cups 2.2.1 auf Raspberry Pi 3b+ Linux 4.19.66-v7+ #1253 SMP Do 15. Aug 11:49:46 BST 2019 armv7l GNU/Linux
Wenn ich versuche, mich zu authentifizieren, um Verwaltungsfunktionen über die Weboberfläche auszuführen, werde ich wiederholt zur Authentifizierung aufgefordert und darf keinen Drucker hinzufügen. Ich kann mich authentifizieren, um das Fehlerprotokoll anzuzeigen, das nach jedem fehlgeschlagenen Anmeldeversuch als Benutzer=pi den folgenden Fehler generiert. pi wurde zum Mitglied der lpadmin-Gruppe gemacht. (sudo usermod -a -G lpadmin pi)
E [28/Sep/2019:12:08:03 -0400] [Client 10] Local authentication certificate not found.
Weiter oben im Protokoll finden sich weitere Fehler. Es folgt eine repräsentative Liste:
E [28/Sep/2019:08:43:57 -0400] Unable to open listen socket for address [v1.::1]:631 - Address already in use.
E [28/Sep/2019:08:43:57 -0400] Unable to open listen socket for address 127.0.0.1:631 - Address already in use.
Für jede Hilfe bei der Diagnose wäre ich dankbar. Vielen Dank.
Meine /etc/cups/cupsd.conf folgt unten.
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Only listen for connections from the local machine.
# Listen localhost:631
Port 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow @local
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow @local
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow @local
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew- Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
Neue Informationen (29.09.2019): cups-browsed befindet sich im Zustand CLOSE-WAIT.
pi@rpi3bp:~ $ sudo ss -lpn | grep -e ":631" -e "Netid"
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 5 *:631 *:* users:(("cupsd",pid=398,fd=9))
tcp LISTEN 0 5 :::631 :::* users:(("cupsd",pid=398,fd=10))
pi@rpi3bp:~ $ ps -ef | grep -e cups -e UID | grep -v grep
UID PID PPID C STIME TTY TIME CMD
root 398 1 0 Sep21 ? 00:00:08 /usr/sbin/cupsd -l
root 15529 1 0 06:25 ? 00:00:00 /usr/sbin/cupsd -l
root 15530 1 0 06:25 ? 00:00:00 /usr/sbin/cups-browsed
lp 15545 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
lp 15546 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
lp 15547 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
pi@rpi3bp:~ $ sudo ss -pn | grep -e "15530" -e "Netid"
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 429953 * 0 users:(("cups-browsed",pid=15530,fd=2),("cups-browsed",pid=15530,fd=1))
u_str ESTAB 0 0 * 430354 * 0 users:(("cups-browsed",pid=15530,fd=6))
u_str ESTAB 0 0 * 430356 * 0 users:(("cups-browsed",pid=15530,fd=8))
tcp CLOSE-WAIT 1 0 ::1:36556 ::1:631 users:(("cups-browsed",pid=15530,fd=4))
tcp CLOSE-WAIT 1 0 ::1:36554 ::1:631 users:(("cups-browsed",pid=15530,fd=3))
Antwort1
Bei genauerer Untersuchung stellte sich heraus, dass zwei cupsd-Prozesse liefen. Das hätte ich in meinem bearbeiteten (neue Informationen vom 29. September 2019) Eintrag oben sehen sollen.
pi@rpi3bp:/etc/cups $ ps -ef | grep cups | grep -v grep
root 398 1 0 Sep21 ? 00:00:14 /usr/sbin/cupsd -l
root 28049 1 0 21:14 ? 00:00:00 /usr/sbin/cupsd -l
root 28050 1 0 21:14 ? 00:00:00 /usr/sbin/cups-browsed
lp 28055 28049 0 21:14 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
Beim Überprüfen von /lib/systemd/system wurden mehrere Einträge für cups angezeigt. Das Entfernen der org.cups.*-Einträge und das Ausführen eines Shutdowns + Neustarts löste das Problem.
pi@rpi3bp:/lib/systemd/system $ ls -l | grep cups
-rw-r--r-- 1 root root 234 Jun 16 2016 cups-browsed.service
-rw-r--r-- 1 root root 142 Aug 21 03:51 cups.path
-rw-r--r-- 1 root root 175 Aug 21 03:51 cups.service
-rw-r--r-- 1 root root 136 Aug 21 03:51 cups.socket
-r--r--r-- 1 root root 152 Apr 7 08:30 org.cups.cupsd.path
-r--r--r-- 1 root root 214 Apr 7 08:30 org.cups.cupsd.service
-r--r--r-- 1 root root 146 Apr 7 08:30 org.cups.cupsd.socket
-r--r--r-- 1 root root 147 Apr 7 08:30 [email protected]
-r--r--r-- 1 root root 148 Apr 7 08:30 org.cups.cups-lpd.socket
Ich habe auch hinzugefügt@local zulassenzur cupsd.conf für < Location /admin/log >