Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Everything should be set as needed. However, when I open xsane on a client PC (I tried more than one client, with the same result), the host saned denies access:
Code:
Feb 6 14:29:56 xxxxxxx systemd[1]: Started Scanner Service (xxx.xxx.xx.xxx:46488).
Feb 6 14:29:56 xxxxxxx saned[5122]: saned (AF-indep+IPv6) from sane-backends 1.0.26git starting up
Feb 6 14:29:56 xxxxxxx saned[5122]: check_host: access by remote host: localhost
Feb 6 14:29:56 xxxxxxx saned[5122]: init: access by host localhost denied
Feb 6 14:29:56 xxxxxxx saned[5122]: saned exiting
I'm puzzled here by the fact that the access request comes from 'localhost' instead of the client IP/name. If I indeed include localhost in the allowed IPs, the log changes into:
Code:
check_host: access by remote host: localhost
init: bad status=22 or procnum=6350304
I tried several things (add saned to lp and saned groups, modify saned@.service, define permission rules for saned), but nothing changes. Of course, the scanner works locally on the host. If, however, I add localhost both in saned.conf and in net.conf, I can connect to the scanner only locally, no second 'localhost' copy is detected by xsane (as mentioned in the tutorial for troubleshooting).
Hi, thanks for your reply. I tried to follow the bug post you mentioned before posting here, with no success. I will have another look at it.
1) Server: Ubuntu 16.04.4 LTS - Clients: same OS or other
2)
a)
Code:
# saned.conf
# Configuration for the saned daemon
## Daemon options
# Port range for the data connection. Choose a range inside [1024 - 65535].
# Avoid specifying too large a range, for performance reasons.
#
# ONLY use this if your saned server is sitting behind a firewall. If your
# firewall is a Linux machine, we strongly recommend using the
# Netfilter nf_conntrack_sane connection tracking module instead.
#
# data_portrange = 10000 - 10100
## Access list
# A list of host names, IP addresses or IP subnets (CIDR notation) that
# are permitted to use local SANE devices. IPv6 addresses must be enclosed
# in brackets, and should always be specified in their compressed form.
#
# The hostname matching is not case-sensitive.
192.168.38.6
192.168.37.67
192.168.38.167
#localhost
#scan-client.somedomain.firm
#192.168.0.1
#192.168.0.1/29
#[2001:db8:185e::42:12]
#[2001:db8:185e::42:12]/64
# NOTE: /etc/inetd.conf (or /etc/xinetd.conf) and
# /etc/services must also be properly configured to start
# the saned daemon as documented in saned(8), services(4)
# and inetd.conf(4) (or xinetd.conf(5)).
b)
Code:
● saned.socket - saned incoming socket
Loaded: loaded (/etc/systemd/system/saned.socket; enabled; vendor preset: enabled)
Active: active (listening) since Thu 2018-02-22 10:47:08 CET; 1 weeks 6 days ago
Listen: [::]:6566 (Stream)
Accepted: 3; Connected: 0
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
3)
Code:
No scanners were identified. If you were expecting something different,
check that the scanner is plugged in, turned on and detected by the
sane-find-scanner tool (if appropriate). Please read the documentation
which came with this software (README, FAQ, manpages).
Hmmm...the server logging is similar to that described in this Debian bug report. This was found to be due to a configuration issue in /lib/systemd/system/saned\@.service, but I wouldn't expect this to be an issue in Ubuntu 16.04.4 LTS (with sane-backends 1.0.26git). In any case /etc/systemd/system/saned@.service should override it. When you created /etc/systemd/system/saned@.service, did you also do the following afterwards?
I already tried that, but nothing changes if I modify the entry in etc/systemd/system/saned@.service from 'socket' to 'null' (and viceversa), restarting the daemon each time (sudo systemctl daemon-reload):
I note that /etc/systemd/system/saned@.service starts saned as User=saned, Group=saned. After reading this RH bug report I wonder if a udev rule is also needed so that the saned user has the required access to the scanner. (I suppose the 'lp' group could have been in the service unit instead to match the existing udev rules for local scanner devices.) Just a thought.
Test if the server can reach its own saned on localhost
Instead of using the scanner directly, try and access it via the localhost interface. If this doesn't work, it won't work across the network. Due to a bug in udev, it may be necessary to add the saned user to the lp group with this command:
And yes, the server can access the scanner via localhost (two copies of the scanner are present in this case).
I feel that the problem may be in the fact that the request for access comes from 'localhost' instead of the IP of the client machine, as shown by the log in my first post. This doesn't seem to me logic, but I may be wrong.
