Samba Printing - "Access Denied, Unable to Connect"

On Fri December 19 2008 06:36 pm, sullysnet wrote:

>
> I am not trying to access it form the server, only from my Vista
> machine. Would that make a difference?
>
> I will try the command and try removing the socket option
> thanks
>
>
sullysnet;

Sorry to but in here, but have you allowed remote administration of CUPS? If
you go to CUPS (http://localhost:631/) on the server, choose
the "Administration" tab, you should find a check box to allow remote
administration. By default, CUPS does not allow this. It is also possible
to do this by editing the <location> sections of /etc/CUPS/cupsd.conf. You
will still need to authenticate on CUPS as root before CUPS will accept your
changes.

--
P. V.
"We're all in this together, I'm pulling for you." Red Green

[sullysnet]

Quote:

Originally Posted by PV

On Fri December 19 2008 06:36 pm, sullysnet wrote:

>
> I am not trying to access it form the server, only from my Vista
> machine. Would that make a difference?
>
> I will try the command and try removing the socket option
> thanks
>
>
sullysnet;

Sorry to but in here, but have you allowed remote administration of CUPS? If
you go to CUPS (http://localhost:631/) on the server, choose
the "Administration" tab, you should find a check box to allow remote
administration. By default, CUPS does not allow this. It is also possible
to do this by editing the <location> sections of /etc/CUPS/cupsd.conf. You
will still need to authenticate on CUPS as root before CUPS will accept your
changes.

--
P. V.
"We're all in this together, I'm pulling for you." Red Green

I can't do that from the server it is console only. I use command line only to work on the box along with webmin, mostly webmin

Anway I am not able to load that page since I have no GUI. I am trying to do from my main machine that is on Vista.

thanks oh and I don't mind you butting in at all. You are both very helpful and I have already solved one part and actually the removing the socket option seems faster on my setup so I am making great gains here and learning a ton.

I tried tunneling through webmin but I get this error
Failed to connect to 192.168.1.XXX:631 : Connection refused
It has to be the new config because it worked before I started to use it, but I like this one better I just would like to have this new one and the ability to see that page

On Fri December 19 2008 11:56 pm, sullysnet wrote:

>
> PV;1911383 Wrote:
>> On Fri December 19 2008 06:36 pm, sullysnet wrote:
<snip>

>
> I can't do that from the server it is console only. I use command line
> only to work on the box along with webmin, mostly webmin
>
> Anway I am not able to load that page since I have no GUI. I am trying
> to do from my main machine that is on Vista.
>
<snip>

sullysnet;

I'm not sure this will help you, but this is the permission part of my
/etc/cups/cupsd.conf to allow remote administration. Perhaps you can try
editing your cupsd.conf with something like "vi" using this as a model. Be
sure to backup first.

Code:

DefaultAuthType Basic
<Location />
# Allow remote administration...
Order allow,deny
Allow @LOCAL
Allow 192.168.0.*
</Location>
<Location /admin>
Encryption Required
# Allow remote administration...
Order allow,deny
Allow @LOCAL
Allow 192.168.0.*
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
Allow 192.168.0.*
</Location>

--
P. V.
"We're all in this together, I'm pulling for you." Red Green

[sullysnet]

I tried that but I think I am still blocking it from somewhere. I am using swerdna cupsd file he posted here http://www.swerdna.net.au/printsamba/cupsd.102.txt

I took out this part

# Restrict access to the admin pages...
<Location /admin>
Encryption Required
Order allow,deny
Allow localhost
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
</Location>

and replaced it with yours, this was the only place I figured it would go but I maybe wrong.

thanks both of you

On Sat December 20 2008 03:16 pm, sullysnet wrote:

>
> I tried that but I think I am still blocking it from somewhere. I am
> using swerdna cupsd file he posted here
> http://www.swerdna.net.au/printsamba/cupsd.102.txt
>
> I took out this part
>
<snip>
>
> and replaced it with yours, this was the only place I figured it would
> go but I maybe wrong.
>
> thanks both of you
>
>
I think that would be the correct location Is port 631 open on your firewall?
You might want to look at:
http://www.cups.org/
they have a lot of documentation posted.

This is a bit off topic, but I noticed that your original smb.conf looked a
lot like something from SAMBA2. I would suggest you might want to look at
the "Samba3 HowTo" and "Samba3 by example" posted at:
http://www.samba.org
These are also available in book form, check your local University Library or
Amazon.com
--
P. V.
"We're all in this together, I'm pulling for you." Red Green

On Sat December 20 2008 03:32 pm, PV wrote:

<snip>
>>
> I think that would be the correct location Is port 631 open on your
> firewall? You might want to look at:
> http://www.cups.org/
> they have a lot of documentation posted.
>
<snip>
Addenda: Did you restart cupsd after you made the changes?
--
P. V.
"We're all in this together, I'm pulling for you." Red Green

[sullysnet]

I do not use the firewall on the SUSE machine I use my Netscreen for my firewall. So the port is open. I took my original config and edited out all of the **** and I will test it later. What do you think of this and do you see anything bad or wrong? thanks

