thr3ads.net - samba - [Samba] Cannot access share from Kodak printer [Mar 2013]

If this information is useful, please help other people find it:
Share via:

MIKE BLAKEKNOX

2013-Mar-24 15:45 UTC

[Samba] Cannot access share from Kodak printer

I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a
destination for scans from my Kodak Office Hero 6.1 all-in-one printer. I'm
currently getting an invalid User ID or Password error message. I have been
unable to increase the Samba log level at all even after editing the log level
in smb.conf. Before an old router running DDWRT (including Samba) failed,
scanning to the share worked flawlessly.
This seems to demonstrate that it is possible to connect from the printer to
Samba.


I have put the printer and my laptop onto a hub and am using Wireshark to see
what's going on. From the captures, it appears that printer is using a
product called BlueShare 3.0 (http://www.bluepeach.com/BlueShareDataSheet.pdf).
It sounded as if tweaking smb.conf might address the problem so I've spent
much of the day experimenting with changing things like the smb.conf security=,
use spnego =, client use spnego=, (server, domain names) without any luck.


Here's the wireshark decoded output for a test, the error is reported right
after frame 8:


Frame 4: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on
interface 0
Ethernet II, Src: EastmanK_2e:5f:f0 (00:07:5c:2e:5f:f0), Dst: AsustekC_be:14:60
(08:60:6e:be:14:60)
Internet Protocol Version 4, Src: 192.168.11.91 (192.168.11.91), Dst:
192.168.11.1 (192.168.11.1)
Transmission Control Protocol, Src Port: 4758 (4758), Dst Port: microsoft-ds
(445), Seq: 1, Ack: 1, Len:
51 
NetBIOS Session Service 
SMB (Server Message Block Protocol) 
SMB Header 
Server Component: SMB 
[Response in: 6] 
SMB Command: Negotiate Protocol (0x72) 
NT Status: STATUS_SUCCESS (0x00000000) 
Flags: 0x00 
0... .... = Request/Response: Message is a request to the server 
.0.. .... = Notify: Notify client only on open 
..0. .... = Oplocks: OpLock not requested/granted 
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized 
.... 0... = Case Sensitivity: Path names are case sensitive 
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted 
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported 
Flags2: 0xc841 
1... .... .... .... = Unicode Strings: Strings are Unicode 
.1.. .... .... .... = Error Code Type: Error codes are NT error codes 
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs 
.... 1... .... .... = Extended Security Negotiation: Extended security
negotiation is
supported 
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
.... .... .1.. .... = Long Names Used: Path names in request are long file names
.... .... ...0 .... = Security Signatures Required: Security signatures are not
required
.... .... .... 0... = Compressed: Compression is not requested 
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the
response
Process ID High: 0 
Signature: 0000000000000000 
Reserved: 0000 
Tree ID: 0 
Process ID: 0 
User ID: 0 
Multiplex ID: 344 
Negotiate Protocol Request (0x72) 
Word Count (WCT): 0 
Byte Count (BCC): 12 
Requested Dialects 
Dialect: NT LM 0.12 
Buffer Format: Dialect (2) 
Name: NT LM 0.12 

No. Time Source Destination Protocol Length Info 
5 19:12:25.736790000 192.168.11.1 192.168.11.91 TCP 60 microsoft-ds > 

4758 [ACK] Seq=1 Ack=52 Win=5840 Len=0 

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface
0
Ethernet II, Src: AsustekC_be:14:60 (08:60:6e:be:14:60), Dst: EastmanK_2e:5f:f0
(00:07:5c:2e:5f:f0)
Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst:
192.168.11.91 (192.168.11.91)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758
(4758), Seq: 1, Ack: 52, Len:
0 

No. Time Source Destination Protocol Length Info 
6 19:12:25.738224000 192.168.11.1 192.168.11.91 SMB 153 Negotiate Protocol 

