[opensuse] Printer cups, pam and samba authentication problems
- From: Marc Chamberlin <marc@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 12 Jul 2009 20:38:01 -0700
I guess I must be missing something so need some wonderful guru to bail me out... I am back at one of my most abhorrent tasks at the moment, trying to set up computers around my home/small business network to use a printer attached to a Windoz box. Every time I have to do this, or something similar, it usually involves several days of debugging and lots of cursing at all the incomprehensible layers of security and obtuse or lack of documentation that goes with it. And once again I am stumped...
So to boil all this down to a simple example, I have a printer attached to a Windoz box and all of my Windoz machines can use it just fine. All my computers are attached to a simple single network. Trouble is that for Linux, I have to supply CUPS with a special printer driver, from Turboprint, to handle the formatting of data before passing it on to the Windoz machine for printing out. So I have one SuSE 11.0 machine acting as my print server, and I WANT all my other SuSE machines to send their print requests to this central SuSE print server. All are running either SuSE11.0 or 11.1 with KDE 3.5 (I tried KDE4.0 and had so many other problems that I had to give up on it.)
The print server has CUPS set up an running, and it alone can successfully send documents to the Windoz computer and print things out on the Windoz printer. So I know I do not have a network/firewall issue between the SuSE printer server itself and the Windoz box.
For all the rest of my SuSE machines, I have tried and tried and tried to use Yast to configure each one to "Do all my printing directly via one remote CUPS server" and when configured and testing the remote IPP access, I get a report that there it is successful in connecting to the CUPS server. To bad that YaST does not supply an actual print a test page button for this mode however!!!! That is the real proof in the pudding that one has successfully set things up, but apparently some brain dead designer dropped the ball on that one... (It does supply a print test page button for local CUPS servers, so the designer(s) of YaST got it half right at least)
So next I go and try to use an application to print something out.. Zilch! nadda, no joy.. Looking in the cups error.log file all I get is brain dead message telling me that an authentication failure occurred. HUMP! More hours of investigation later I try to use the KDE configuration manager, on one of the client machines, to see if KDE is somehow interfering with my ability to print out remotely from my SuSE machines, and when I use it's Print Test Page VIOLA! up pops a dialog box asking me for the password for ROOT!!! So I give it the Root's password for the SuSE printer server and VIOLA! Out comes a test page from the Windoz machine's attached printer!!! Another experiment revels that this dialog box only comes up when I place the KDE configuration manager in administrator mode. And a third experiment revels that it ONLY works for ROOT and not for any other valid users (including myself) of the SuSE computer acting as a printer server.
WELL GOOD GRIEF!!! This seems to indicate there may be a massive design flaw! If the CUPS server is asking for a user name and password to authenticate a remote request to print something, THEN WHY OH WHY AM I NOT BEING PRESENTED WITH THIS SAME DIALOG BOX EVERY TIME, from any application, to give the cups server a valid user name and password??? What is worse though, is that apparently ONLY ROOT is a valid user of the remote CUPS server, authorized with the remote ROOT's password, to print things out!
I search for answers on the server side as well and my research revealed that some monstrosity called PAM is SUPPOSED to be handling the authentication processes. But I think it is ONLY the designers and perhaps someone with a PhD who will be capable of understanding and configuring that mess without receiving outside help. My attempt to do so only left me with a splitting headache! Whatever happened to the KISS principal in user interfaces and client/server model view control frameworks? Object Oriented design of architectures? Use case studies? Nowhere in Yast or the KDE manager, on either the server or client side, can I find a place to enter valid user name/password(s) for using a remote CUPS server, nor is there anyplace in the CUP'S web administrator, and if the apps themselves are not asking for it, via a common dialog utility, then HOW IN THE WORLD AM I SUPPOSE TO AUTHENTICATE MYSELF TO A REMOTE CUPS SERVER?
I have tried other approaches as well, such as setting up my SuSE boxes to connect to the Samba server on the SuSE printer server, and have Samba handle to authentication/connection to CUPs but nada, zilch, and no joy there either. FRICK! WHAT A MESS!
To make all this even harder, is that there is very little, easy to understand, documentation about the underlying models of how authentication takes place, how Samba, CUPs, and PAM interplay and it appears each is following an authentication model that is uniquely it's own.. And I cannot find any diagnostic tools anywhere for following the authentication process... Nor is there much documentation on how Yast and KDE work to set up printers.. For example, 80% of the time clicking on the help button in the printer setup menus of YaST, results in a blank help dialog coming up! So God only knows what some of the settings actually do or mean! ....
So like I said, I am at wits end and need a kind guru to help bail me out! Any takers? Many thanks in advance and sorry if I sound a bit frustrated.. I HATE setting up printers, firewalls and networks in general, regardless of whether it is Windoz, Linux, Macs or Unix OS's; it ALWAYS turns out to be far more difficult than it should be, mostly due to all these layers and layers of obscure complex security features... Might be a good thing to have good security, but IMHO this growing incoherent design is breaking the usability of SuSE/Linux. I OUGHT to be the one in command of these machines but right now I feel like I am a General over a battalion of anarchist mutineers!
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Re: [opensuse] Printer cups, pam and samba authentication problems
- From: Carlos E. R.
- Re: [opensuse] Printer cups, pam and samba authentication problems
- Prev by Date: [opensuse] 11.0 - New Install - why cpio bad magic on packages???
- Next by Date: Re: [opensuse] 11.0 - New Install - why cpio bad magic on packages???
- Previous by thread: [opensuse] 11.0 - New Install - why cpio bad magic on packages???
- Next by thread: Re: [opensuse] Printer cups, pam and samba authentication problems