Bug 428992 - Problem using remote CUPS server with encryption
Problem using remote CUPS server with encryption
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gtk2 (Show other bugs)
5.1
All Linux
medium Severity medium
: rc
: ---
Assigned To: Benjamin Otte
desktop-bugs@redhat.com
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-16 12:13 EST by Steve Cleveland
Modified: 2015-04-27 11:01 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-02 09:22:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Cleveland 2008-01-16 12:13:16 EST
Description of problem:

When using a remote CUPS server with encryption enabled, applications using the
GTK+ print dialog don't see any printers.

Version-Release number of selected component (if applicable):

gtk2-2.10.4-19.el5

(As far as I know, this was probably happening with rhel 5.0 as well as 5.1)

How reproducible:

Consistent

Steps to Reproduce:
1. CUPS server setup with SSL
2. Client setup with /etc/cups/client.conf:
/etc/cups/client.conf:

ServerName printserv.domain.com
Encryption Required

3. Try to print from an application using the GTK+ print dialog
  
Actual results:

Only the "Print to File" printer is listed.

Expected results:

I should see the list of printers on the remote CUPS server

Additional info:

Applications not using the GTK+ print dialog see all of the printers just fine
(Firefox, Acrobat Reader, etc).  It's only applications like Evince and OpenOffice.

One interesting piece of information with OpenOffice.  While I don't see the
printers listed in the print dialog, if I go to Options, I see the printers
listed in the Fax drop down list.
Comment 1 Marek Kašík 2008-04-24 07:06:54 EDT
Hello Steve,
could you try to insert line "Port 443" (https port) into /etc/cups/cupsd.conf
on the remote cups server, permit communication on port 443 in the firewall of
the remote server and insert ":443" behind "printserv.domain.com" in your local
/etc/cups/client.conf?
Does it work now?

  Regards

    Marek
Comment 2 Steve Cleveland 2008-04-24 11:59:14 EDT
Before I mess with our print server, it has "SSLPort 443" in
/etc/cups/cupsd.conf.  Is that what you're after?  We use the SSL port to manage
printers and such, so SSL is working on port 443.

I tried adding :443 to the end of ServerName on my client and set encryption
back to required.

Using evince, I now see the list of printers, but when I select one, the app
hangs for a while and the "Print" button stays grayed out.
Comment 3 Marek Kašík 2008-04-25 05:33:03 EDT
Could you post /etc/cups/cupsd.conf and result of "lpstat -l -t" here?

  Thanks

    Marek
Comment 4 Marek Kašík 2008-04-25 05:38:10 EDT
I meant /etc/cups/cupsd.conf from the remote server.

  Marek
Comment 5 Steve Cleveland 2008-04-28 12:31:32 EDT
This is all of the uncommented lines from /etc/cups/cupsd.conf on the remote
print server:
-------------------

ServerName printserv.domain.com
ServerAdmin support@domain.com
LogFilePerm 0600
MaxLogSize 2000000000
LogLevel warn
Printcap /etc/printcap
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
Port 631
SSLPort 443
ImplicitClasses Off
SystemGroup hplab
<Location />
  Order Deny,Allow
  Deny From All
  Allow from 10.0.0.0/255.0.0.0
  Allow From 127.0.0.1
</Location>
<Location /jobs>
  AuthType Basic
  AuthClass System
</Location>
<Location /printers>
</Location>
<Location /admin>
  AuthType Basic
  AuthClass Group
  AuthGroupName support
  Order Deny,Allow
  Deny From All
  Allow from 10.0.0.0/255.0.0.0
  Allow From 127.0.0.1
</Location>
Browsing Off

