| View previous topic :: View next topic |
| Author |
Message |
javeree
Guru
Joined: 29 Jan 2006
Posts: 453
|
 Posted: Mon Apr 02, 2012 10:06 pm Post subject: cups-lpd and xinetd fails. how to debug |
 |
|
I have cups running (and printing)
I can print from command line using e.g. echo 'Hello' | lpr
I set up cups-lpd as follows:
cat /etc/xinetd.d/cups-lpd
| Quote: | service printer
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = lp
group = lp
passenv =
server = /usr/libexec/cups/daemon/cups-lpd
server_args = -o document-format=application/octet-stream
}
|
but get:
Apr 02 23:31:34 [xinetd] START: printer pid=26571 from=192.168.0.51
Apr 02 23:31:34 [xinetd] FAIL: printer address from=192.168.0.51
Apr 02 23:31:34 [xinetd] EXIT: printer status=0 pid=26571 duration=0(sec)
Obviously cups-lpd fails somehow, but I cannot see in any logs anywhere. Is there some setting to add to get cups-lpd to log more verbosely ? |
|
| Back to top |
|
 |
jhfecchio
n00b
Joined: 10 Dec 2014
Posts: 5
|
| Posted: Wed Dec 10, 2014 3:25 pm Post subject: |
|
|
I got the same error:
[bug]
# tail -f /var/log/messages
Dec 10 13:01:27 Sofocles xinetd[27384]: START: printer pid=27426 from=192.168.0.10
Dec 10 13:01:27 Sofocles xinetd[27426]: FAIL: printer address from=192.168.0.10
Dec 10 13:01:27 Sofocles xinetd[27384]: EXIT: printer status=0 pid=27426 duration=0(sec)
[/bug]
According to the cups-lpd manual:
| Quote: | SECURITY
cups-lpd currently does not perform any access control based on the settings in
cupsd.conf(5) or in the hosts.allow(5) or hosts.deny(5) files used by TCP wrappers.
Therefore, running cups-lpd on your server will allow any computer on your network
(and perhaps the entire Internet) to print to your server.
While xinetd has built-in access control support, you should use the TCP wrappers
package with inetd to limit access to only those computers that should be able to
print through your server. |
Then, you can see from XINETD running in foregroud that it is accepting only connections from localhost AKA you HOST (see below):
| Code: | # xinetd -d
Service defaults
Instances = 50
Groups = yes
umask = 2
CPS = max conn:50 wait:10
PER_SOURCE = 10
Bind = All addresses.
Only from: localhost(HOST)
No access: No blocked sites
Logging to syslog. Facility = daemon, level = info
Log_on_success flags = HOST DURATION EXIT PID
Log_on_failure flags = HOST
Service configuration: printer
id = printer
flags = IPv4
socket_type = stream
Protocol (name,number) = (tcp,6)
port = 515
wait = no
user = 4
group = 7
Groups = yes
umask = 2
PER_SOURCE = 10
Bind = All addresses.
Server = /usr/libexec/cups/daemon/cups-lpd
Server argv = cups-lpd -o document-format=application/octet-stream
Only from: localhost(HOST)
No access: No blocked sites
Logging to syslog. Facility = daemon, level = info
Log_on_success flags = HOST DURATION EXIT PID
Log_on_failure flags = HOST
Passenv =
Environment strings: |
So now, you can edit the file /etc/xinetd.conf and insert another IP address or network:
| Code: | #
# This is the master xinetd configuration file. Settings in the
# default section will be inherited by all service configurations
# unless explicitly overridden in the service configuration. See
# xinetd.conf in the man pages for a more detailed explanation of
# these attributes.
defaults
{
# The next two items are intended to be a quick access place to
# temporarily enable or disable services.
#
# enabled =
# disabled =
# Define general logging characteristics.
log_type = SYSLOG daemon info
log_on_failure = HOST
log_on_success = PID HOST DURATION EXIT
# Define access restriction defaults
#
# no_access =
only_from = localhost,192.168.0.10 (YOUR IP ADDRESS WHERE THE PRINTER IS CONNECTED)
# max_load = 0
cps = 50 10
instances = 50
per_source = 10
# Address and networking defaults
#
# bind =
# mdns = yes
v6only = no
# setup environmental attributes
#
# passenv =
groups = yes
umask = 002
# Generally, banners are not used. This sets up their global defaults
#
# banner =
# banner_fail =
# banner_success =
}
includedir /etc/xinetd.d |
When trying to print another error comes up:
Dec 10 13:03:22 Sofocles xinetd[27429]: START: printer pid=27469 from=192.168.0.10
Dec 10 13:03:22 Sofocles cups-lpd[27469]: Connection from webspg.tjgo.gov (IPv4 192.168.0.10)
Dec 10 13:03:22 Sofocles cups-lpd[27469]: Receive print job for lp0
Dec 10 13:03:22 Sofocles cups-lpd[27469]: Rejecting job because "lp0" is not shared
Dec 10 13:03:22 Sofocles cups-lpd[27469]: Closing connection
Now you need to modify your printer under CUPS (The name of my printer is lp0) and click the box "share this printer".
Finally, everything goes fine:
| Code: |
# tail -f /var/log/messages
Dec 10 13:04:51 Sofocles xinetd[27429]: START: printer pid=27518 from=192.168.0.10
Dec 10 13:04:51 Sofocles cups-lpd[27518]: Connection from webspg.tjgo.gov (IPv4 192.168.0.10)
Dec 10 13:04:51 Sofocles cups-lpd[27518]: Receive print job for lp0
Dec 10 13:04:51 Sofocles gnome-session[2271]: /usr/share/system-config-printer/applet.py:342: Warning: Source ID 17 was not found when attempting to remove it
Dec 10 13:04:51 Sofocles gnome-session[2271]: GLib.source_remove (self.timer)
Dec 10 13:04:51 Sofocles cups-lpd[27518]: Print file - job ID = 114
Dec 10 13:04:51 Sofocles systemd[1]: Started CUPS Printing Service.
Dec 10 13:04:51 Sofocles cups-lpd[27518]: Closing connection
Dec 10 13:04:51 Sofocles xinetd[27429]: EXIT: printer status=0 pid=27518 duration=0(sec)
Dec 10 13:05:01 Sofocles systemd[1]: Started CUPS Printing Service. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
