[aclug-L] More on printer error
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
I mention before that though I've set up lprng and I think the permissions
correctly my machine won't accept print requests from other machines on
the network
I get the message from the macnine I'm trying to print remotely:
ampere:/# lpq -P taylor
ampere: waiting for queue to be enabled on taylor
Rank Owner Job Files Total Size
1st root 646 /etc/printcap 2639 bytes
2nd root 647 /etc/printcap 2639 bytes
lp2@taylor (forwarding to raw@xxxxxxxxxxxxxxxxxxx)
JetDirect lpd: no entries
I have attached my /etc/lpd.perms, and from /etc/printcap from both
machines
/etc/lpd.perms
###########################################################################
# LPRng - An Extended Print Spooler System
#
# Copyright 1988-1995 Patrick Powell, San Diego, CA
# papowell@xxxxxxxxxx
# See LICENSE for conditions of use.
#
###########################################################################
# MODULE: TESTSUPPORT/lpd.perms.proto
# PURPOSE: prototype printer permissions file
# lpd.perms,v 3.7 1998/03/24 02:43:22 papowell Exp
##########################################################################
# Printer permissions data base
## #
## LPRng - An Enhanced Printer Spooler
## lpd.perms file
## Patrick Powell <papowell@xxxxxxxxxx>
##
## Access control to the LPRng facilities is controlled by entries
## in a set of lpd.perms files. The common location for these files
## are: /etc/lpd.perms, /usr/etc/lpd.perms, and /var/spool/lpd/lpd.perms.
## The locations of these files are set by the perms_path entry
## in the lpd.conf file or by compile time defaults in the src/common/defaults.c
## file. In addition to the global permissions files, each spool queue
## can also have a permissions file. This file is searched when information
## or operations on a specific printer is requested.
##
## Each time the lpd server is given a user request or carries out an unspooling
## operation, it searches to the perms files to determine if the action
## is ACCEPT or REJECT. The first ACCEPT or REJECT found terminates the search.
## If none is found, then the last DEFAULT action is used.
##
## Permissions are checked by the use of 'keys' and matches. For each of
## the following LPR activities, the following keys have a value.
##
## Key Match Connect Job Job LPQ LPRM LPC
## Spool Print
## SERVICE S 'X' 'R' 'P' 'Q' 'M' 'C,S'
## USER S - JUSR JUSR JUSR JUSR JUSR
## HOST S RH JH JH JH JH JH
## GROUP S - JUSR JUSR JUSR JUSR JUSR
## IP IP RIP JIP JIP RIP JIP JIP
## PORT N PORT PORT - PORT PORT PORT
## REMOTEUSER S - JUSR JUSR JUSR CUSR CUSR
## REMOTEHOST S RH RH JH RH RH RH
## REMOTEGROUP S - JUSR JUSR JUSR CUSR CUSR
## REMOTEIP IP RIP RIP JIP RIP RIP RIP
## CONTROLLINE S - CL CL CL CL CL
## PRINTER S - PR PR PR PR PR
## FORWARD V - SA - - SA SA
## SAMEHOST V - SA - SA SA SA
## SAMEUSER V - - - SU SU SU
## SERVER V - SV - SV SV SV
##
## KEY:
## JH = HOST host in control file
## RH = REMOTEHOST connecting host name
## JUSR = USER user in control file
## CUSR = REMOTEUSER user from control request
## JIP= IP IP address of host in control file
## RIP= REMOTEIP IP address of requesting host
## PORT= connecting host origination port
## CONTROLLINE= pattern match of control line in control file
## FW= IP of source of request = IP of host in control file
## SA= IP of source of request = IP of host in control file
## SU= user from request = user in control file
## SA= IP of source of request = IP of server host
##
## Match: S = string with wild card, IP = IPaddress[/netmask],
## N = low[-high] number range, V= matching or compatible values
## SERVICE: 'X' - Connection request; 'R' - lpr request from remote host;
## 'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request;
## 'C' - lpc spool control request; 'S' - lpc spool status request
## NOTE: when printing (P action), the remote and job check values
## (i.e. - RUSR, JUSR) are identical.
##
##
## The SAMEHOST match checks to see that one (or more) of the
## IP addresses of the host originating the request are the
## same as one or more of the IP addresses of the host whose
## hostname appears in the control file.
## The SERVER match checks to see if one (or more) of the
## IP addresses of the host originating the request are the
## same as one or more of the IP addresses of the server or
## match the localhost's IP address. Note that in IPV6, there may
## be multiple IP addresses for a single host.
