# CUPS issues

## shimitar

Ok, guys, what is wrong with cups these days?

i am missing something, or things are going a bit awoc?

Last time i set it up (ok, a FEW years ago) everything just worked, mostly. I remember setting up a CUPS server with an USB attached epson printer. Set up the printer on the server, enable share of the printer, then go on the client machine, open cups web interfce, find the printer as shared and install it.

Fast-forward to today, i have CUPS fresh install on my server, a new HP multifunction configured and working with HPLIP package. Printer is shared.

On the client, no way to find the shared printer.

I try to connect it, via SAMBA, IPP, HTPP, whatever... no way, it does not print anything, with the most various list of errors...

What got into CUPS???

----------

## tomtom69

I do not fully understand the problem.

You say that on the server cups is installed.

Is the cups web frontend (port 631 of your server IP) accessible by a browser at the server, and at the client, too?

Can you print a test page using cups web frontend on your server?

----------

## shimitar

Yes, printing from the server works perfectly. It's the client, I cannot make it print...

----------

## tomtom69

Are you able to connect to the server's cups web frontend from a browser running on the client (adress is serverip:631)?

The access permissions can be set using the web frontend. You need to allow access to the printer and remote administration at the server side. Use the subpage "administration" from the cups web frontend to set server settings accordingly.

----------

## shimitar

Yes i am able to see the cups on the server from the client.

The only thing i am not able to see from the client is a printer on the server. I can see it from the web interface of the server (from the client), but no way i can see the (Shared) server printer from my client cups...

----------

## tomtom69

Cups uses tcp port 631 which seems to work on your network.

However cups also uses udp port 631 to discover printers. Is any kind of firewall or filter installed that suppresses udp port 631 communication?

You could also start the service "cups-browsed" on the server and also on the client machine in order to help to discover printers

(use "rc-update add cups-browsed default" to start it automatically during boot)

If this doesn't help: Could you post your /etc/cups/cupsd.conf and /etc/cups/client.conf of both server and client machine?

----------

## shimitar

Both machines are ont he same LAN. Both are gentoo linux installed by me with no iptables or other thing. There should be no UDP filter or firewll or router issue.

I have no cups-browserd on the server... but i have it on the client. I will try to start it on the client.

Server:

```

me@server /etc/cups $ cat cupsd.conf

#

# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a

# complete description of this file.

#

# Log general information in error_log - change "warn" to "debug"

# for troubleshooting...

LogLevel warn

PageLogFormat

# Only listen for connections from the local machine.

Listen *:631

Listen /run/cups/cups.sock

# Show shared printers on the local network.

Browsing On

BrowseLocalProtocols

# Default authentication type, when authentication is required...

DefaultAuthType Basic

# Web interface setting...

WebInterface Yes

# Restrict access to the server...

<Location />

  Order allow,deny

  Allow from 192.168.1.*

</Location>

# Restrict access to the admin pages...

<Location /admin>

  Order allow,deny

  Allow from 192.168.1.*

</Location>

# Restrict access to configuration files...

<Location /admin/conf>

  AuthType Default

  Require user @SYSTEM

  Order allow,deny

  Allow from 192.168.1.*

</Location>

# Set the default printer/job policies...

<Policy default>

  # Job/subscription privacy...

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

# Set the authenticated printer/job policies...

<Policy authenticated>

  # Job/subscription privacy...

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    AuthType Default

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

me@server /etc/cups $ cat client.conf

ServerName /run/cups/cups.sock

```

Client:

```

me@client # cat cupsd.conf

#

# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a

# complete description of this file.

#

# Log general information in error_log - change "warn" to "debug"

# for troubleshooting...

LogLevel warn

PageLogFormat

# Only listen for connections from the local machine.

Listen localhost:631

Listen /run/cups/cups.sock

# Show shared printers on the local network.

Browsing On

BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...

DefaultAuthType Basic

# Web interface setting...

WebInterface Yes

# Restrict access to the server...

<Location />

  Order allow,deny

</Location>

# Restrict access to the admin pages...

<Location /admin>

  Order allow,deny

</Location>

# Restrict access to configuration files...

<Location /admin/conf>

  AuthType Default

  Require user @SYSTEM

  Order allow,deny

</Location>

# Set the default printer/job policies...

<Policy default>

  # Job/subscription privacy...

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

# Set the authenticated printer/job policies...

<Policy authenticated>

  # Job/subscription privacy...

  JobPrivateAccess default

  JobPrivateValues default

  SubscriptionPrivateAccess default

  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...

  <Limit Create-Job Print-Job Print-URI Validate-Job>

    AuthType Default

    Order deny,allow

  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  # All administration operations require an administrator to authenticate...

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # All printer operations require a printer operator to authenticate...

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    AuthType Default

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

me@client # cat client.conf

ServerName /run/cups/cups.sock

```

Cups is 2.0.3 with zeroconf use flag on both server and client.

----------

## tomtom69

On my (workung) setup I have some different settings in the config files:

server, /etc/cups/cupsd.conf

(1)

Listen 127.0.0.1:631

Listen 192.168.1.1:631 

(instead of Listen *:631, 192.168.1.1 is the server IP)

(2) 

"BrowseAllow all" at the "# Show shared printers" section

(3)

"Allow" statements (several of them) without "from", i.e. "Allow 192.168.1.*" instead of "Allow from 192.168.1.*"

(4) 

Section "Limit All": I also have an "Allow 192.168.1.*" statement there to allow access from my local network

client, /etc/cups/client.conf:

Here I specify only the server by

ServerName 192.168.1.1

In addition I have the client's users also present as user accounts on the server.

