# Locked out of cups ... please help! [solved]

## orange_juice

Hallo,

I am trying to add a new printer to cups, but it asks for my username and password. Actually, I have forgotten both of them!

How could I set new ones?

Kind regards,

orange_juiceLast edited by orange_juice on Thu Jul 15, 2010 7:36 am; edited 2 times in total

----------

## Jimini

That can be done by running lppasswd. See its manpage for further information.

Best regards,

Jimini

----------

## orange_juice

Thanx for the prompt reply.

```
lppasswd -g sun -a flyer
```

Part of /etc/cups/cupsd.conf

```
# Default authentication type, when authentication is required...

DefaultAuthType Basic

# Restrict access to the server...

<Location />

  Order allow,deny

  Allow localhost

</Location>

# Restrict access to the admin pages...

<Location /admin>

  Encryption Required

  Order allow,deny

  Allow localhost

</Location>

# Restrict access to configuration files...

<Location /admin/conf>

  AuthType Default

  Require user @SYSTEM

  Order allow,deny

  Allow localhost

</Location>

```

Groups that the user belongs to:

```
groups flyer

lp wheel floppy mail audio cdrom video cdrw usb users haldaemon plugdev lpadmin games realtime pulse-access pulse scanner apache sun
```

Final message:

```
/var/log/messages:Jul 14 21:29:09 daedalus cupsd: pam_unix(cups:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=flyer
```

Is there something I am missing?

Kind regards,

orange_juice

*** Edit ***

Grepped the (E)rror messages from /var/log/cups/error_log

```
E [14/Jul/2010:21:52:32 +0300] cupsdAuthorize: pam_authenticate() returned 7 (Authentication failure)!

E [14/Jul/2010:21:52:32 +0300] CUPS-Add-Modify-Printer: Unauthorized
```

**********

----------

## orange_juice

I found the solution ...

```
lppasswd -g lpadmin -a admin
```

I used 

```
DefaultAuthType BasicDigest
```

 

```
AuthType BasicDigest
```

 and I added the 

```
Allow localhost
```

 option wherever possible!

```
sed '/^#\|^$/d' /etc/cups/cupsd.conf

LogLevel info

SystemGroup lpadmin

Listen localhost:631

Listen /var/run/cups/cups.sock

Browsing On

BrowseOrder allow,deny

BrowseAllow all

DefaultAuthType BasicDigest

<Location />

  Order allow,deny

  Allow localhost

</Location>

<Location /admin>

  Encryption Required

  Order allow,deny

  Allow localhost

</Location>

<Location /admin/conf>

  AuthType BasicDigest 

  Require user @SYSTEM

  Order allow,deny

  Allow localhost

</Location>

<Policy default>

  # Job-related operations must be done by the owner or an administrator...

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType BasicDigest

    Require user @SYSTEM

    Order deny,allow

    Allow localhost

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType BasicDigest 

    Require user @SYSTEM

    Order deny,allow

    Allow localhost

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

    Allow localhost

  </Limit>

  <Limit All>

    Order deny,allow

    Allow localhost

  </Limit>

</Policy>
```

Kind regards,

orange_juice

----------