## The FORWARD checks to see that all of the IP addresses of the
## IP addresses of the host originating the request are not the
## same as one or more of the IP addresses of the host whose
## hostname appears in the control file. This is equivalent to
## NOT SAMEHOST
##
## The special key letter=patterns searches the control file
## line starting with the (upper case) letter, and is usually
## used with printing and spooling checks. For example,
## C=A*,B* would check that the class information (i.e.- line
## in the control file starting with C) had a value starting
## with A or B.
##
## A permission line consists of list of tests and an a result value
## If all of the tests succeed, then a match has been found and the
## permission testing completes with the result value. You use the
## DEFAULT reserved word to set the default ACCEPT/DENY result.
## The NOT keyword will reverse the sense of a test.
##
## Each test can have one or more optional values separated by
## commas. For example USER=john,paul,mark has 3 test values.
##
## The Match type specifies how the matching is done.
## S = string type match - string match with glob.
## Format: string with wildcards (*)
## * matches 0 or more chars
## Character comparison is case insensitive.
## For example - USER=th*s matches uTHS, This, This, Theses
##
## IP = IP address and submask. IP address must be in dotted form.
## Format: x.x.x.x[/y.y.y.y] x.x.x.x is IP address
## y.y.y.y is optional submask, default is 255.255.255.255
## Match is done by converting to 32 bit x, y, and IP value and using:
## success = ((x ^ IP ) & y) == 0 (C language notation)
## i.e.- only bits where mask is non-zero are used in comparison.
## For example - REMOTEIP=130.191.0.0/255.255.0.0 matches all address
130.191.X.X
##
## N = numerical range - low-high integer range.
## Format: low[-high]
## Example: PORT=0-1023 matches a port in range 0 - 1023 (privileged)
##
## The SAMEUSER and SAMEHOST are options that form values from information
## in control files or connections. The GROUP entry searches the user group
## database for group names matching the pattern, and then searches these
## for the user name. If the name is found, the search is successful.
## The SERVER entry is successful if the request originated from the current
## lpd server host.
##
## Note carefully that the USER, HOST, and IP values are based on values found
## in the control file currently being checked for permissions. The
## REMOTEUSER, REMOTEHOST, and REMOTEIP are based on values supplied as part
## of a connection to the LPD server, or on the actual TCP/IP connection.
##
## Example Permissions
##
## # All operations allowed except those specifically forbidden
DEFAULT ACCEPT
##
## #Reject connections from hosts not on subnet 130.191.0.0
## # or Engineering pc's
## REJECT SERVICE=X NOT REMOTEIP=130.191.0.0/255.255.0.0
## REJECT SERVICE=X NOT REMOTEHOST=engpc*
##
## #Do not allow anybody but root or papowell on
## #astart1.astart.com or the server to use control
## #facilities.
## ACCEPT SERVICE=C SERVER REMOTEUSER=root
## ACCEPT SERVICE=C REMOTEHOST=astart1.astart.com REMOTEUSER=papowell
##
## #Allow root on talker.astart.com to control printer hpjet
## ACCEPT SERVICE=C HOST=talker.astart.com PRINTER=hpjet REMOTEUSER=root
## #Reject all others
## REJECT SERVICE=C
##
## #Do not allow forwarded jobs or requests
## REJECT SERVICE=R,C,M FORWARD
##
# allow root on server to control jobs
ACCEPT SERVICE=C SERVER REMOTEUSER=root
# allow anybody to get status
ACCEPT SERVICE=S
# reject remote prints from arbitrary hosts
#REJECT SERVICE=XRPQ NOT REMOTEHOST=*.cssgroup.com
# reject all others, including lpc commands permitted by user_lpc
#REJECT SERVICE=CSU
# allow same user on originating host to remove a job
ACCEPT SERVICE=M SAMEHOST SAMEUSER
# allow root on server to remove a job
ACCEPT SERVICE=M SERVER REMOTEUSER=root
#REJECT SERVICE=M
# all other operations allowed
#DEFAULT ACCEPT
/etc/printcap from host
# /etc/printcap: printer capability database. See printcap(5).
# You can use the filter entries df, tf, cf, gf etc. for
# your own filters. See the printcap(5) manual page for further
# details.
lp|hpj|sagan:rm=newton:rp=cs-hp5000:
lp2:rm=hp5000.cityblue.com:rp=raw
#guttenberg|gutenberg|plotter:rm=guttenberg:rp=raw
/etc/printcap from remote host
#HP LJ 4ML
#lp|sagan2:rm=newton:rp=guttenberg_1:sh:
lp:rm=newton:rp=cs-hp5000:sh:
taylor:rm=taylor:rp=lp2:sh
Please advise
Clint
--
Clint Brubakken
---
You are needink to look more evil. You likink very strong coffee?
-- Pitr to Dust Puppy
User Friendly, 10/16/1998
- [aclug-L] More on printer error,
Clint A. Brubakken <=
|
|
