Mother Ricoh help desk had me telnet in and set smb to "2". According to him there is 0,1,2 as options here. He did not mention a 3. I am going to try that first chance I get which probably will be on Wed. Thanks all. Will post back any results.
I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........
Especially when it comes to sex
When I can't get smb to work I will use a little ftp file to scan to folder. You get the same results you are just using a different vehicle to get there.
Thank you for your suggestion, but this is a no go. The whole purpose of the server is it being secured. On a side note, I have run ftp server (filezilla) on workstations and servers where the anti-virus has totally locked down smb. It works the same in the customer's eyes. One case in particular a financial planner. He has an older copier that will only do SMB1 scanning. Didn't want to upgrade (cheap bugger) filezilla was the trick for him.
I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........
Especially when it comes to sex
Filezilla is one of the few providers that does offer a secure, SFTP, option that won't get you banned from a customer location. Filezilla(R) Secure FTP on Windows Server 2019
would changing the smb authentication level from lvl2 to lvl3 or even lvl4 in the web interface do anything for this. admittedly I am looking at an IM C3000 where I saw this setting. I admit I'm a little out of my depth on this subject.
I do recognize most of what you guys are saying are words.
Have you tried enabling Kerberos encryption?
Kerberos Authentication Encryption Setting | User Guide | IM 350, IM 430
That should at least enable the login ticket between the MFP and the server to be encrypted, which may get you working.
Sent from my BlackBerry using Tapatalk
First thing, SMB is a challenge-response protocol which means the client (MFP) presents a challenge list of SMB version dialects (contained in the SMB negotiate protocol request packet). The server responds by either accepting a dialect or refusing the connection.
Current gen Kyocera's going back to the 1 series present SMB NTLM 1.2 through SMB 3.0 to the server. The server decides to accept it's minimum version. There is no need to restrict the versions on the outgoing SMB connections as the endpoint server controls the version to be used.
You will need to examine the SMB negotiate protocol request packet from a network capture on your Ricoh to see the SMB versions it presents to the server.
Wireshark will give you the answer.
If it is presenting a v3 dialect then it may be that the implementation of SMB v3 is not functioning. Kyocera had this problem where the SMBv3 API firmware would mangle the filepath and fail the transfer.
This was also viewable in Wireshark as Invalid file path notifications within the protocol stream.
I am really an ignorant idiot when it comes to Wireshark. The business still hasn't gotten back to us about trying again. When I am running wireshark in the office, no matter what I do, I can see the username in cleartext. It is at this point the customer's network shuts down the smb scanning. The wireshark they did for us, showed the username sent in cleartext and the smb session cancelled. I could see the negociation it seemed like it would try for smb3 but never settle on it (I can't read wireshark). Mother Ricoh is no help what so ever, like they don't care.
We are somewhat blackboxed on this. Business doesn't let us know anything about their network security and are not going out of their way to help us either.
Hopefully we are going to try again soon. Ricoh is supposed to have smb patch out soon. Will post back any new news.
I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........
Especially when it comes to sex
Bookmarks