# CUPS - remote admin fails



## Deleted member 9563 (Nov 1, 2010)

I've installed CUPS and, although I haven't gotten it to print yet, it recognizes the printer and I will deal with that later. First I want remote administration to work.

The CUPS home page works, and so does the administration page at port 631. However when I click on *Add Printer*, or go to *Edit Configuration File* and try to save it, then I get the following: 


```
426 Upgrade Required
You must access this page using the URL https://TOP.lan.cgs:631/admin/.
```
After aprx. 4 seconds the screen redirects to:

```
An error occurred while loading https://top.lan.cgs:631/admin/:
Could not connect to host top.lan.cgs (port 631).
```

I normally access this machine via SSH and that works fine. I have followed the handbook, played with the /usr/local/etc/cups/cupsd.conf file, deleted configuration files, reinstalled, and restarted in between, but still get the above messages. Since everything looks OK and that is the only thing I can't get past, I feel that it has to do with groups and permissions, or some restriction in the cupsd.conf file which I add below. That particular file version is the last of many which I have tried. The default gives the same results. Any and all suggestions gratefully accepted. 


```
LogLevel warn
SystemGroup wheel
# Allow remote access
Port 631
Listen /var/run/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @LOCAL
BrowseLocalProtocols CUPS
#DefaultAuthType Basic
DefaultAuthType None
<Location />
  # Allow shared printing and remote administration...
  Order allow,deny
  Allow all

</Location>
<Location /admin>
  # Allow remote administration...
  Order allow,deny
  Allow all
Allow 192.168.1.103
Allow 192.168.1.101
</Location>
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  # Allow remote access to the configuration files...
  Order allow,deny
  Allow all
Allow 192.168.1.103
Allow 192.168.1.101

</Location>
<Policy default>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Se
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUP
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Pri
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy authenticated>
  <Limit Create-Job Print-Job Print-URI>
  AuthType Default
  Order deny,allow
</Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Se
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUP
  AuthType Default
  Require user @SYSTEM
  Order deny,allow
    </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Pri
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
      </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
      AuthType Default
      Require user @OWNER @SYSTEM
      Order deny,allow
        </Limit>
  <Limit All>
        Order deny,allow
          </Limit>
</Policy>
```

PS: This machine, named TOP, is the only one with the bogus "lan.cgs" FQDN in the system. Everything else works on single names. It seems BSD needs the FQDN for some reason, so I gave it one. If this has any lan wide relevance, I'll deal with it, but I hope that CUPS (at least temporarily) can be made to accept loose permissions since there is no particular security problem on this very insular lan.


----------



## Deleted member 9563 (Nov 1, 2010)

It's been a few hours of playing with it, and shortly after I posted the above, I found the solution. It appears that the problem is with SSL. Since I can do without it in this particular case, there is an easy way to disable it.

In the config file I had changed "DefaultAuthType Basic" to "DefaultAuthType None" in the hopes that it would do the trick. I now find that *"DefaultEncryption IfRequested" is all that needs to be added*. So, the pertinent part now reads:


```
DefaultAuthType Basic
DefaultEncryption IfRequested
```

And *now I can remotely add printers and print* to my hearts desire! Sorry for taking up space here, but hopefully someone who needs the information will come across it.


----------



## CousinCocaine (Jul 26, 2022)

Thanks, this worked for my default CUPS installation on my RaspberryPi server.

I changed ` /etc/cups/cupsd.conf`:


```
# Default authentication type, when authentication is required...
DefaultAuthType Basic
DefaultEncryption IfRequested
ServerAlias *
```


----------

