Adding Printer via omv-cups fails

    • OMV 1.0
    • Adding Printer via omv-cups fails

      Hey ladies and gentlemen!

      I have big troubles adding a(ny) printer (two different Epson Stylus Inkers) to omv. Both are recognized by system and I can choose them in the add-printer prompt. But that's all. I can't finish the configuration - it always stucks!

      I surfed the web already and the only real suggestion (it wasn't omv related) I found was to remove the package(s) "foomatic-*" which is only needed for HP-Printers. I tried but couldn't manage it without to remove the package "openmediavault-cups" too - which is quite senseless...

      So till here I had no luck - any suggestions? ?(

      Hardware:
      Bufallo Linkstation
      Platform: armv5tel
      Kernel: 3.2.0-4-orion5x #1 Debian 3.2.65-1+deb7u2
      OMV Version: 1.16


      Errormessage via CUPS-Interface


      Errormessage via OMV-Interface
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________
    • This is serious sh!t

      Another thing I just found out is that the encryption on the cups-webinterface which is automatically installed with the "openmediavault-cups" package (omv ip with port 631) is broken!

      This is a quite high security risk (panic!) as it' uses the same credentials to login as the omv-webinterface.

      A man-in-the-middle is an ease (even with a simple browser extension!) --> resulting having the admin/root credentials with password in clear text for the whole system! :cursing:

      S U P E R - G A U ! <X <X <X


      Another plugin I checked was extplorer which uses the same (normally very strong) certificate as for the omv-webinterface :thumbup:
      My syncthing installation which creates there on certificate is also very strong :thumbup:
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________

      The post was edited 1 time, last by username ().

    • And why would this be a problem if you don't forward port 631 from your router to your OMV???? Do'h!!

      Also, when you click on the Administration TAB it forces you to upgrade to SSL. You are not queried for your credentials until you are in a SSL session.

      You could also add a firewall rule like this so it can only be accessed on your LAN. See pic...
      Images
      • cups.jpg

        62.92 kB, 895×177, viewed 388 times

      The post was edited 3 times, last by tekkb ().

    • tekkb wrote:

      And why would this be a problem if you don't forward port 631 from your router to your OMV???? Do'h!!


      Why shouldn't this be a problem? Do'h!

      tekkb wrote:

      Also, when you click on the Administration TAB it forces you to upgrade to SSL. You are not queried for your credentials until you are in a SSL session.


      It's weak. The SSL session is weak! Actually very weak!

      tekkb wrote:

      You could also add a firewall rule like this so it can only be accessed on your LAN. See pic...


      What? It's not exposed to the WAN if it's behind a router with nat...
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________
    • tekkb wrote:

      Yeah, so why does it matter if you do not do it over the web. Most are not going to change admin settings of cups via the internet. They will do it on their LAN.

      It is not exposed to the internet if it is behind your router's firewall, unless you forward a port to it.


      Sorry, I can't allow that! It's a matter of security. No difference between LAN or WAN: Different network same broken encryption


      HK-47 wrote:

      username wrote:

      It's
      weak. The SSL session is weak! Actually very weak!

      It uses
      SHA1 instead of SHA256. I want to point out that we don't generate the
      certs for CUPS. I actually don't know where/when they're generated but
      my guess is in the package from Debian. [...]


      You pointed it out. Thank's!

      OMV makes a good job with SSL encryption so far - but this (CUPS uses same credentials with a broken ssl-cert as OMV) actually ruins it all. We will hope that it will get fixed soon! Should be top prio!
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________
    • I've tracked down the certificate generation now. The certificate CUPS is using (/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key) is generated by the ssl-cert package. In Wheezy the version is 1.0.32 and this version generates a SHA1 certificate. According to the changelog (found here) they changed from SHA1 to SHA2 in version 1.0.34. Version 1.0.35 is found in Jessie.
    • username wrote:

      Different network same broken encryption


      Here are people that open port 80 to the WAN. You're the first to actually care about any SSL security flaws inside LAN. Do you expect a Man-in-the-Middle Attack inside your LAN?

      Your concern may be valid. But the risk is nearly zero to nothing.

      As HK pointed out, it's not in our Hands to change something that is controlled by a package maintainer. You can request however that we take a look into this issue and see if we could improve the the certificate creation on Wheezy, manually. Not sure if thats possible with 1.0.32. ;)

      PS: You're right. You're just the first one to notice and to care about it.

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.

      The post was edited 1 time, last by davidh2k ().