I assume one or more of the differences could cause the problem, however I cannot say which one...

----------

## shimitar

I changed my files so to be like yours, but no luck. I still don't see the server printers from the client...

What could be wrong? I thinnk i am a bit stupid...

----------

## tomtom69

This is really strange...

What happens if you manually add the printer on the client?

(select ipp as protocol and select "ipp://192.168.1.1/myprinter" with your server IP instead of 192.168.1.1 as connection URI, and your printer name instead of myprinter)

If errors occur, you can set "LogLevel debug" on your server's /etc/cups/cupsd.conf and retry to print a test page.

/var/log/cups/error.log should then give more information on what went wrong.

----------

## charles17

 *shimitar wrote:*   

> I changed my files so to be like yours, but no luck. I still don't see the server printers from the client...

 

shimitar, how are you doing printer detection?

What is your output of (as root) lpinfo?  *Quote:*   

> # lpinfo -l -v

 

----------

## shimitar

On the client i am trying to add the priner from the web interface and i would like to have it detected automatically, not input the URI manually myself.

As the for "lpinfo" command:

On the server:

```

me@server ~ #  lpinfo -l -v

Dispositivo: uri = ipp

             classe = network

             info = Internet Printing Protocol (ipp)

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = https

             classe = network

             info = Internet Printing Protocol (https)

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = lpd

             classe = network

             info = LPD/LPR Host o stampante

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = cups-pdf:/

             classe = file

             info = CUPS-PDF

             marca-e-modello = Virtual PDF Printer

             device-id = MFG:Generic;MDL:CUPS-PDF Printer;DES:Generic CUPS-PDF Printer;CLS:PRINTER;CMD:POSTSCRIPT;

             posizione =

Dispositivo: uri = smb

             classe = network

             info = Windows Printer via SAMBA

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = socket

             classe = network

             info = AppSocket/HP JetDirect

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = usb://HP/Photosmart%20C4400%20series?serial=TH96GH51V505BN&interface=1

             classe = direct

             info = HP Photosmart C4400 series

             marca-e-modello = HP Photosmart C4400 series

             device-id = MFG:HP;MDL:Photosmart C4400 series;CMD:MLC,PCL,PML,DW-PCL,DESKJET,DYN;1284.4DL:4d,4e,1;CLS:PRINTER;DES:Q8388B;SN:TH96GH51V505BN;S:038000C484001021002c180000ac2880046;J:                    ;Z:0102,0503e809014649,0600,0c0,0e00000000,0f00000000,10000000000000,12000,143,150;

             posizione =

Dispositivo: uri = ipps

             classe = network

             info = Internet Printing Protocol (ipps)

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = http

             classe = network

             info = Internet Printing Protocol (http)

             marca-e-modello = Unknown

             device-id =

             posizione =

Dispositivo: uri = hp:/usb/Photosmart_C4400_series?serial=TH96GH51V505BN

             classe = direct

             info = HP Photosmart C4400 series USB TH96GH51V505BN HPLIP

             marca-e-modello = HP Photosmart C4400 series

             device-id = MFG:HP;MDL:Photosmart C4400 series;CLS:PRINTER;DES:Photosmart C4400 series;SN:TH96GH51V505BN;

             posizione =

```

On the client, instead, it asks me the root password of the server (! due to the change in the client.conf file? but i don't want ask the password...). If i put the password i get exactly the same list as on the server.

If i switch back to 127.0.01 as client.conf i get:

```

me@client ~ #  lpinfo -l -v

Device: uri = smb

        class = network

        info = Windows Printer via SAMBA

        make-and-model = Unknown

        device-id =

        location =

Device: uri = socket

        class = network

        info = AppSocket/HP JetDirect

        make-and-model = Unknown

        device-id =

        location =

Device: uri = lpd

        class = network

        info = LPD/LPR Host or Printer

        make-and-model = Unknown

        device-id =

        location =

Device: uri = http

        class = network

        info = Internet Printing Protocol (http)

        make-and-model = Unknown

        device-id =

        location =

Device: uri = ipp

        class = network

        info = Internet Printing Protocol (ipp)

        make-and-model = Unknown

        device-id =

        location =

Device: uri = https

        class = network

        info = Internet Printing Protocol (https)

        make-and-model = Unknown

        device-id =

        location =

Device: uri = ipps

        class = network

        info = Internet Printing Protocol (ipps)

        make-and-model = Unknown

        device-id =

        location =

```

----------

## charles17

 *shimitar wrote:*   

> On the client i am trying to add the priner from the web interface and i would like to have it detected automatically, not input the URI manually myself.
> 
> As the for "lpinfo" command:
> 
> On the server:
> ...

 Is this the printer of this topic?

 *shimitar wrote:*   

> On the client, instead, it asks me the root password of the server (! due to the change in the client.conf file? but i don't want ask the password...). If i put the password i get exactly the same list as on the server.

 

Sounds like an authorization issue.  And should behave the same with web interface.  Did the web interface prompt you for the admin password?

----------

## shimitar

Yes its the printer of the topic...

And, no, th e web interface does not ask for auth when looking for printer only when modofiyng a printer.

----------

## charles17

 *shimitar wrote:*   

> Yes its the printer of the topic...
> 
> And, no, th e web interface does not ask for auth when looking for printer only when modofiyng a printer.

 

See the note in that older version of wiki article.

Guess you could trigger the password prompt if you tried to modify an attached printer.

----------

## shimitar

I will try later on this evening... thanks.

----------

