Raspberry Pi 3b+ Linux 4.19.66-v7+ 上的 cups 2.2.1 #1253 SMP 2019 年 8 月 15 日星期四 11:49:46 BST armv7l GNU/Linux
当我尝试通过 Web 界面进行身份验证以执行管理功能时,系统反复提示我进行身份验证,但不允许添加打印机。我可以进行身份验证以查看错误日志,每次以 user=pi 身份登录失败后都会生成以下错误。pi 已成为 lpadmin 组的成员。(sudo usermod -a -G lpadmin pi)
E [28/Sep/2019:12:08:03 -0400] [Client 10] Local authentication certificate not found.
日志中早些时候还出现了其他错误。代表性列表如下:
E [28/Sep/2019:08:43:57 -0400] Unable to open listen socket for address [v1.::1]:631 - Address already in use.
E [28/Sep/2019:08:43:57 -0400] Unable to open listen socket for address 127.0.0.1:631 - Address already in use.
任何诊断帮助都将不胜感激。谢谢。
我的 /etc/cups/cupsd.conf 如下。
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Only listen for connections from the local machine.
# Listen localhost:631
Port 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow @local
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow @local
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow @local
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew- Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
新信息(2019 年 9 月 29 日):cups-browsed 处于 CLOSE-WAIT 状态。
pi@rpi3bp:~ $ sudo ss -lpn | grep -e ":631" -e "Netid"
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 5 *:631 *:* users:(("cupsd",pid=398,fd=9))
tcp LISTEN 0 5 :::631 :::* users:(("cupsd",pid=398,fd=10))
pi@rpi3bp:~ $ ps -ef | grep -e cups -e UID | grep -v grep
UID PID PPID C STIME TTY TIME CMD
root 398 1 0 Sep21 ? 00:00:08 /usr/sbin/cupsd -l
root 15529 1 0 06:25 ? 00:00:00 /usr/sbin/cupsd -l
root 15530 1 0 06:25 ? 00:00:00 /usr/sbin/cups-browsed
lp 15545 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
lp 15546 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
lp 15547 15529 0 06:25 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
pi@rpi3bp:~ $ sudo ss -pn | grep -e "15530" -e "Netid"
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * 429953 * 0 users:(("cups-browsed",pid=15530,fd=2),("cups-browsed",pid=15530,fd=1))
u_str ESTAB 0 0 * 430354 * 0 users:(("cups-browsed",pid=15530,fd=6))
u_str ESTAB 0 0 * 430356 * 0 users:(("cups-browsed",pid=15530,fd=8))
tcp CLOSE-WAIT 1 0 ::1:36556 ::1:631 users:(("cups-browsed",pid=15530,fd=4))
tcp CLOSE-WAIT 1 0 ::1:36554 ::1:631 users:(("cups-browsed",pid=15530,fd=3))
答案1
深入调查后发现,有 2 个 cupsd 进程正在运行。我应该在上面我编辑的(新信息,2019 年 9 月 29 日)条目中看到这一点。
pi@rpi3bp:/etc/cups $ ps -ef | grep cups | grep -v grep
root 398 1 0 Sep21 ? 00:00:14 /usr/sbin/cupsd -l
root 28049 1 0 21:14 ? 00:00:00 /usr/sbin/cupsd -l
root 28050 1 0 21:14 ? 00:00:00 /usr/sbin/cups-browsed
lp 28055 28049 0 21:14 ? 00:00:00 /usr/lib/cups/notifier/dbus dbus://
检查 /lib/systemd/system 发现 cups 有多个条目。删除 org.cups.* 条目并应用关机 + 重启即可解决问题。
pi@rpi3bp:/lib/systemd/system $ ls -l | grep cups
-rw-r--r-- 1 root root 234 Jun 16 2016 cups-browsed.service
-rw-r--r-- 1 root root 142 Aug 21 03:51 cups.path
-rw-r--r-- 1 root root 175 Aug 21 03:51 cups.service
-rw-r--r-- 1 root root 136 Aug 21 03:51 cups.socket
-r--r--r-- 1 root root 152 Apr 7 08:30 org.cups.cupsd.path
-r--r--r-- 1 root root 214 Apr 7 08:30 org.cups.cupsd.service
-r--r--r-- 1 root root 146 Apr 7 08:30 org.cups.cupsd.socket
-r--r--r-- 1 root root 147 Apr 7 08:30 [email protected]
-r--r--r-- 1 root root 148 Apr 7 08:30 org.cups.cups-lpd.socket
我还添加了允许@local到 cupsd.conf 中的 < Location /admin/log >