    • tekkb wrote:

      username wrote:

      CUPS uses same credentials with a broken ssl-cert as OMV


      No, all he is saying is not correct. The cert is not broken. It just does not provide the higher level of security/encryption of SHA2. He could use a firewall rule to limit the PCs that can access on the LAN.


      No, all he is saying is correct. The cert is technically broken because it' uses broken or very-weak (easy to break) techniques. There is people they give a sh!t about security (like the german goverment, many companies and probably you) but for people who care about data integrity and security in general this is not a way to go! There is also people who use Microsoft Windows XP.... <X ...and ATM's using MS Win XP :thumbsup:

      As today it's still uses the broken cert (and old cups-version 1.5.3)
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________
    • username wrote:

      Hey ladies and gentlemen!

      I have big troubles adding a(ny) printer (two different Epson Stylus Inkers) to omv. Both are recognized by system and I can choose them in the add-printer prompt. But that's all. I can't finish the configuration - it always stucks!

      I surfed the web already and the only real suggestion (it wasn't omv related) I found was to remove the package(s) "foomatic-*" which is only needed for HP-Printers. I tried but couldn't manage it without to remove the package "openmediavault-cups" too - which is quite senseless...

      So till here I had no luck - any suggestions? ?(


      BACK TO TOPIC:

      I found out that there is no suitable driver - or that the right driver can't be selceted:

      I hit:

      Source Code

      1. sudo lpinfo --make-and-model 'Epson Stylus DX' -m

      and the response is

      Source Code

      1. lpinfo: Success


      but the response should be

      Source Code

      1. gutenprint.5.2://escp2-dx3800/expert Epson Stylus DX3800 - CUPS+Gutenprint v5.2.10-pre2
      2. gutenprint.5.2://escp2-dx3850/expert Epson Stylus DX3850 - CUPS+Gutenprint v5.2.10-pre2
      3. gutenprint.5.2://escp2-dx4000/expert Epson Stylus DX4000 - CUPS+Gutenprint v5.2.10-pre2
      4. gutenprint.5.2://escp2-dx4050/expert Epson Stylus DX4050 - CUPS+Gutenprint v5.2.10-pre2
      5. gutenprint.5.2://escp2-dx4200/expert Epson Stylus DX4200 - CUPS+Gutenprint v5.2.10-pre2
      6. gutenprint.5.2://escp2-dx4250/expert Epson Stylus DX4250 - CUPS+Gutenprint v5.2.10-pre2
      7. gutenprint.5.2://escp2-dx4400/expert Epson Stylus DX4400 - CUPS+Gutenprint v5.2.10-pre2
      8. gutenprint.5.2://escp2-dx4450/expert Epson Stylus DX4450 - CUPS+Gutenprint v5.2.10-pre2
      9. gutenprint.5.2://escp2-dx4800/expert Epson Stylus DX4800 - CUPS+Gutenprint v5.2.10-pre2
      10. gutenprint.5.2://escp2-dx4850/expert Epson Stylus DX4850 - CUPS+Gutenprint v5.2.10-pre2
      11. gutenprint.5.2://escp2-dx7000f/expert Epson Stylus DX7000F - CUPS+Gutenprint v5.2.10-pre2
      12. gutenprint.5.2://escp2-dx7400/expert Epson Stylus DX7400 - CUPS+Gutenprint v5.2.10-pre2
      13. gutenprint.5.2://escp2-dx7450/expert Epson Stylus DX7450 - CUPS+Gutenprint v5.2.10-pre2
      14. gutenprint.5.2://escp2-dx8400/expert Epson Stylus DX8400 - CUPS+Gutenprint v5.2.10-pre2
      15. gutenprint.5.2://escp2-dx8450/expert Epson Stylus DX8450 - CUPS+Gutenprint v5.2.10-pre2
      16. gutenprint.5.2://escp2-dx9400f/expert Epson Stylus DX9400F - CUPS+Gutenprint v5.2.10-pre2
      Display All


      ...like it' is on my client machine.

      How can I get the things right in OMV? How can I add printing-drivers to my OMV-Installation?
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________

      The post was edited 1 time, last by username ().

    • The two times I've added printer to omv I went to the manufacturer Web and grab the driver there. Brother gives you the package in deb and rpm. Don't know about Epson. I've read the whole post I couldn't find which printer where you trying to add.
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • subzero79 wrote:

      The two times I've added printer to omv I went to the manufacturer Web and grab the driver there. Brother gives you the package in deb and rpm. Don't know about Epson. I've read the whole post I couldn't find which printer where you trying to add.


