Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Network Scan permission error from MFP

deathnote666deathnote666 Registered User regular
I'm moving from a 2008 R2 to a 2012 R2 server. I have a Konica Minolta MFP setup to send SMB scanned items to a shared folder on the 2008 R2 server. I setup a folder with identical permissions on the 2012 R2 server but the MFP can't authenticate. I tried an admin's credentials in the MFP and they worked on the 2012 R2 folder.

When logged in as that user used for scan authentication on a workstation, they can access, create, modify, delete, etc. anything in that folder.

What am I missing?

Under share permissions, "everyone" can read/write along with the target user
Under security: everyone, domain users, and that user have read, write, modify, etc. permissions.

Posts

  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    I've gone through the exact same transition from 2008 to 2012 with Konica MFPs and it took a bit of tweaking to get them to work. I think I can help.

    Let me start by verifying that I understand the situation right. Does this accurately describe the situation?

    22cl2o7icv0s.png

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
    bowen
  • deathnote666deathnote666 Registered User regular
    That would be accurate.

    The 2008 R2 is a Domain controller and the 2012 R2 will be promoted to a Domain controller at a later time but is on the domain.

  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    Is the scan destination at the root of the share or is it through a subfolder path?

    In other words, is it more like this:

    A) \\server2012\scans

    or more like this:

    B) \\server2012\crap\stuff\butts\scans

    If it is more like (B), try giving the Konica's user Traverse Folder and List Folder permissions to crap, stuff, and butts.

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • deathnote666deathnote666 Registered User regular
    It will eventually be a subfolder but am trying to get the share root to work first.

    \\server2012\scans

    On the MFP, you only need the \scans though.

  • FeralFeral MEMETICHARIZARD along with you if I get drunk well I know I'm gonna be gonna be the man whoRegistered User regular
    edited February 2017
    It will eventually be a subfolder but am trying to get the share root to work first.

    \\server2012\scans

    On the MFP, you only need the \scans though.

    You still need the server name. It just goes in a different field. I hope that's what you meant?

    Here's what one of ours looks like (sanitized of course):
    1k909achojb1.jpg

    A few more weird Active Directory things that can cause inconsistencies in authentication:
    • In the user object in Active Directory Users and Computers, under the Account tab, go into Log On To... and make sure "All Computers" is selected.
    • Also in the Account tab, make sure "Use Kerberos DES encryption types" is off.
    • Below that, make sure "Do not require Kerberos preauthentication" is off.


    If none of that works, then there are a few flaky things about Konicas that I've noticed...

    In SMB Client Setting, there's an option for "SMB Authentication Setting." I've never gotten Kerberos to work reliably with the Konicas and ours are set to NTLMv 2. (You can try NTLMv1 if you want, but keep in mind that NTLMv1 is effectively insecure.) You could try Kerberos and see if the behavior changes.
    kavx10w3owqr.jpg

    We had problems with older versions of the firmware and passwords longer than 14 characters. (Windows uses a different hashing algorithm for passwords under 14 characters.) You could try temporarily setting a short simple password and see what happens. I know, if that were the problem it shouldn't work on either 2008 or 2012 but Windows authentication does weird things sometimes. And I definitely wouldn't leave it on a short stupid password, but it should be fine for troubleshooting purposes.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
    the "no true scotch man" fallacy.
  • deathnote666deathnote666 Registered User regular
    Thanks for the reply!

    Your first screenshot looks like mine. I do have the server IP in the one box and then the rest of the file path in the following box.

    I'll check out what you said the next time I am there and will let you know what I find!

Sign In or Register to comment.