Ricoh and Konica Printers fail authentication scanning to SMB shares

Question

Hello I hope someone can give me some guidance here.

I have spent the past week and a half trying to resolve this issue but have been failing so far. I will break down how the issue began and what I have tried / learned so far.

On January 29th one of hosts that several virtual machines sit on went down. After it came back up all of printers that scan to SMB shares were no longer able to do that. They will now give errors that authentication failed.

To give you an idea of environment it is as follows:

Active Directory / DNS is being handled on a Windows 2012 server Local share is being managed by a CentOS installation running Egnyte Sync.

Both of these are located on the host that went down.

As a side note I would say that this system is something that we have inherited so we are not full aware of all of its ins and outs

I will speak specifically to the Ricoh MP C5503, but note that all models of printers in the office fail to connect to the SMB Share

Troubleshooting that I have performed so far:

• Verified that the active directory account that the printers are using is able to sign in to active directory.

• Verified that Windows Server 2012 does have SMB 1 enabled (though this is probably not needed).

• Verified that the Ricoh is connecting on the correct port (445).

• Verified that the CentOS box did not update when the host came back up.

• Verified with our printer vendor that the firmware was current on the Ricoh.

• Tested connecting to both the shares IP and its DNS name.

• Changed the password to the AD account that’s used on the printers.

• Tested with my own AD account (admin privileges), which failed in the same manner.

• Verified that the printer can reach the internet as it can email scans.

• Verified I can ping the printer and reach its web interface.

I ran a packet trace through Meraki to see what the communication was like between the printer and our windows server. What I found was the printer reached out to our domain controller and it resolved the DNS to the local share. The local share (centOS) negotiated via SMB2 and eventually returned this error to the printer.

SMB2 147 Session Setup Response, Error: STATUS_LOGON_FAILURE

Which based on this windows documentation

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/8f11e0f3-d545-46cc-97e6-f00569e3e1bc

Appears to just be a generic access denied error. I have no idea why this would have just began after the host went down. We are able to access the share without issue from a Mac or PC. Only the printers have this problem.

Answer 1

Not all printers support SMBv2 or SMBv3. A lot of printer just support SMBv1 sadly, even newer model.

For your case, for a Ricoh MP C5503, please see that link;

SMBv1 (Yes) SMBv2 (Yes ()) SMBv3(Yes ()) (*) Available via firmware update

And see that note below;

Even after applying the firmware update, Windows authentication and SMB printing will not be available when SMB v1.0 is disabled. For other products not listed in the above table, only SMB v1.0 is supported. For these products, please use the suggested alternatives from this document.

As such, please validate that in your CentOS, SMBv1 is not disabled.

I'am not a linux expert, but would be there;

/etc/samba/smb.conf

, and the min protocol is maybe not SMB1 there.

min protocol = SMB2