      I want to add an Epson Stylus DX 3850 or/and an Epson D88 which both are using a gutenprint driver: openprinting.org/driver/gutenprint

      The package which contain the driver should be: printer-driver-gutenprint (packages.debian.org/wheezy/printer-driver-gutenprint)

      I actually have the package installed on my system but I can't access them via cups. I once read something that there is an option to merge something to see the drivers in lpinfo - but I don't know what ?(
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________
    • I run the command lpinfo --make-and-model 'Epson Stylus DX' -m and gave me all the drivers.

      Also lpinfo -m | grep Epson | grep DX outputed correctly

      Source Code

      1. gutenprint.5.2://escp2-dx3800/expert Epson Stylus DX3800 - CUPS+Gutenprint v5.2.9
      2. gutenprint.5.2://escp2-dx3850/expert Epson Stylus DX3850 - CUPS+Gutenprint v5.2.9
      3. gutenprint.5.2://escp2-dx4000/expert Epson Stylus DX4000 - CUPS+Gutenprint v5.2.9
      4. gutenprint.5.2://escp2-dx4050/expert Epson Stylus DX4050 - CUPS+Gutenprint v5.2.9
      5. gutenprint.5.2://escp2-dx4200/expert Epson Stylus DX4200 - CUPS+Gutenprint v5.2.9
      6. gutenprint.5.2://escp2-dx4250/expert Epson Stylus DX4250 - CUPS+Gutenprint v5.2.9
      7. gutenprint.5.2://escp2-dx4400/expert Epson Stylus DX4400 - CUPS+Gutenprint v5.2.9
      8. gutenprint.5.2://escp2-dx4450/expert Epson Stylus DX4450 - CUPS+Gutenprint v5.2.9
      9. gutenprint.5.2://escp2-dx4800/expert Epson Stylus DX4800 - CUPS+Gutenprint v5.2.9
      10. gutenprint.5.2://escp2-dx4850/expert Epson Stylus DX4850 - CUPS+Gutenprint v5.2.9
      11. gutenprint.5.2://escp2-dx7000f/expert Epson Stylus DX7000F - CUPS+Gutenprint v5.2.9
      12. gutenprint.5.2://escp2-dx7400/expert Epson Stylus DX7400 - CUPS+Gutenprint v5.2.9
      13. gutenprint.5.2://escp2-dx7450/expert Epson Stylus DX7450 - CUPS+Gutenprint v5.2.9
      14. gutenprint.5.2://escp2-dx8400/expert Epson Stylus DX8400 - CUPS+Gutenprint v5.2.9
      15. gutenprint.5.2://escp2-dx8450/expert Epson Stylus DX8450 - CUPS+Gutenprint v5.2.9
      16. gutenprint.5.2://escp2-dx9400f/expert Epson Stylus DX9400F - CUPS+Gutenprint v5.2.9
      Display All





      Source Code

      1. dpkg -l | grep guten
      2. ii libgutenprint2 5.2.9-1 amd64 runtime for the Gutenprint printer driver library
      3. ii printer-driver-gutenprint 5.2.9-1 amd64 printer drivers for CUPS
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • I have it all:

      dpkg -l | grep guten

      Source Code

      1. ii cups-driver-gutenprint 5.2.9-1 all transitional dummy package for gutenprint printer driver
      2. ii foomatic-db-gutenprint 5.2.9-1 all OpenPrinting printer support - database for Gutenprint printer drivers
      3. ii gutenprint-locales 5.2.9-1 all locale data files for Gutenprint
      4. ii ijsgutenprint 5.2.9-1 armel inkjet server - Ghostscript driver for Gutenprint
      5. ii libgutenprint2 5.2.9-1 armel runtime for the Gutenprint printer driver library
      6. ii printer-driver-gutenprint 5.2.9-1 armel printer drivers for CUPS


      Maybe to much? I read that these foomatic* stuff (as I know for hp-devices only) causes problems with other drivers. One hint was to kick it from the system - but because of dependences I can't do it. It will remove all cups components too...

      lpinfo -m | grep Epson | grep DX

      Source Code

      1. lpinfo: Success


      8|
      :thumbsup: Heads up! You’re editing your own user account, careless changes might lock you out! :whistling:
      _____________________________________________________________________________

      :) :( ;) :P ^^ :D ;( X( :* :| 8o =O || :/ :S X/ 8) :huh: :rolleyes: 8| :thumbdown: :thumbsup: :thumbup: :sleeping: :whistling:
      _____________________________________________________________________________