Bug 1700791
Summary: | Printing cannot be authenticated | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Berend De Schouwer <berend.de.schouwer> | ||||
Component: | samba | Assignee: | Guenther Deschner <gdeschner> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 30 | CC: | abokovoy, anoopcs, asn, gdeschner, guina, jarrpa, joukj, jpopelka, jstephen, lmohanty, luca.giuzzi, madam, ngaywood, paullee0, sbose, ssorce, twaugh, zdohnal | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | samba-4.10.5-1.fc30 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2019-07-06 04:08:58 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Berend De Schouwer
2019-04-17 11:46:48 UTC
Addition requirement for workaround: hardcode exit code of smbspool to 0. I got the same problem Applying the work-around of comment 1 I was able to change both AuthInfRequired and Shared again. but in my case it seemed that it did not want to pickup the credentials from the DeviceUri, as it did before the upgrade from F29 to F30. Hi all, I'm sorry for the late response, I was focused on other problems and I had PTO after that. According CUPS upstream samba should take care of it: https://github.com/apple/cups/issues/5573 This should be fixed with: https://bugzilla.samba.org/show_bug.cgi?id=13939 and https://bugzilla.samba.org/show_bug.cgi?id=13832 *** Bug 1705606 has been marked as a duplicate of this bug. *** I have managed to get the authentication to work by hardcoding the url in the smbspool executable. More in detail, I moved /usr/bin/smbspool to /usr/bin/smbspool.true and then added the following script as /usr/bin/smbspool #!/bin/sh cat <&0| /usr/bin/smbspool.true CORRECT_SMB_PATH_TO_USE "$1" "$2" "$3" "$4" "$5" exit 0 where CORRECT_SMB_PATH_TO_USE is an url like smb://username:password@domain/ip_address/queue_name It appears that smbspool (as it was) did not receive the correct smb url. FEDORA-2019-8015e5dc40 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8015e5dc40 samba-4.10.5-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8015e5dc40 I have just updated to samba-4.10.5-1.fc30 but I still have problems with authentication (i.e. the username/password pair is not passed by cups to smbspool). With the fix of comment 6 I can print (but that fix is still needed). CUPS passes the SMB url via the DEVICE_URI to the backend. If you don't enable debug logging in CUPS you wont find out what you're doing wrong. The DEVICE_URI string is passed correctly. The following script works. #!/bin/sh echo $DEVICE_URI >> /tmp/lll cat <&0| /usr/bin/smbspool.true $DEVICE_URI "$1" "$2" "$3" "$4" "$5" exit 0 This is curious. Curioser and curioser, if I set DEVICE_URI from the shell and call directly smbspool.true with somethink like smbspool.true 1 1 1 1 1 file.ps it works as well as cat file.ps | smbspool.true 1 1 1 1 1 I cannot quite figure out what is going on (and debug logging of cups does not seem to suggest anything of relevance). The cups debug log is quite verbose and smbspool has enough debug messages now. My guess would be that AUTH_INFO_REQUIRED is set incorrectly. No...AUTH_INFO_REQUIRED is set correctly (it should be None; cups however rewrites it as negotiate after failure; none the less, with the script above it works also with negotiate) The environment printed by cupsd in the debug log has the following: Jun 25 17:24:00 atum.local cupsd[8800]: envp[23]="DEVICE_URI=smb://dip.unibs.local/10.128.132.101/FollowMe_Dominio" where the authentication tags do not appear. What is passed to smbspool however appears to have DEVICE_URI properly set. This is what puzzles me. Created attachment 1584342 [details]
log file from cups
I attach a debug log from cups; I hope there is everything.
AUTH_INFO_REQUIRED should be username/password or negotiate. From your log file: Jun 25 17:24:00 atum.local cupsd[8800]: This backend requires credentials! Jun 25 17:24:00 atum.local cupsd[8800]: get_exit_code(nt_status=NT_STATUS_ACCESS_DENIED [c0000022]) Jun 25 17:24:00 atum.local cupsd[8800]: ATTR: auth-info-required=none (In reply to Luca Giuzzi from comment #14) > No...AUTH_INFO_REQUIRED is set correctly (it should be None; cups however > rewrites it as negotiate after failure; none the less, with the script above > it works also with negotiate) > The environment printed by cupsd in the debug log has the following: > Jun 25 17:24:00 atum.local cupsd[8800]: > envp[23]="DEVICE_URI=smb://dip.unibs.local/10.128.132.101/FollowMe_Dominio" > where the authentication tags do not appear. What is passed to smbspool > however appears to have DEVICE_URI properly set. This is what puzzles me. Lots of apps strip out username/password when logging. Cups might do this too. samba-4.10.5-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. The problem I mentioned before seems to be fixed, in the sense that with AuthInfoRequired username,password I can print provided I enter the credentials every time. This is the case even if the device uri contains the correct username/password pair; perhaps this is a different problem, though. Please open a new bug against CUPS. The documentation for writing CUPS back-ends is more or less non-existent. Maybe it will shine some light on it. In my case, "Required Credential to print" appears in notification area. Procedures: 1. Install F30 2. Install Printer, searching the local network area, add the printer 3. Print to the network printer 4. "Required Credential to print" F29 has no such problem. |