Abbreviated output for lpstat -l -t (we have 109 printers and about 10 classes)
-------------------
scheduler is running
system default destination: academy-prn
members of class dear115:
        dear115-prn1
        dear115-prn2
device for academy-prn: socket://academy-prn.domain.com:9100
device for dear115-prn1: cupspykota:socket://dear115-prn1.domain.com:9100
device for dear115-prn2: cupspykota:socket://dear115-prn2.domain.com:9100
academy-prn accepting requests since Wed Dec 31 16:00:00 1969
dear115-prn1 accepting requests since Wed Dec 31 16:00:00 1969
dear115-prn2 accepting requests since Wed Dec 31 16:00:00 1969
printer academy-prn is idle.  enabled since Wed Dec 31 16:00:00 1969
        Form mounted:
        Content types: any
        Printer types: unknown
        Description: HP LJ 4050
        Alerts: none
        Location: Bat 245
        Connection: direct
        Interface: /etc/cups/ppd/academy-prn.ppd
        On fault: no alert
        After fault: continue
        Users allowed:
                @outreach
        Forms allowed:
                (none)
        Banner required
        Charset sets:
                (none)
        Default pitch:
        Default page size:
        Default port settings:
printer dear115-prn1 is idle.  enabled since Wed Dec 31 16:00:00 1969
        Form mounted:
        Content types: any
        Printer types: unknown
        Description: dearborn 115
        Alerts: none
        Location: Dearborn 115
        Connection: direct
        Interface: /etc/cups/ppd/dear115-prn1.ppd
        On fault: no alert
        After fault: continue
        Users allowed:
                (all)
        Forms allowed:
                (none)
        Banner required
        Charset sets:
                (none)
        Default pitch:
        Default page size:
        Default port settings:
printer dear115-prn2 is idle.  enabled since Wed Dec 31 16:00:00 1969
        Form mounted:
        Content types: any
        Printer types: unknown
        Description: dearborn 115
        Alerts: none
        Location: Dearborn 115
        Connection: direct
        Interface: /etc/cups/ppd/dear115-prn2.ppd
        On fault: no alert
        After fault: continue
        Users allowed:
                (all)
        Forms allowed:
                (none)
        Banner required
        Charset sets:
                (none)
        Default pitch:
        Default page size:
        Default port settings:
Comment 6 Steve Cleveland 2008-04-28 13:41:21 EDT
A little more information.  With these settings in client.conf:

ServerName printserv.domain.com:443
Encryption Required

In evince, when I go to file->print, I see all of the printers.  My earlier post
said the "Print" option was grayed out.  Playing with it some more, it appears
some printers are grayed out, some are not.  Even two in the same "class"
(dear115-prn1 and dear115-prn2 from my lpstat output above), one is grayed out,
the other is not.  If I click around enough, the behavior will change and a
printer that worked before won't work.  But if I click on it again, it will.

And if it's not grayed out, I am able to print to it just fine.

As a side-note, it appears my printer "classes" don't show up with gtk+ printing
either.  That's the same regardless of the encryption setting.  This may be
documented somewhere else, I haven't checked.
Comment 7 Marek Kašík 2008-04-30 10:37:31 EDT
Which version of Red Hat Enterprise Linux do you have installed on the remote
server?
Comment 8 Steve Cleveland 2008-04-30 11:43:17 EDT
Server is RHEL4.6.  Cups: cups-1.1.22-0.rc1.9.20.2.el4_5.2
Client is RHEL5.1   Cups: cups-1.2.4-11.14.el5_1.6
Comment 9 Marek Kašík 2008-05-16 08:00:33 EDT
Hi Steve,
I found something what can help us with this problem, finally. (Yes, it took
some time.)
Could you try to swap the 2 lines containing the port numbers in the cupsd.conf
of the remote server and restart the cups server?

Port 631
SSLPort 443

   |
   |
  \|/
   v

SSLPort 443
Port 631

Leave the port number 443 specified in your /etc/cups/client.conf.

  Regards

    Marek
Comment 13 RHEL Product and Program Management 2009-03-26 13:19:12 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 16 RHEL Product and Program Management 2014-03-07 08:54:25 EST
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 17 RHEL Product and Program Management 2014-06-02 09:22:28 EDT
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).
Comment 18 Steve Cleveland 2015-04-27 11:01:10 EDT
closing is fine.

Note You need to log in before you can comment on or make changes to this bug.