Response 

Frame 6: 153 bytes on wire (1224 bits), 153 bytes captured (1224 bits) on
interface 0
Ethernet II, Src: AsustekC_be:14:60 (08:60:6e:be:14:60), Dst: EastmanK_2e:5f:f0
(00:07:5c:2e:5f:f0)
Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst:
192.168.11.91 (192.168.11.91)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758
(4758), Seq: 1, Ack: 52, Len:
99 
NetBIOS Session Service 
SMB (Server Message Block Protocol) 
SMB Header 
Server Component: SMB 
[Response to: 4] 
[Time from request: 0.001692000 seconds] 
SMB Command: Negotiate Protocol (0x72) 
NT Status: STATUS_SUCCESS (0x00000000) 
Flags: 0x80 
1... .... = Request/Response: Message is a response to the client/redirector 
.0.. .... = Notify: Notify client only on open 
..0. .... = Oplocks: OpLock not requested/granted 
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized 
.... 0... = Case Sensitivity: Path names are case sensitive 
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted 
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported 
Flags2: 0xc001 
1... .... .... .... = Unicode Strings: Strings are Unicode 
.1.. .... .... .... = Error Code Type: Error codes are NT error codes 
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs 
.... 0... .... .... = Extended Security Negotiation: Extended security
negotiation is not supported
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
.... .... .0.. .... = Long Names Used: Path names in request are not long file
names
.... .... ...0 .... = Security Signatures Required: Security signatures are not
required
.... .... .... 0... = Compressed: Compression is not requested 
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the
response
Process ID High: 0 
Signature: 0000000000000000 
Reserved: 0000 
Tree ID: 0 
Process ID: 0 
User ID: 0 
Multiplex ID: 344 
Negotiate Protocol Response (0x72) 
Word Count (WCT): 17 
Dialect Index: 0: NT LM 0.12 
Security Mode: 0x03 
Max Mpx Count: 50 
Max VCs: 1 
Max Buffer Size: 16644 
Max Raw Buffer: 65536 
Session Key: 0x000002e0 
Capabilities: 0x0080e3fd 
System Time: Mar 23, 2013 19:12:29.000000000 Eastern Daylight Time 
Server Time Zone: 240 min from UTC 
Key Length: 8 
Byte Count (BCC): 26 
Encryption Key: 09cc5aa135fac1f2 
Primary Domain: RAINTREE 

No. Time Source Destination Protocol Length Info 
7 19:12:25.741633000 192.168.11.91 192.168.11.1 SMB 192 Session Setup AndX 

Request, NTLMSSP_NEGOTIATE 

Frame 7: 192 bytes on wire (1536 bits), 192 bytes captured (1536 bits) on
interface 0
Ethernet II, Src: EastmanK_2e:5f:f0 (00:07:5c:2e:5f:f0), Dst: AsustekC_be:14:60
(08:60:6e:be:14:60)
Internet Protocol Version 4, Src: 192.168.11.91 (192.168.11.91), Dst:
192.168.11.1 (192.168.11.1)
Transmission Control Protocol, Src Port: 4758 (4758), Dst Port: microsoft-ds
(445), Seq: 52, Ack: 100,

Len: 138 
NetBIOS Session Service 
SMB (Server Message Block Protocol) 
SMB Header 
Server Component: SMB 
[Response in: 8] 
SMB Command: Session Setup AndX (0x73) 
NT Status: STATUS_SUCCESS (0x00000000) 
Flags: 0x00 
0... .... = Request/Response: Message is a request to the server 
.0.. .... = Notify: Notify client only on open 
..0. .... = Oplocks: OpLock not requested/granted 
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized 
.... 0... = Case Sensitivity: Path names are case sensitive 
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted 
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported 
Flags2: 0xc841 
1... .... .... .... = Unicode Strings: Strings are Unicode 
.1.. .... .... .... = Error Code Type: Error codes are NT error codes 
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs 
.... 1... .... .... = Extended Security Negotiation: Extended security
negotiation is supported
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
.... .... .1.. .... = Long Names Used: Path names in request are long file names
.... .... ...0 .... = Security Signatures Required: Security signatures are not
required
.... .... .... 0... = Compressed: Compression is not requested 
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the
response
Process ID High: 0 
Signature: 0000000000000000 
Reserved: 0000 
Tree ID: 0 
Process ID: 0 
User ID: 0 
Multiplex ID: 345 
Session Setup AndX Request (0x73) 
Word Count (WCT): 12 
AndXCommand: No further commands (0xff) 
Reserved: 00 
AndXOffset: 134 
Max Buffer: 32767 
Max Mpx Count: 6 
VC Number: 1 
Session Key: 0x000002e0 
Security Blob Length: 32 
Reserved: 00000000 
Capabilities: 0x8000005c 
Byte Count (BCC): 75 
Security Blob: 4e544c4d5353500001000000070200000000000020000000... 
GSS-API Generic Security Service Application Program Interface 
NTLM Secure Service Provider 
NTLMSSP identifier: NTLMSSP 
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001) 
Flags: 0x00000207 
Calling workstation domain: NULL 
Calling workstation name: NULL 
Native OS: Win32 
Native LAN Manager: BlueShare 3.0 
Primary Domain: 


No. Time Source Destination Protocol Length Info 
8 19:12:25.742623000 192.168.11.1 192.168.11.91 SMB 93 Session Setup AndX 

