CUPS requer Autenticação [RESOLVIDO]

adrianolangaro
(usa openSUSE)

Enviado em 29/12/2011 - 11:40h

Boa dia gente. Tenho um problema e creio que poderei encontrar ajuda por aqui. Seguinte, tenho um servidor com Ubuntu Server 10.04, nele está instalado o SAMBA (que está funcionando pois consigo acessar as pastas compartilhadas e tudo mais). Levantamos a necessidade de utilizar o CUPS em nossa rede e estou implantando-o. Ele está isntalado e consigo acessar por ipdoserver:631. O problema é que quando necessito de algo administrativo, como Adicionar uma Impressora por exemplo, o CUPS pede autenticação assim:

"401 Não autorizado

Digite o seu nome de usuário e a sua senha ou o nome de usuário e a senha de root para acessar esta página. Se estiver usando a autenticação Kerberos, certifique-se de possuir uma entrada Kerberos válida."

E não sei o que por, clicanco em cancelar, tenho isso:

"401 Não autorizado

Digite o seu nome de usuário e a sua senha ou o nome de usuário e a senha de root para acessar esta página. Se estiver usando a autenticação Kerberos, certifique-se de possuir uma entrada Kerberos válida."

O que será que pode ser? O que é o tal do Kerberos?

Grato pela ajuda! :D

--------------EDIT----------------

O arquivo de configuração do CUPS é esse:

#
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Administrator user group...
SystemGroup lpadmin


# Only listen for connections from the local machine.
Listen 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
BrowseAddress @LOCAL

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
Allow From 192.168.10.161
Allow All
</Location>

# Restrict access to the admin pages...
<Location /admin>
Allow From 192.160.10.161
Allow All
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI>
AuthType Default
Order deny,allow
</Limit>

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

#
#

--------------EDIT----------------

ednilton_so
(usa KUbuntu)

Enviado em 29/12/2011 - 14:43h

Olá,

Tente editar o arquivo /etc/cups/cupsd.conf adicionando o seguinte ao fim do arquivo:

<Location /admin>
      Require group printer-admins
      Order Deny,Allow
      Deny From All
      Allow From 127.0.0.1
      Allow From XXX.XXX.XXX.XXX
</Location>
 

sendo XXX.XXX.XXX.XXX o IP da máquina de onde você está tentando configurar o CUPS. Para esse configuração surtir efeito, você tem que reiniciar o CUPS:

service cups restart 

Boa sorte.

adrianolangaro
(usa openSUSE)

Enviado em 29/12/2011 - 15:14h

Cara, obrigado. Mas continuo com o "problema" =P
Aproveitei e adicionei o que vc me disse e ainda adicionei Allow From xxx.xxx.xxx.xxx abaixo de cada order deny,allow, ficanco o arquivo de configuração assim:

#
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Administrator user group...
SystemGroup lpadmin


# Only listen for connections from the local machine.
Listen 631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
BrowseAddress @LOCAL

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Allow From 192.168.10.161
  Allow All 
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Allow From 192.160.10.161
  Allow All
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow From 192.168.10.161
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  <Limit All>
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI>
    AuthType Default
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>

  <Limit All>
    Order deny,allow
    Allow From 192.168.10.161
  </Limit>
</Policy>

<Location /admin>
	Require group printer-admins
	Order Deny,allow
	Deny From All
	Allow From 127.0.0.1
	Allow From 192.168.10.161
	Allow From 192.168.10.180
</Location>

#
#
 

Como funciona isso? digo, o Deny, Allow...

Aguardo a resposta e Obrigado :D

P.s.: Em todos os tutoriaios em que vi a intalação do CUPS, todos eles necessitaram instalar o SAMBA tambem. NEste servidor, tenho o SAMBA instalado e rodando, será que há algo errado?

ednilton_so
(usa KUbuntu)

Enviado em 29/12/2011 - 16:36h

Olá,

Primeiro, em vez de

Listen localhost:631 

coloque

Port 631 

e adicione "Allow All" (sem aspas) à seção "# Restrict access to configuration files...".

Referência: http://thismightbehelpful.blogspot.com/2008/09/remote-access-to-cups-web-interface.html

Acabei de testar aqui com um servidor Debian.

Boa sorte.

adrianolangaro
(usa openSUSE)

Enviado em 30/12/2011 - 07:58h

Cara, fiz o que você falou mas nada.
Soh que então no improviso, digitei o username e senha de root do ubuntu server e acessou :D
Não sei se é o certo a fazer, vou testar e posto aqui os comentários.

Obrigado :D