NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Using a Scan To Network share (OfficeJet 9130)
Hi i am struggling with trying to get a Hp OfficeJet 9130 to scan direct to my Infrant ReadyNAS NV. I have created a share, given it a password. I can connect to it using a xp box no problem. In...
Ok, I've found a workaround to the problem. It will required an additional option to be added to one of the share configuration pages (the 'Advanced Options' seem most appropriate). The option would add/remove the following line to the [global] section of the smb.conf file on the ReadyNAS:
use spnego = no
Note that this may affect performance and/or access to shares by other CIFS clients. That's why it needs to be an advanced option.
A discussion of the issue follows.
The problem appears to be either a bug in Samba's session setup protocol or in the printer's implementation of the SMB protocol. It's possible that this will be fixed in Samba 4.0, but not certain. I'll post something to the samba-technical list to see if I can get clarification. In any case, until Samba 4.0 is released I think the only solution is the one described above.
Session setup for user authentication using SPNEGO goes something like this (client is the printer, server is the ReadyNAS Samba server):
1. Client sends a NEGOTIATE to server.
2. Server sends a NEGOTIATE to client specifying available options.
3. Client sends a SESSION_SETUP_ANDX to server to request authentication.
4. Server sends a SESSION_SETUP_ANDX with challenge and a status requesting more data is required (STATUS_MORE_PROCESSING_REQUIRED).
5. Client sends SESSION_SETUP_ANDX with challenge response and username.
6. Server sends a SESSION SETUP_ANDX with authenticated vuid.
7. Client sends a TREE_CONNECT_ANDX using authenticated vuid.
The vuid is then used for any subsequent communication between the client and server. Think of the vuid as a session key that identifies authenticated communication between the client and server.
The problem accurs because the Samba server actually allocates a temporary vuid in step 4 that is different from the vuid supplied to the client in step 6, and includes this in it's message to the client. The printer then uses this temporary vuid rather than the real vuid in step 7. Because the authentication actually succeeded, a message to this effect is logged on the server, which is what we're seeing. However the server then terminates the connection at step 7 when the incorrect vuid is supplied.
The 'use spnego = no' option tells the server to use an older authentication protocol that avoids the two stage process shown above. This avoids the temporary vuid allocation and so the correct vuid is used by the printer.
Greg
use spnego = no
Note that this may affect performance and/or access to shares by other CIFS clients. That's why it needs to be an advanced option.
A discussion of the issue follows.
The problem appears to be either a bug in Samba's session setup protocol or in the printer's implementation of the SMB protocol. It's possible that this will be fixed in Samba 4.0, but not certain. I'll post something to the samba-technical list to see if I can get clarification. In any case, until Samba 4.0 is released I think the only solution is the one described above.
Session setup for user authentication using SPNEGO goes something like this (client is the printer, server is the ReadyNAS Samba server):
1. Client sends a NEGOTIATE to server.
2. Server sends a NEGOTIATE to client specifying available options.
3. Client sends a SESSION_SETUP_ANDX to server to request authentication.
4. Server sends a SESSION_SETUP_ANDX with challenge and a status requesting more data is required (STATUS_MORE_PROCESSING_REQUIRED).
5. Client sends SESSION_SETUP_ANDX with challenge response and username.
6. Server sends a SESSION SETUP_ANDX with authenticated vuid.
7. Client sends a TREE_CONNECT_ANDX using authenticated vuid.
The vuid is then used for any subsequent communication between the client and server. Think of the vuid as a session key that identifies authenticated communication between the client and server.
The problem accurs because the Samba server actually allocates a temporary vuid in step 4 that is different from the vuid supplied to the client in step 6, and includes this in it's message to the client. The printer then uses this temporary vuid rather than the real vuid in step 7. Because the authentication actually succeeded, a message to this effect is logged on the server, which is what we're seeing. However the server then terminates the connection at step 7 when the incorrect vuid is supplied.
The 'use spnego = no' option tells the server to use an older authentication protocol that avoids the two stage process shown above. This avoids the temporary vuid allocation and so the correct vuid is used by the printer.
Greg
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
