[Freeipa-users] cups problem that may be related to freeIPA

[Alexander Bokovoy]

On Tue, 08 Mar 2016, Karl Forner wrote:
>Hello,
>
>On an ubuntu 14.04 box, freeIPA enrolled, I am no longer authorized to
>administer cups via the web UI.
>It used to work before the freeIPA enrollment and it works with a local
>account, so I strongly suspect that it is related to freeIPA.
>
>Steps to reproduce:
>open http://localhost:631/admin
>click on "Add Printer"
>a popup opens asking for CUPS credentials.
>If I type my credentials (freeIPA user), it fails.
>
>>From the /var/log/auth.log:
>Mar  8 15:14:58 pyro cupsd: pam_unix(cups:auth): authentication failure;
>logname= uid=0 euid=0 tty=cups ruser= rhost=localhost  user=karl
>Mar  8 15:14:58 pyro cupsd: pam_sss(cups:auth): Request to sssd failed.
>Permission denied
>M
>
>I added many local groups to my freeIPA user:
>(sys),4(adm),7(lp),27(sudo),109(lpadmin),
>If I enter the credentials of a local account (non managed by freeIPA), it
>works.
>
>What's wrong ?
Just an idea:
You probably have AppArmor running and its default policy might prevent
cupsd to talk to sssd socket.

-- 
/ Alexander Bokovoy