Saned denies access
Hi,
I followed the instructions in this tutorial https://help.ubuntu.com/community/Sa...ane.d+tutorial to set up a network scanner. Everything should be set as needed. However, when I open xsane on a client PC (I tried more than one client, with the same result), the host saned denies access: Code: Feb 6 14:29:56 xxxxxxx systemd[1]: Started Scanner Service (xxx.xxx.xx.xxx:46488). Feb 6 14:29:56 xxxxxxx saned[5122]: saned (AF-indep+IPv6) from sane-backends 1.0.26git starting up Feb 6 14:29:56 xxxxxxx saned[5122]: check_host: access by remote host: localhost Feb 6 14:29:56 xxxxxxx saned[5122]: init: access by host localhost denied Feb 6 14:29:56 xxxxxxx saned[5122]: saned exiting I'm puzzled here by the fact that the access request comes from 'localhost' instead of the client IP/name. If I indeed include localhost in the allowed IPs, the log changes into: Code: check_host: access by remote host: localhost init: bad status=22 or procnum=6350304 I tried several things (add saned to lp and saned groups, modify saned@.service, define permission rules for saned), but nothing changes. Of course, the scanner works locally on the host. If, however, I add localhost both in saned.conf and in net.conf, I can connect to the scanner only locally, no second 'localhost' copy is detected by xsane (as mentioned in the tutorial for troubleshooting). Do you have any idea? Thanks, Stefano |
A more definitive picture is required for anyone who might want to assist here....
1. Which Ubuntu version? 2. Server end - a)Could you confirm your configuration on the server? Code:
cat /etc/sane.d/saned.conf Code:
sudo systemctl status saned.socket Code:
scanimage -L |
Hi, thanks for your reply. I tried to follow the bug post you mentioned before posting here, with no success. I will have another look at it.
1) Server: Ubuntu 16.04.4 LTS - Clients: same OS or other 2) a) Code:
# saned.conf Code:
● saned.socket - saned incoming socket 3) Code:
No scanners were identified. If you were expecting something different, |
I meant to ask you about the scanner model being shared. I've read of an issue with sharing HPLIP (hpaio) supported scanners.
https://bbs.archlinux.org/viewtopic.php?id=228071 https://bugs.launchpad.net/hplip/+bug/1268185 https://bugs.launchpad.net/hplip/+bug/1550744 Discard this post if this is not the case of course. |
The scanner is a CanoScan Lide 120, which, of course, works perfectly on the server:
Code:
found USB scanner (vendor=0x04a9 [Canon], product=0x190e [CanoScan], chip=GL848+) at libusb:001:005 |
Hmmm...the server logging is similar to that described in this Debian bug report. This was found to be due to a configuration issue in /lib/systemd/system/saned\@.service, but I wouldn't expect this to be an issue in Ubuntu 16.04.4 LTS (with sane-backends 1.0.26git). In any case /etc/systemd/system/saned@.service should override it. When you created /etc/systemd/system/saned@.service, did you also do the following afterwards?
Code:
sudo systemctl daemon-reload |
I already tried that, but nothing changes if I modify the entry in etc/systemd/system/saned@.service from 'socket' to 'null' (and viceversa), restarting the daemon each time (sudo systemctl daemon-reload):
Code:
[Unit] |
I note that /etc/systemd/system/saned@.service starts saned as User=saned, Group=saned. After reading this RH bug report I wonder if a udev rule is also needed so that the saned user has the required access to the scanner. (I suppose the 'lp' group could have been in the service unit instead to match the existing udev rules for local scanner devices.) Just a thought.
|
Already have the udev rule, created in /usr/lib/udev/rules.d/70-saned.rules, as explained in that bug report, but it didn't work...
|
I still feel that this is a permissions problem. What does the following return on the server?
Code:
groups saned https://wiki.debian.org/SaneOverNetw..._Configuration Also... Quote:
|
Code:
saned : saned root lp scanner I feel that the problem may be in the fact that the request for access comes from 'localhost' instead of the IP of the client machine, as shown by the log in my first post. This doesn't seem to me logic, but I may be wrong. |
I finally found time to set up remote scanning today, and now have it working. I haven't been able to replicate the issue you're having here. I'm using sane-backends 1.0.27 (openSUSE Leap 42.3), and found from reading 'man saned' that I needed to use /etc/systemd/system/sane@.service like this....
Code:
[Unit] I can trigger saned on the host with telnet... Code:
telnet 192.168.1.12 6566 Code:
# nmap -p 6566 192.168.1.12 Code:
xsane net:192.168.1.12 Code:
Mar 10 21:14:00 linux-54cw saned[3681]: saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up |
Thank you so much for trying to solve this. The 'funny' thing is that I also made it work some time ago on my older PC, and it worked immediately with no issues...
So, I double-checked what you did. The only difference between your configuration file and mine was the 'lp' group: I changed that, restarted the daemon, but still no success. This is what I get with telnet: Code:
Trying 192.168.37.139... Code:
nmap -p 6566 192.168.37.139 Code:
xsane net:192.168.37.139 and the host log is the same I posted in my first post: Code:
Mar 10 17:30:04 zelenka saned[12166]: check_host: access by remote host: localhost |
It is apparent that saned.socket is working ok at least. I think the communication between saned and the input stream is where the problem lies, and the symptoms (localhost reported) do match that outlined in the Debian bug report. I'm not certain that your saned (from sane-backends) is compiled with systemd support.
All that you need to configure this service is described in Code:
man saned |
A bit more testing....if I attempt to use 'StandardInput=null' in saned@.service, and
Code:
systemctl deamon-reload Code:
telnet 192.168.1.12 6566 Code:
Trying 192.168.1.12... Code:
Mar 11 11:36:19 linux-54cw saned[3347]: saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up Code:
Mar 11 11:48:38 linux-54cw systemd[1]: Started Scanner Service (192.168.1.8:52372). |
All times are GMT -5. The time now is 06:00 AM. |