Subscribe

CIFS, cDOT 8.3, and Lexmark MFPs

I've run into an issue head-first that I can't seem to get past. Looks like it's been a prevalent issue on a lot of other mult-function printers as well. Scanning to Network, the device can reach anything the Windows DC provides directly. Like most MFPs, these Lexmark CX410s don't seem to want to play nice with my FAS2552's CIFS SVM. What's worse is that the FAS's log shows nothing related to CIFS (unless I missed something), meaning I have to go only on my MFP's log.

 

---

 

I get a connection error on the MFP when attempting to connect. To keep things simple, I use "\\x.x.x.x\sharename" just in case DNS isn't playing. Domain just reads the netbios name, not the FQDN. Tried connecting to the root share and to the intended destination folder. Still no joy. MFP reports "unable to connect, ensure lwiod and lsassd are running".

 

---

 

The credentials are good. The scanner+service account successfully connects with a test share on the DC. The SVM is connecting to the DC, and is seeing that all types of authentication are accepted. The SVM recognizes domain accounts and can set the Share Permissions based on domain or local accounts. The SVM can see the Default Domain policy. I have tried with both local and domain scanner accounts set to full control and to read/write. Device still refuses to connect. SMB signing is not currently required anywhere on the network. No requirements for SMB2 or 3 have been set on the DC, and none set on the SVM (as far as I am aware).

 

I've read some ridiculous workarounds, including building an iSCSI and have one of the servers just share a small target through Windows. I am not a fan of this idea as it requires that specific server/VM running. Anyone have experience defeating the roadblock and scanning directly to their network folder?

Re: CIFS, cDOT 8.3, and Lexmark MFPs

You probably want to open a case so support can have a look at it, but try updating the firmware on the scanner. 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: CIFS, cDOT 8.3, and Lexmark MFPs

I am really hoping I don't have to, but yeah. I see that too.

 

Yes, the MFP's firmware is the absolutely newest non-beta version.

Highlighted

Re: CIFS, cDOT 8.3, and Lexmark MFPs

[ Edited ]

 

 

 

Please find below printers by category and eSF version ... here is what we have test and is working in CDOT

 

 

 

Screenshot 2017-03-14 21.01.51.jpg

 

 

Lexmark issue 

In Clustered Data ONTAP “NetApp” 8.2 and 8.3” does not handle authenticator with checksum type RSA_MD5
The Kerberos 5 version 1.6 library used in the SVM only supports checksum type 0x8003. However, other implementations like Samba,
support checksum type RSA_MD5. When the SVM encounters the RSA_MD5 checksum in the authenticator during the session setup AndX request, 
it fails the authentication, rendering the client unable to access the file systems in the SVM. The Lexmark MFP fails to scan because 
it uses checksum type RSA_MD5 in the session setup AndX request.

 


Lexmark has provide a fix, see below firmware versions that they working in CDOT.

 

Printer LEXMARK X792

WS-SCAN v3.3.1
Scan to Network v4.5.14

Engine ID = 50
Loader = LHS41.MR.P449-0
Kernel = FHN.HS41.F449-0
Base = LHS41.MR.P449-0
AIO = LHS41.MR.P449-0
Fax = LHS41.MR.P449-0
Network = NH.HS41.N449-0
Network Drvr = LHS41.MR.P449-0
Video = 9.0
UICC = v5.60
Engine = LHSX.HC.E157-0
Panel = v5.60
Green Micro = Boot_v01.21-App_v03.10
Printhead = LSU.as.H000.00
Transfer Module = 1.1
Font = 8.11H01-U5.021
ES = LHS41.MR.P449-0

 


Printer LEXMARK X711

Scan to Network v4.8.8
Framework version v4.4.4

Engine ID = 70
Fuser Type = 01
Loader = LW62.TU.P676-0
Kernel = FW62.TU.F676-0
Base = LW62.TU.P676-0
AIO = LW62.TU.P676-0
Fax = LW62.TU.P676-0
Network = NH62.TU.N676-0
Network Drvr = LW62.TU.P676-0
Engine = FDN.TU.E715-0
Panel = v4.1e8.0hw12c5t
Green Micro = Boot_v00.00-App_v01.12
Font = 8.11H01-U5.021
ES = LW62.TU.P676-0
WebClient = FWB.111016.2106-010000
Crypto Module = 2.10
Scanner = LW62.TU.P676