Response, Error: Access denied 

Frame 8: 93 bytes on wire (744 bits), 93 bytes captured (744 bits) on interface
0
Ethernet II, Src: AsustekC_be:14:60 (08:60:6e:be:14:60), Dst: EastmanK_2e:5f:f0
(00:07:5c:2e:5f:f0)
Internet Protocol Version 4, Src: 192.168.11.1 (192.168.11.1), Dst:
192.168.11.91 (192.168.11.91)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 4758
(4758), Seq: 100, Ack: 190,

Len: 39 
NetBIOS Session Service 
SMB (Server Message Block Protocol) 
SMB Header 
Server Component: SMB 
[Response to: 7] 
[Time from request: 0.000990000 seconds] 
SMB Command: Session Setup AndX (0x73) 
Error Class: DOS Error (0x01) 
Reserved: 00 
Error Code: Access denied 
Flags: 0x80 
1... .... = Request/Response: Message is a response to the client/redirector 
.0.. .... = Notify: Notify client only on open 
..0. .... = Oplocks: OpLock not requested/granted 
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized 
.... 0... = Case Sensitivity: Path names are case sensitive 
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted 
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported 
Flags2: 0x8001 
1... .... .... .... = Unicode Strings: Strings are Unicode 
.0.. .... .... .... = Error Code Type: Error codes are DOS error codes 
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs 
.... 0... .... .... = Extended Security Negotiation: Extended security
negotiation is not supported
.... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
.... .... .0.. .... = Long Names Used: Path names in request are not long file
names
.... .... ...0 .... = Security Signatures Required: Security signatures are not
required
.... .... .... 0... = Compressed: Compression is not requested 
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the
response
Process ID High: 0 
Signature: 0000000000000000 
Reserved: 0000 
Tree ID: 0 
Process ID: 0 
User ID: 0 
Multiplex ID: 345 
Session Setup AndX Response (0x73) 
Word Count (WCT): 0 
Byte Count (BCC): 0 

Can anyone see what the problem might be? 

In case it's useful, here's my smb.conf: 
[global] 
workgroup = raintree 
netbios name = raintree 
server string = raintree 
unix charset = UTF8 
display charset = UTF8 
log file = /var/log.samba 
log level = 0 
max log size = 5 
security = USER 
guest ok = no 
map to guest = Bad User 
encrypt passwords = yes 
pam password change = no 
null passwords = yes 
force directory mode = 0777 
force create mode = 0777 
max connections = 5 
socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=32768 SO_SNDBUF=32768 
obey pam restrictions = no 
use spnego = no 
client use spnego = no 
disable spoolss = yes 
host msdfs = no 
strict allocate = No 
bind interfaces only = yes 
interfaces = lo br0 
use sendfile = no 
map archive = no 
map hidden = no 
map read only = no 
map system = no 
store dos attributes = yes 
dos filemode = yes 
dos filetimes = yes 
dos filetime resolution = yes 
[mbk] 
comment = sambap's mbk in WD My Passport 0748 
path = /tmp/mnt/sambap/mbk 
valid users = admin, mbk, new 
invalid users = 
read list = admin, mbk, new 
write list = admin, mbk, new 

Thanks 

Mike

Mike Blake-Knox

2013-Mar-27 12:11 UTC

head link

[Samba] Cannot access share from Kodak printer

> I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router
> as a destination for scans from my Kodak Office Hero 6.1 all-in-one
> printer. 
...
> I have put the printer and my laptop onto a hub and am using
> Wireshark to see what's going on. From the captures, it appears that
> printer is using a product called BlueShare 3.0
I've continued to experiment with smb.conf tweaks with no real progress. I
have noticed new syslog entries:
Mar 27 07:56:36 smbd[692]: [2013/03/27 07:56:36, 0]
smbd/sesssetup.c:reply_sesssetup_and_X(1265)
Mar 27 07:56:36 smbd[692]:   reply_sesssetup_and_X:  Rejecting attempt at SPNEGO
session setup when it was not negoitiated.

I tried setting the spnego options in smb.conf to  yes, but these messages
continue.

I may have also noticed that the username/password isn't being sent from the
printer to the router. The Session Setup AndX Request doesn't seem to
contain either the username or password. It also doesn't seem to grow when I
make the username and password both 8 bytes longer.

Suggestions will be gratefully received.

----- Original Message -----> From: "MIKE BLAKEKNOX" <bk1985 at knology.net>
> To: samba at lists.samba.org
> Sent: Sunday, March 24, 2013 11:45:39 AM
> Subject: [Samba] Cannot access share from Kodak printer
> 
> 
> 
> I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router
> as a destination for scans from my Kodak Office Hero 6.1 all-in-one
>

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Mar 2013 - Cannot access share from Kodak printer

[Samba] Cannot access share from Kodak printer

[Samba] Cannot access share from Kodak printer

Seemingly Similar Threads