I finally found time to set up remote scanning today, and now have it working. I haven't been able to replicate the issue you're having here. I'm using sane-backends 1.0.27 (openSUSE Leap 42.3), and found from reading 'man saned' that I needed to use /etc/systemd/system/sane@.service like this....
Code:
[Unit]
Description=Scanner Service
Requires=saned.socket
[Service]
ExecStart=/usr/sbin/saned
User=saned
Group=lp
StandardInput=socket
Environment=SANE_CONFIG_DIR=/etc/sane.d
# If you need to debug your configuration uncomment the next line and
# change it as appropriate to set the desired debug options
# Environment=SANE_DEBUG_DLL=255 SANE_DEBUG_BJNP=5
[Install]
Also=saned.socket
*The 'saned' group doesn't exist in this distro and the 'lp' group makes better sense (for local scanners) anyway. I also had to use 'StandardInput=socket' as I don't appear to have saned compiled with systemd support.
I can trigger saned on the host with telnet...
Code:
telnet 192.168.1.12 6566
Trying 192.168.1.12...
Connected to 192.168.1.12.
Escape character is '^]'.
The open port can be verified from the client...
Code:
# nmap -p 6566 192.168.1.12
Starting Nmap 6.47 ( http://nmap.org ) at 2018-03-10 21:55 NZDT
Nmap scan report for linux-54cw (192.168.1.12)
Host is up (0.11s latency).
PORT STATE SERVICE
6566/tcp open sane-port
MAC Address: 20:68:9D:8B:3C:2E (Liteon Technology)
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
and I can scan remotely using
Code:
xsane net:192.168.1.12
The host logging looks like this...
Code:
Mar 10 21:14:00 linux-54cw saned[3681]: saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
Mar 10 21:14:00 linux-54cw saned[3681]: check_host: access by remote host: ::ffff:192.168.1.8
Mar 10 21:14:00 linux-54cw saned[3681]: init: access granted to dean@::ffff:192.168.1.8
Thank you so much for trying to solve this. The 'funny' thing is that I also made it work some time ago on my older PC, and it worked immediately with no issues...
So, I double-checked what you did.
The only difference between your configuration file and mine was the 'lp' group: I changed that, restarted the daemon, but still no success.
This is what I get with telnet:
Code:
Trying 192.168.37.139...
Connected to 192.168.37.139.
Escape character is '^]'.
Connection closed by foreign host.
This is what I get from the client:
Code:
nmap -p 6566 192.168.37.139
Starting Nmap 7.40 ( https://nmap.org ) at 2018-03-10 17:35 CET
Nmap scan report for 192.168.37.139
Host is up (0.00056s latency).
PORT STATE SERVICE
6566/tcp open sane-port
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
But, when I try
Code:
xsane net:192.168.37.139
I get: "Failed to open device `net:192.68.37.139' Error during device I/O"
and the host log is the same I posted in my first post:
Code:
Mar 10 17:30:04 zelenka saned[12166]: check_host: access by remote host: localhost
Mar 10 17:30:04 zelenka saned[12166]: init: access by host localhost denied
Mar 10 17:30:04 zelenka saned[12166]: saned exiting
It is apparent that saned.socket is working ok at least. I think the communication between saned and the input stream is where the problem lies, and the symptoms (localhost reported) do match that outlined in the Debian bug report. I'm not certain that your saned (from sane-backends) is compiled with systemd support.
All that you need to configure this service is described in
A bit more testing....if I attempt to use 'StandardInput=null' in saned@.service, and
Code:
systemctl deamon-reload
then from the client I do
Code:
telnet 192.168.1.12 6566
and get
Code:
Trying 192.168.1.12...
Connected to 192.168.1.12.
Escape character is '^]'.
Connection closed by foreign host.
while the following is then reported on the saned host
Code:
Mar 11 11:36:19 linux-54cw saned[3347]: saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
Mar 11 11:36:19 linux-54cw saned[3347]: check_host: access by remote host: localhost
Mar 11 11:36:19 linux-54cw saned[3347]: init: bad status=22 or procnum=0
Mar 11 11:36:19 linux-54cw saned[3347]: saned exiting
I've reverted back to 'StandardInput=socket' and it behaves as expected again
Code:
Mar 11 11:48:38 linux-54cw systemd[1]: Started Scanner Service (192.168.1.8:52372).
Mar 11 11:48:38 linux-54cw saned[3917]: saned (AF-indep+IPv6) from sane-backends 1.0.27 starting up
Mar 11 11:48:38 linux-54cw saned[3917]: check_host: access by remote host: ::ffff:192.168.1.8
Mar 11 11:48:38 linux-54cw saned[3917]: init: access granted to dean@::ffff:192.168.1.8
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.