Closed xiaowen581 closed 8 months ago
Hi @xiaowen581 ,
please provide cupsd debug2 logs when you print - IIUC one of the issues why you cannot print to the Windows server is because of this:
T001 10:38:04.887 cupsDoAuthentication: Trying scheme "Negotiate"...
T001 10:38:04.887 _cupsSetNegotiateAuthString: Kerberos not available for host "192.168.1.161".
T001 10:38:04.887 cupsDoAuthentication: No credentials for Negotiate.
T001 10:38:04.887 cupsDoAuthentication: Trying scheme "NTLM"...
T001 10:38:04.887 cupsDoAuthentication: Scheme "NTLM" not yet supported.
T001 10:38:04.887 cupsDoAuthentication: authstring="".
The error about Kerberos is from cups/auth.c:
374 if (!strcmp(http->hostname, "localhost") || http->hostname[0] == '/' || isdigit(http->hostname[0] & 255) || !strchr(http->hostname, '.'))
375 {
376 DEBUG_printf("1_cupsSetNegotiateAuthString: Kerberos not available for host \"%s\".", http->hostname);
377 return (CUPS_GSS_NONE);
378 }
I suspect you use IP in device uri, which is not correct for Kerberos. If you use hostname and you have kerberos ticket, it should work IMO - but I saw some issues with Kerberos+IPP on Windows servers, which caused CUPS client to use lower IPP versions, so that can be problem as well.
Either way, the endless loop happens in loop when we ask for printer attributes, but we always get UNAUTHORIZED because of incorrect URI. @michaelrsweet IMO we should apply check for contimeout to every error we get in that loop, otherwise we are trapped for loops for any errors except for BUSY and UNAVAILABLE.
@michaelrsweet or introduce attempts
URI variable for such cases (since UNAUTHORIZED probably does not change in time...) - tbh I would like to introduce something like this either way for the future, so users can use IPP instead of beh backend (which does the similar thing) once CUPS get rid of other backends than IPP.
@zdohnal It might be better to simply abort if we try to do Kerberos with an IP address (Kerberos depends on a domain name...)
Describe the bug after print by lp command, lp got success result and exited , but the "/usr/libexec/cups/backend/http" command is continuously sending request to Windows Print Server. And Windows Print Server always returns "401 Unauthorized".
To Reproduce Steps to reproduce the behavior:
Expected behavior http command should exit clearly.
System Information:
Additional context debug.txt debug.txt