161
Allow All
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI>
AuthType Default
Order deny,allow
</Limit>

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

#
#

--------------EDIT----------------

ednilton_so
(usa KUbuntu)

Enviado em 29/12/2011 - 14:43h

Olá,

Tente editar o arquivo /etc/cups/cupsd.conf adicionando o seguinte ao fim do arquivo:

<Location /admin>

      Require group printer-admins

      Order Deny,Allow

      Deny From All

      Allow From 127.0.0.1

      Allow From XXX.XXX.XXX.XXX

</Location>

 

sendo XXX.XXX.XXX.XXX o IP da máquina de onde você está tentando configurar o CUPS. Para esse configuração surtir efeito, você tem que reiniciar o CUPS:

service cups restart 

Boa sorte.

adrianolangaro
(usa openSUSE)

Enviado em 29/12/2011 - 15:14h

Cara, obrigado. Mas continuo com o "problema" =P
Aproveitei e adicionei o que vc me disse e ainda adicionei Allow From xxx.xxx.xxx.xxx abaixo de cada order deny,allow, ficanco o arquivo de configuração assim:

#

#

# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a

# complete description of this file.

#



# Log general information in error_log - change "warn" to "debug"

# for troubleshooting...

LogLevel warn



# Deactivate CUPS' internal logrotating, as we provide a better one, especially

# LogLevel debug2 gets usable now

MaxLogSize 0



# Administrator user group...

SystemGroup lpadmin





# Only listen for connections from the local machine.

Listen 631

Listen /var/run/cups/cups.sock



# Show shared printers on the local network.

Browsing On

BrowseOrder allow,deny

BrowseAllow all

BrowseLocalProtocols CUPS dnssd

BrowseAddress @LOCAL



# Default authentication type, when authentication is required...

DefaultAuthType Basic



# Restrict access to the server...

<Location />

  Allow From 192.168.10.161

  Allow All 

</Location>



# Restrict access to the admin pages...

<Location /admin>

  Allow From 192.160.10.161

  Allow All

</Location>



# Restrict access to configuration files...

<Location /admin/conf>

  AuthType Default

  Require user @SYSTEM

  Order allow,deny

  Allow From 192.168.10.161

</Location>



# Set the default printer/job policies...

<Policy default>

  # Job-related operations must be done by the owner or an administrator...

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>

    Require user @OWNER @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  <Limit All>

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>

</Policy>



# Set the authenticated printer/job policies...

<Policy authenticated>

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI>

    AuthType Default

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>



  <Limit All>

    Order deny,allow

    Allow From 192.168.10.161

  </Limit>

</Policy>



<Location /admin>

	Require group printer-admins

	Order Deny,allow

	Deny From All

	Allow From 127.0.0.1

	Allow From 192.168.10.161

	Allow From 192.168.10.180

</Location>



#

#

 

Como funciona isso? digo, o Deny, Allow...

Aguardo a resposta e Obrigado :D

P.s.: Em todos os tutoriaios em que vi a intalação do CUPS, todos eles necessitaram instalar o SAMBA tambem. NEste servidor, tenho o SAMBA instalado e rodando, será que há algo errado?

ednilton_so
(usa KUbuntu)

Enviado em 29/12/2011 - 16:36h

Olá,

Primeiro, em vez de

Listen localhost:631 

coloque

Port 631 

e adicione "Allow All" (sem aspas) à seção "# Restrict access to configuration files...".

Referência: http://thismightbehelpful.blogspot.com/2008/09/remote-access-to-cups-web-interface.html

Acabei de testar aqui com um servidor Debian.

Boa sorte.

adrianolangaro
(usa openSUSE)

Enviado em 30/12/2011 - 07:58h

Cara, fiz o que você falou mas nada.
Soh que então no improviso, digitei o username e senha de root do ubuntu server e acessou :D
Não sei se é o certo a fazer, vou testar e posto aqui os comentários.

Obrigado :D