Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34
  1. #11
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Ricoh smb scanning with end to end encyrption

    Quote Originally Posted by Brianneoe View Post
    I might be all wet on this but you have nothing to lose at this point. Have you telnet into the MFP and changed "smb client auth 3" and then logout? I just ran a test on a C306 and it took..
    You may be on to something here. Between this and making sure that the machine is using port 445 for SMB this may resolve the issue. It's been years since I've seen an NTLM issue in the wild, but it's definitely worth checking.

    Sent from my BlackBerry using Tapatalk

  2. #12
    Field Supervisor 500+ Posts
    Join Date
    Sep 2009
    Posts
    566
    Rep Power
    49

    Re: Ricoh smb scanning with end to end encyrption

    Mother Ricoh help desk had me telnet in and set smb to "2". According to him there is 0,1,2 as options here. He did not mention a 3. I am going to try that first chance I get which probably will be on Wed. Thanks all. Will post back any results.
    I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........


    Especially when it comes to sex

  3. #13
    Senior Tech 100+ Posts
    Ricoh smb scanning with end to end encyrption


    Join Date
    Feb 2011
    Location
    Las Vegas
    Posts
    220
    Rep Power
    31

    Re: Ricoh smb scanning with end to end encyrption

    When I can't get smb to work I will use a little ftp file to scan to folder. You get the same results you are just using a different vehicle to get there.

  4. #14
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Ricoh smb scanning with end to end encyrption

    Quote Originally Posted by Reed View Post
    When I can't get smb to work I will use a little ftp file to scan to folder. You get the same results you are just using a different vehicle to get there.
    Which may require additional permission from the customer as well. Nothing like potentially adding an unauthorised server to the company's environment.

    Sent from my BlackBerry using Tapatalk

  5. #15
    Field Supervisor 500+ Posts
    Join Date
    Sep 2009
    Posts
    566
    Rep Power
    49

    Re: Ricoh smb scanning with end to end encyrption

    Quote Originally Posted by Reed View Post
    When I can't get smb to work I will use a little ftp file to scan to folder. You get the same results you are just using a different vehicle to get there.

    Thank you for your suggestion, but this is a no go. The whole purpose of the server is it being secured. On a side note, I have run ftp server (filezilla) on workstations and servers where the anti-virus has totally locked down smb. It works the same in the customer's eyes. One case in particular a financial planner. He has an older copier that will only do SMB1 scanning. Didn't want to upgrade (cheap bugger) filezilla was the trick for him.
    I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........


    Especially when it comes to sex

  6. #16
    Retired 10,000+ Posts
    Ricoh smb scanning with end to end encyrption

    slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    34,126
    Rep Power
    989

    Re: Ricoh smb scanning with end to end encyrption

    Quote Originally Posted by tonerhead View Post
    Thank you for your suggestion, but this is a no go. The whole purpose of the server is it being secured. On a side note, I have run ftp server (filezilla) on workstations and servers where the anti-virus has totally locked down smb. It works the same in the customer's eyes. One case in particular a financial planner. He has an older copier that will only do SMB1 scanning. Didn't want to upgrade (cheap bugger) filezilla was the trick for him.
    Filezilla is one of the few providers that does offer a secure, SFTP, option that won't get you banned from a customer location. Filezilla(R) Secure FTP on Windows Server 2019

  7. #17
    Junior Member
    Join Date
    Jun 2021
    Location
    Hays, Kansas
    Posts
    5
    Rep Power
    0

    Re: Ricoh smb scanning with end to end encyrption

    would changing the smb authentication level from lvl2 to lvl3 or even lvl4 in the web interface do anything for this. admittedly I am looking at an IM C3000 where I saw this setting. I admit I'm a little out of my depth on this subject.
    I do recognize most of what you guys are saying are words.

  8. #18
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Ricoh smb scanning with end to end encyrption

    Have you tried enabling Kerberos encryption?
    Kerberos Authentication Encryption Setting | User Guide | IM 350, IM 430

    That should at least enable the login ticket between the MFP and the server to be encrypted, which may get you working.

    Sent from my BlackBerry using Tapatalk

  9. #19
    Senior Tech 250+ Posts PrintWhisperer's Avatar
    Join Date
    Feb 2018
    Location
    Wild West
    Posts
    433
    Rep Power
    29

    Re: Ricoh smb scanning with end to end encyrption

    First thing, SMB is a challenge-response protocol which means the client (MFP) presents a challenge list of SMB version dialects (contained in the SMB negotiate protocol request packet). The server responds by either accepting a dialect or refusing the connection.

    Current gen Kyocera's going back to the 1 series present SMB NTLM 1.2 through SMB 3.0 to the server. The server decides to accept it's minimum version. There is no need to restrict the versions on the outgoing SMB connections as the endpoint server controls the version to be used.

    You will need to examine the SMB negotiate protocol request packet from a network capture on your Ricoh to see the SMB versions it presents to the server.
    Wireshark will give you the answer.

    If it is presenting a v3 dialect then it may be that the implementation of SMB v3 is not functioning. Kyocera had this problem where the SMBv3 API firmware would mangle the filepath and fail the transfer.

    This was also viewable in Wireshark as Invalid file path notifications within the protocol stream.

  10. #20
    Field Supervisor 500+ Posts
    Join Date
    Sep 2009
    Posts
    566
    Rep Power
    49

    Re: Ricoh smb scanning with end to end encyrption

    I am really an ignorant idiot when it comes to Wireshark. The business still hasn't gotten back to us about trying again. When I am running wireshark in the office, no matter what I do, I can see the username in cleartext. It is at this point the customer's network shuts down the smb scanning. The wireshark they did for us, showed the username sent in cleartext and the smb session cancelled. I could see the negociation it seemed like it would try for smb3 but never settle on it (I can't read wireshark). Mother Ricoh is no help what so ever, like they don't care.

    We are somewhat blackboxed on this. Business doesn't let us know anything about their network security and are not going out of their way to help us either.

    Hopefully we are going to try again soon. Ricoh is supposed to have smb patch out soon. Will post back any new news.
    I've proved mathematics wrong. 1 + 1 doesn't always equal 2.........


    Especially when it comes to sex

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here