Created at 09:09 Apr 13, 2005 by steve, last modified at 07:19 May 27, 2005
1) Go to the text file /etc/cups/cupsd.conf
2) Scroll down the file and put under the <Location/ admin> section:
Just add an Allow directive for every computer you want to be able to do administrative duties on.
Here is an example:
I want to allow remote access to another computer (IP address is 192.168.10.1).
When I access the text file /etc/cups/cupsd.conf, I get a long list of information. I scroll down until I find the section: <Location /admin>.
It looks like this:
<Location /admin> Order deny,allow Encryption IfRequested Satisfy All AuthType Basic AuthClass System Deny All Allow 127.0.0.1 </Location>How do I allow remote access to my other computer?
Add another Allow line.
Your updated file should look like this:
<Location /admin> Order deny,allow Encryption IfRequested Satisfy All AuthType Basic AuthClass System Deny All Allow 127.0.0.1 Allow 192.168.10.1 </Location>Listing
The 'Listen' directive can also affect this.
If you only have 'Listen 127.0.0.1:631' then you will only be able to get in through localhost, regardless of your 'Allow' settings ... because the server is not listening on the other ports.
For some reason, the default directive on Fedora Core 4 and 3 is 'Listen 127.0.0.1:631'. This is below the line that says
# Lines below are automatically generated - DO NOT EDIT
It seems that this line will sometimes (always?) change to 'Listen *:631' when the data gets automatically generated ... but it is not clear to me when/how it gets regenerated ... perhaps using 'system-config-printer'.
It is a problem because it looks like you cannot have duplicate IP addresses in Listen directives, even if they are wildcards. This means that you cannot do the following:
Listen *:631 ... # Lines below are automatically generated - DO NOT EDIT ... Listen 127.0.0.1:631
Because 127.0.0.1:631 is already in use by the time the second directive is reached.
So, I put
Listen 192.168.0.100:631
# Lines below are automatically generated - DO NOT EDIT ... Listen 127.0.0.1:631
But this is going to die if/when this ever gets regenerated and the 127.0.0.1:631 becomes *:631
Michael Reply
This is a Redhat issue. Redhat changed the integrity of CUPS and how it handles configuration. You need to disable the cups-config-daemon:
chkconfig cups-config-daemon off
/etc/init.d/cups-config-daemon stop
Now, you can use the article as presented. Reply
My system (Fedora C3) by default was only listening on the loopback inteface; to get going, I had to first add
Listen <IP-here>:631
Then I had to add
to all <Location ...>/</Location> blocks (one for /, one for /admin, and one per printer).
Reply What if I want to access from a set of private boxes? For example, I want IP range to be from 192.168.10.1 to 192.168.10.15. Thanks.
Reply I'm trying to keep the articles simple.
Using the above article, you could just add an Allow from line for each IP address.
Another way, based on the way you set up your system, is to type:
Allow from 192.168.0.0/28
Reply This has proven not so straightforward for me. Maybe I'm missing something, but I have had to set that "allow from" in every <Location /> section of cups.conf (/printers, /jobs, etc.), including every individual printer name. Isn't there a way to set it globally?
Thanks! As long as only have in your Location: / and /admin you need not do anything more then what is stated above. Otherwise, you'd have to duplicate the information. There is not a way to set it globally.
Reply Do you mean just in the <Location /admin> </Location> section? I do not have a vanilla <Location> </Location> section. If you are willing, I could send you my cups.conf via e-mail for you to see. I am running 1.1.19-13 on a Fedora Core 1 box (maybe that's part of my problem?)
ReplyAllowFrom <Net-IP-Here>/<mask-length>
From compunuts, 01:29 Apr 24, 2005 (score=3)
From steve, 11:43 Apr 25, 2005 (score=3)
From medwards, 06:30 Apr 15, 2005 (score=3)
MIke
ReplyFrom steve, 11:41 Apr 18, 2005 (score=3)
From medwards, 10:51 Apr 27, 2005 (score=3)