[Impact]
If a print queue is set up with "auth-info-required=negotiate" because the server requires authentication (for example Kerberos) the user is asked for user name and password on every join, instead of the authentication working automatically. This worked correctly in 14.04 and 16.04.
Also setting "AuthType Default" for "/" in cupsd.conf leads to be prompted for a password on commands like "lpatat -a", even for root. Works correctly in Xenial and Cosmic.
[Test Case]
Set up a queue pointing to a Kerberos-authenticated Windows server with "lpadmin ... -o auth-info-required=negotiate ..." OR set "AuthType Default" for "/" in cupsd.conf. When printing or running other commands accessing your print queue you will get prompted for credentials. With the fix the authentication will get automatic again.
[Regression Potential]
Low, as the fix are simple one-line corrections taken from upstream.
[Original report]
Hi,
We have our printers configured to print to a Windows print server. In Ubuntu 14.04 and 16.04 our setup works fine but in 18.04 our setup seems to be acting more like AuthInfoRequired username,password i.e. it prompts for a password when printing rather than using the available Kerberos credentials.
We are using an unaltered cupsd.conf file and are adding printers with the following command:
lpadmin -p "printer" -D "Printer" -L "room" -v "smb://printers.cis.strath.ac.uk/printers" -o Media=A4 -o PageSize=A4 -o printer-error-policy=abort-job -o auth-info-required=negotiate -m "CIS/hp-officejet_pro_476_576_series-ps.ppd"
the smb backend has been linked to /usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper (I've added this the apparmor profile as it's blocked by default) and the permissions on this file changed to 700 (owner root) as per manpage instructions.
When using lp -d printer /tmp/test.txt I get the following response:
Password for myuid on localhost?
Typing my password gets the job accepted to the queue but it does spool to the Windows Print Server and in the error_log file I can see
D [24/Jul/2018:10:33:00 +0100] [Job 45] SMBSPOOL_KRB5 - AUTH_INFO_REQUIRED=negotiate
D [24/Jul/2018:10:33:00 +0100] [Job 45] SMBSPOOL_KRB5 - Started with uid=0
D [24/Jul/2018:10:33:00 +0100] [Job 45] SMBSPOOL_KRB5 - AUTH_UID is not set
As I said earlier this all works perfectly on Xenial and Trusty.
(A similar AuthInfoRequired negotiate setup also works in cups 2.2.5 on MacOS 10.13)
Any ideas how to fix this?
Thanks,
Ian.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: cups 2.2.7-1ubuntu2.1
ProcVersionSignature: Ubuntu 4.15.0-29.31-generic 4.15.18
Uname: Linux 4.15.0-29-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
Date: Tue Jul 24 10:03:57 2018
InstallationDate: Installed on 2018-06-22 (31 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
Lsusb:
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0461:4d81 Primax Electronics, Ltd Dell N889 Optical Mouse
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. OptiPlex 790
Papersize: a4
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz root=/dev/mapper/pd--ig--vg-root ro quiet splash
SourcePackage: cups
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/28/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: 0HY9JP
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 6
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd05/28/2011:svnDellInc.:pnOptiPlex790:pvr01:rvnDellInc.:rn0HY9JP:rvrA00:cvnDellInc.:ct6:cvr:
dmi.product.name: OptiPlex 790
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.
The above setup work fine in Ubuntu 17.10 as well which uses cups 2.2.4