LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   CentOS CUPS Server Not Reporting True Owner of Print Job (https://www.linuxquestions.org/questions/linux-server-73/centos-cups-server-not-reporting-true-owner-of-print-job-4175458803/)

majedian21 04-19-2013 03:38 PM
CentOS CUPS Server Not Reporting True Owner of Print Job
 
Greetings, thanks in advance for reading this question.

Server:
Flavor: CentOS 6.3 (2.6.32-358.2.1.el6.x86_64)
CUPS version: 1.4.2

Client:
Mac OS X 10.7.4
CUPS version: 1.5.3

I have a printer defined on the CUPS server with:
Name: ITOfficeQ
Driver: Generic PostScript Printer
socket://10.10.200.22:9100

On the Mac client it is defined to use LDP
Name: IT_Office_TEST
Driver: HP LaserJet P2015 Series
lpd://cups-server.company.com/ITOfficeQ

I have cup-ldp installed and listening on port 515 on the server, so printing seems to be working normally, except for one thing. Any job created on the client is created with the job's owner as the true owner (ex: 'majedian'). However, the server accepts the job and thinks that the owner is 'lp' user.

Sample from client's error_log:
Code:
I [19/Apr/2013:14:23:42 -0500] [Job 78] Queued on "IT_Office_TEST" by "majedian".
D [19/Apr/2013:14:23:42 -0500] Returning IPP successful-ok for Create-Job (ipp://localhost:631/printers/IT_Office_TEST) from localhost
Sample from server's error_log:
Code:
D [19/Apr/2013:14:56:29 -0500] cupsdSetBusyState: Active clients
D [19/Apr/2013:14:56:29 -0500] cupsdAuthorize: Authorized as lp using PeerCred
D [19/Apr/2013:14:56:29 -0500] cupsdIsAuthorized: username="lp"
The same is true on the web interface for both the client and server, each respectively showing 'majedian' or 'lp' user as the owner of the print jobs.

Not sure if this is a Mac client issue or a Linux server issue - any assistance would be appreciated.
Again, pages appear to print fine, but we need to know the actual username on the server side for reporting purposes.

cupsd.conf
Code:
MaxLogSize 0
#
# "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $"
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel debug

# Administrator user group...
#SystemGroup sys root lp ptradmin ptroper
SystemGroup sys root ptradmin ptroper

# Don't ever use SSL encryption
DefaultEncryption Never

Listen *:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing Off
#Browsing On
#BrowseOrder allow,deny
#BrowseAllow all
#BrowseLocalProtocols CUPS

# Amount of seconds to wait before timing out a request (default is 300)
#Timeout 90

# Server admin email
ServerAdmin admin@mycompany.com

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Default print job error policy (default is stop-job)
ErrorPolicy retry-job
# Wait this many seconds and then retry the job (default is 30)
JobRetryInterval 5
# Retry this many times before giving up (default is 5)
#JobRetryLimit 5

# Only this many number of connections from a single IP
# (default = MaxClients field, which is default 100)
MaxClients 500
MaxClientsPerHost 100

# Max number of copies any user can do (default is 9999)
MaxCopies 500

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow from 10.*
</Location>

# Restrict access to the admin pages...
<Location /admin>
  AuthType Default
  Require user @ptradmin
  Order allow,deny
  Allow from 10.*
</Location>

# Restrict access to printers...
<Location /printers>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow from 10.*
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order allow,deny
    Allow from 10.*
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @ptradmin
    Order allow,deny
    Allow from 10.*
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order allow,deny
    Allow from 10.*
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order allow,deny
    Allow from 10.*
  </Limit>

  <Limit All>
    Order allow,deny
    Allow from 10.*
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI>
    AuthType Default
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Thanks!

majedian21 04-25-2013 08:04 AM
Unfortunately, no updates on my end on how to fix this with LPD. However, I did manage to get this functionality (passing the real username to the CUPS server) after defining the client printer config as IPP (not LPD). Of course, that meant that port 515 could be closed again. If anyone still does have any reason why LPD wasn't working as described, I'd be curious to hear it.


All times are GMT -5. The time now is 03:01 PM.