Code:

#
# "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 sully Exp $"
#

#
# LogLevel: controls the number of messages logged to the ErrorLog
# file and can be one of the following:
#
#     debug2	Log everything.
#     debug	Log almost everything.
#     info      Log all requests and state changes.
#     warn      Log errors and warnings.
#     error     Log only errors.
#     none      Log nothing.
#

LogLevel info

#
# User/Group: the user and group the server runs under.  Normally this
# must be lp and lp, however you can configure things for another
# user or group as needed.
#

User lp
Group lp
RunAsUser Yes

#
# Ports/addresses that we listen to.  The default port 631 is reserved
# for the Internet Printing Protocol (IPP) and is what we use here.
#

Port 631

BrowseAllow @LOCAL
BrowseDeny All

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.1.0/24
</Location>

<Location /admin>

#
# You definitely will want to limit access to the administration functions.
# The default configuration requires a local connection from a user who
# is a member of the system group to do any admin tasks.  You can change
# the group name using the SystemGroup directive.
#

AuthType None
AuthClass System
AuthGroupName sys
                                  
## Restrict access to local domain
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.1.0/24

#Encryption Required
</Location>
Browsing On
<Location /classes>
Allow From All
Order Allow,Deny
</Location>
<Location /printers>
Allow From All
Order Allow,Deny
</Location>
BrowseAddress 192.168.1.255

#
# End of "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 sully Exp $".
#

I created the smb file by hand mostly over the years I have changed it and edited it. So far everything is working nice but I will of course review any changes in Samba 3 on the site. Obviously if something sticks out as bad I would love to know about if possible.

thanks

On Sat December 20 2008 04:36 pm, sullysnet wrote:

>
> I do not use the firewall on the SUSE machine I use my Netscreen for my
> firewall. So the port is open. I took my original config and edited out
> all of the **** and I will test it later. What do you think of this and
> do you see anything bad or wrong? thanks
>
>
> Code:
> --------------------
>
> #
> # "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 sully Exp $"
> #
>
> #
> # LogLevel: controls the number of messages logged to the ErrorLog
> # file and can be one of the following:
> #
> # debug2 Log everything.
> # debug Log almost everything.
> # info Log all requests and state changes.
> # warn Log errors and warnings.
> # error Log only errors.
> # none Log nothing.
> #
>
> LogLevel info
>
> #
> # User/Group: the user and group the server runs under. Normally this
> # must be lp and lp, however you can configure things for another
> # user or group as needed.
> #
>
> User lp
> Group lp
> RunAsUser Yes
>
> #
> # Ports/addresses that we listen to. The default port 631 is reserved
> # for the Internet Printing Protocol (IPP) and is what we use here.
> #
>
> Port 631
>
> BrowseAllow @LOCAL
> BrowseDeny All
>
> <Location />
> Order Deny,Allow
> Deny From All
> Allow From 127.0.0.1
> Allow From 192.168.1.0/24
> </Location>
>
> <Location /admin>
>
> #
> # You definitely will want to limit access to the administration
> # functions. The default configuration requires a local connection from a
> # user who
> # is a member of the system group to do any admin tasks. You can change
> # the group name using the SystemGroup directive.
> #
>
> AuthType None
> AuthClass System
> AuthGroupName sys
>
> ## Restrict access to local domain
> Order Deny,Allow
> Deny From All
> Allow From 127.0.0.1
> Allow From 192.168.1.0/24
>
> #Encryption Required
> </Location>
> Browsing On
> <Location /classes>
> Allow From All
> Order Allow,Deny
> </Location>
> <Location /printers>
> Allow From All
> Order Allow,Deny
> </Location>
> BrowseAddress 192.168.1.255
>
> #
> # End of "$Id: cupsd.conf.in,v 1.13 2003/04/10 20:14:04 sully Exp $".
> #
>
> --------------------
<snip>
I suspect you might want a "<Location /admin/conf> </Location>" section for
future configuration. You might want to look up "Authtype" to see if this is
what you want. For the usage of these directives see:

http://www.cups.org/documentation.ph...upsd-conf.html

While your there, look at the write up for "Allow", I think you want
192.168.1.* rather than 192.168.1.0/24; as I read it, the /24 notation seems
to imply a fixed IP in CUPS.
--
P. V.
"We're all in this together, I'm pulling for you." Red Green

[sullysnet]

it seems the /24 is subnet mask but I am still reading, thanks
I will also read and compare to me settings section by section

2 192.0.0.0 24 255.255.255.0

On Sat December 20 2008 07:26 pm, sullysnet wrote:

>
> it seems the /24 is subnet mask but I am still reading, thanks
> I will also read and compare to me settings section by section
>
> 2 192.0.0.0 24 255.255.255.0
>
>
It is the subnet mask, and ordinarily 192.186.1.0/24 would give the entire
subnet, but it looks like CUPS only uses this for a fixed IP such as
192.168.1.25/24 and uses 192.168.1.* for the subnet. At least that is how I
read it, and I know the "*" notation works.
--
P. V.
"We're all in this together, I'm pulling for you." Red Green