Brother MFC-L3750CDW scanner/printer can't connect to share

[danb35]

My parents just bought a new Brother MFC-L3750CDW MFP, and I'm trying to configure it to scan to their TrueNAS box (running CORE 12.0-U8.1 on a HPE MicroServer Gen8). I've created a new SMB share for that purpose, owned by a user on the NAS. Their laptop is able to connect to that share, log in with that username and password, and read/write/destroy files there.

The MFP, not so much. It has a web interface to configure everything (so at least I'm not entering IPs and passwords on a 3" touch screen), but it refuses to connect, giving this error:

There are three options for "Auth method"; I've tried both Auto and NTLMv2:

I'm not using a domain or any other sort of directory service, just a local user on the NAS. I've tried enabling SMB1 and NTLMv1 to no effect. The MFP is running the most current firmware. What else should I try?

 

[joeschmuck]

I hate saying it but chmod to 777 for that directory. It might work but it's all I can think of right now.

 

[danb35]

The share is already set to full access:

Code:

root@cbnas[/mnt/tank]# ll
total 1228050
drwxr-xr-x  11 root     wheel    uarch         13 Oct 15 13:45 ./
drwxr-xr-x   3 root     wheel    uarch        128 Aug 28 05:46 ../
(snip)
drwxrwxrwx+  2 charlie  charlie  uarch          3 Oct 15 13:47 scanner/
(more snippage)

 

[Jurgen Segaert]

It's probably something really silly. Maybe also share the other settings, e.g. the Host Address and Directory/path from the Printer's Scan to Network section and the Basic options of that share from the TrueNAS Sharing/ SMB section and maybe some of us will spot it.

 

[danb35]

Maybe also share the other settings, e.g. the Host Address and Directory/path from the Printer's Scan to Network section

Makes sense. Here are the share settings:

Share ACL:

Filesystem ACL:

...and the SMB service settings:

Settings on the MFP:

I've also tried with the NAS IP instead of its name, I've tried without the leading \\ in the path, I've tried the username as workgroup\charlie, I've tried with Auth method set to NTLMv2 rather than Auto.

 

[ChrisRJ]

What about SMB v1? I wouldn't be the first scanner to require that ...

 

[danb35]

I've tried enabling SMB1 and NTLMv1 to no effect.

 

[ChrisRJ]

Just to eliminate factors: Can you make it work with a share on a Windows machine?

Are there firmware updates for the printer/scanner?

 

[danb35]

Can you make it work with a share on a Windows machine?

There aren't any Windows machines on their network, but I could probably arrange for that.

Are there firmware updates for the printer/scanner?

Not at this time--there were two updates available when we unboxed it, but they're installed and it's now up-to-date.

 

[Jurgen Segaert]

I have a Wifi-connected Canon multi-function printer/scanner and my settings are very similar. The only noteworthy differences I see is that I have:

• in SMB service:
  • Enable Apple SMB2/3 Protocol extensions: off
• in Sharing:
  • Purpose: No presets
  • Enable SMB2/3 durable handles: off

I've tried the username as workgroup\charlie, I've tried with Auth method set to NTLMv2 rather than Auto.

Did you try charlie@cbnas or cbnas\charlie as the user?

I remember you posting about OPNsense vs pfSense... any long forgotten exotic firewall rules on this network?

 

[danb35]

Did you try charlie@cbnas or cbnas\charlie as the user?

I hadn't; here's what happens when I try charlie@cbnas:

Using cbnas\charlie gives the original error message, STATUS_INVALID_PARAMETER. So whatever the problem is, it isn't authentication.

I remember you posting about OPNsense vs pfSense... any long forgotten exotic firewall rules on this network?

They're using a Unifi Dream Machine, not *Sense. Their network is a flat /24 subnet, nothing fancy going on there.

So, let's see what logs show. Here's what shows in auth_audit.log:
{"timestamp": "2022-10-18T09:00:59.304921-0400", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.2.10:445", "remoteAddress": "ipv4:192.168.2.248:12119", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "charlie", "workstation": "BRNB42200416E83", "becameAccount": "charlie", "becameDomain": "TRUENAS", "becameSid": "S-1-5-21-3580631889-2308737253-4126809102-1000", "mappedAccount": "charlie", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 24298}}

...and in log.wb-CBNAS (not sure these entries are relevant; they seem to predate the one above, but they're the last entries there):

Code:

[2022/10/18 09:00:14.542639,  0] ../../source3/rpc_server/rpc_ncacn_np.c:457(rpcint_dispatch)
  rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
[2022/10/18 09:00:14.543073,  0] ../../source3/rpc_server/rpc_ncacn_np.c:457(rpcint_dispatch)
  rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR

Nothing else in any file in /var/log/samba4.

Changing the settings under the share had no effect. I'm hesitant to turn off the Apple extensions as they (like me) use a Mac).

 

[anodos]

Can you get a pcap and PM it to me, I'll take a peek when I have a chance.
tcpdump -w /tmp/smb.pcap -i <your interface name (i.e. igb0)> host 192.168.2.248
Then scp the file off the box.

 

[danb35]

Can you get a pcap and PM it to me

Done, thanks.

 

[Jurgen Segaert]

So whatever the problem is, it isn't authentication.

This is an interesting read; same ECODE -29 STATUS_INVALID_PARAMETER on Synology, where the issue was caused by some samba (MSDFS VFS?) setting.

Brother Scan-to-Network (INVALID_PARAMETER)

Zunächst einmal nun endlich mein Update zum Thema FTP: Die Funktion "Scan to FTP" funktioniert grundsätzlich. Es gibt hierbei folgende Optionen, die ich auch alle getestet habe: 1. "Nichts" (keine Verschlüsselung): funktioniert 2. "SSL(Impliziter Modus)": funktionierte (seltsamerweise) nicht 3...

www.synology-forum.de