i've recently received a c550 and having some issues setting up SMB scan. Ive searched around these forums and some other random googling but cant seem to find a related thread anywhere.
i am trying to scan to a server (win2k3 r2 x64) that is NOT a domain controller. i want to use a local acct vs a domain acct for this purpose. figure it minimizes some impact of someone capturing traffic/hashes etc. since it appears it only uses LM or NTLM v1/v2 for SMB scanning.
at any rate, i am able to setup a local user acct on win2k3 (FILESVR\scan) and browse via *nix or a non-domain machine perfectly fine. i cannot, however, get this to work from the KM c550. i can input a domain admin acct and goes right thru. when i try to use local acct, both "scan" or append local machine name "FILESVR003\scan" it fails. i kept thinking it was a security setting, but since i can punch right thru with ubuntu or off-domain machine i started thinking in another direction. now i am keeping the path and everything else the same, so it points towards an authentication issue.
i ran wireshark to capture traffic and saw that the c550 is appending the domain name prior to the username, which seems odd since i do not have a default DNS name setup in the TCP/IP settings of the printer (i only have an IP setup, no gateway, no DNS, etc) see below packet cap, user is "scan" server is FILESVR003, domain name is "discontinuations.local" changed domain name kept same number characters and you can see its pulling a netbios name for preceeding the username.
...:.SMBr.....C.........................LANMAN1.0. .NT LM 0.12......SMBs..................................
.......B...........`@..+......604..0..
+.....7..
.". NTLMSSP........`.................K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0.......\.SMBs............................... ...
.................!.....0...........NTLMSSP........ .z...............@.......^.......f..............`D .I.S.C.O.N.T.I.N.U.A.T.I.O.N.s.c.a.n.K.M.B.T.5.9.D .1.C.8.(.7).5.A{...t.T..h!.......73.o<[.$...z...........h!......h!.............D.I.S.C.O. N.T.I.N.U.A.T.I.O.N.....F.I.L.E.S.V.R.0.0.3...,.d. i.s.c.o.n.t.i.n.u.a.t.i.o.n.s...l.o.c.a.l...>.f.i. l.e.s.v.r.0.0.3...d.i.s.c.o.n.t.i.n.u.a.t.i.o.n.s. ..l.o.c.a.l...,.d.i.s.c.o.n.t.i.n.u.a.t.i.o.n.s... l.o.c.a.l..........k /..f'....B....K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0..........SMBs........................... ......
.....................O,..|.. V..I.A.\..G.*.N.<.J.....T............@.B.s.c.a.n.. ...K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0...
so ive been thru every page i can see on the pagscope admin util and the domain isnt specified anywhere. it was, at one point, in the DNS default search but since removed and machine rebooted. i cant seem to figure out anywhere else it is in pagescope.
any tips? i'd prefer use the local than domain acct.
thx,
-trekuhl
i am trying to scan to a server (win2k3 r2 x64) that is NOT a domain controller. i want to use a local acct vs a domain acct for this purpose. figure it minimizes some impact of someone capturing traffic/hashes etc. since it appears it only uses LM or NTLM v1/v2 for SMB scanning.
at any rate, i am able to setup a local user acct on win2k3 (FILESVR\scan) and browse via *nix or a non-domain machine perfectly fine. i cannot, however, get this to work from the KM c550. i can input a domain admin acct and goes right thru. when i try to use local acct, both "scan" or append local machine name "FILESVR003\scan" it fails. i kept thinking it was a security setting, but since i can punch right thru with ubuntu or off-domain machine i started thinking in another direction. now i am keeping the path and everything else the same, so it points towards an authentication issue.
i ran wireshark to capture traffic and saw that the c550 is appending the domain name prior to the username, which seems odd since i do not have a default DNS name setup in the TCP/IP settings of the printer (i only have an IP setup, no gateway, no DNS, etc) see below packet cap, user is "scan" server is FILESVR003, domain name is "discontinuations.local" changed domain name kept same number characters and you can see its pulling a netbios name for preceeding the username.
...:.SMBr.....C.........................LANMAN1.0. .NT LM 0.12......SMBs..................................
.......B...........`@..+......604..0..
+.....7..
.". NTLMSSP........`.................K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0.......\.SMBs............................... ...
.................!.....0...........NTLMSSP........ .z...............@.......^.......f..............`D .I.S.C.O.N.T.I.N.U.A.T.I.O.N.s.c.a.n.K.M.B.T.5.9.D .1.C.8.(.7).5.A{...t.T..h!.......73.o<[.$...z...........h!......h!.............D.I.S.C.O. N.T.I.N.U.A.T.I.O.N.....F.I.L.E.S.V.R.0.0.3...,.d. i.s.c.o.n.t.i.n.u.a.t.i.o.n.s...l.o.c.a.l...>.f.i. l.e.s.v.r.0.0.3...d.i.s.c.o.n.t.i.n.u.a.t.i.o.n.s. ..l.o.c.a.l...,.d.i.s.c.o.n.t.i.n.u.a.t.i.o.n.s... l.o.c.a.l..........k /..f'....B....K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0..........SMBs........................... ......
.....................O,..|.. V..I.A.\..G.*.N.<.J.....T............@.B.s.c.a.n.. ...K.O.N.I.C.A. .M.I.N.O.L.T.A. .O.S. .1...0...K.O.N.I.C.A. .M.I.N.O.L.T.A. .L.A.N.M.A.N. .1...0...
so ive been thru every page i can see on the pagscope admin util and the domain isnt specified anywhere. it was, at one point, in the DNS default search but since removed and machine rebooted. i cant seem to figure out anywhere else it is in pagescope.
any tips? i'd prefer use the local than domain acct.
thx,
-trekuhl
Comment