[SOLVED] Can't scan to FTP server

bennypr0fane · 12-09-2023, 06:42 PM

My scanner apparently can't save files on the FTP server running on my Raspberry Pi: The server answer, however, seems to consist only of its IP address (printed out when scanning is unsuccessful.
To configure the server, I mostly followed this tutorial(although the server OS is Raspbian 12), except I haven't secured it with SSL, with everything being on my home LAN - and the scanner's FTP client might not support it.
The report printed out is:

Quote:

Scanniong to FTP server failed.
Date:
Connection error: -4
File put command failed
server answer: 192.168.178.4

Here's my vsftpd.conf (I deleted all commented-out lines):

Code:

~ $ cat /etc/vsftpd.conf 

listen=NO

listen_ipv6=YES

anonymous_enable=NO

local_enable=YES

write_enable=YES


dirmessage_enable=YES

use_localtime=YES

xferlog_enable=YES

connect_from_port_20=YES

chroot_local_user=YES

secure_chroot_dir=/var/run/vsftpd/empty

pam_service_name=vsftpd

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
user_sub_token=$USER
local_root=/home/$USER/FTP
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

On the server:

Code:

:~ $ ls -la /home/xeroxb225/FTP
total 16
dr-xr-xr-x 3 nobody    nogroup   4096 Dec  9 23:44 .
drwxr-xr-x 3 xeroxb225 xeroxb225 4096 Dec  9 23:32 ..
drwxr-xr-x 2 xeroxb225 xeroxb225 4096 Dec 10 00:47 Scans
-rw-r--r-- 1 root      root        17 Dec  9 23:44 test.txt

Settings in Scanner's FTP client:
user name: xeroxb225
password:
address: 192.168.178.4:21
file name: /home/xeroxb225/FTP/Scans/scannedimage

where scannedimage is a standard file name, appended with timestamp.

I also tried the server address without specifying the port: 192.168.178.4

rkelsen · 12-09-2023, 07:03 PM

Why are you using FTP for this?

Can your scanner use SMB shares? Surely, that would be a better option.

You could try using this for the server address: ftp://192.168.178.1:21

Can you log into the server from another machine?

lvm_ · 12-10-2023, 03:28 AM

Probably chroot. Users shouldn't be able to acess full path from chroot jail.

bennypr0fane · 12-10-2023, 06:33 AM

Thanks for taking the time to look at this!

Quote:

Why are you using FTP for this?

I actually felt that it might be a more robust solution with a Linux server. Also, when I have to use Micrsoft tech, I feel like I'm getting my hands dirty.

Quote:

Can your scanner use SMB shares? Surely, that would be a better option.

Apparently, it can. How is it better in your opinion? I already have the FTP server all set up (with some config error still to fix, apparently), and would have to go through the whole procedure again setting up SMB. Is the hypothetical advantage worth it?
For the record, scan-to-FTP has already worked with this same scanner/MFP, but I had to reinstall the Raspberry Pi's OS and also changed the router (new ISP).

Quote:

You could try using this for the server address: ftp://192.168.178.1:21

Already did (except it's 192.168.178.4:21 rather than 192.168.178.1:21), no difference

Quote:

Can you log into the server from another machine?

Yes, currently I only have SSH running to interact with the server, but could work on it directly/physically and install a GUI, if need be (I hope not).

Quote:

Probably chroot. Users shouldn't be able to acess full path from chroot jail.

To be honest, I haven't quite understood the chroot jail thingy (and all about locking a user out from a folder that it's supposed to save files to??). Which setting do I need to fix for that path issue?

michaelk · 12-10-2023, 07:58 AM

The question I believe was can you log into the server from another machine using ftp. A chroot jail keeps the user confined to the desired directory. Since the desired directory is /home/$USER/ftp any attempt to use cd to change to a higher directory i.e. /home/$USER/ should cause an error.

lvm_ · 12-10-2023, 09:11 AM

Chroot changes user's root folder to something else, so full path starting from /home/... becomes inaccessible. You can either disable chroot but this will bake your system less secure, or you can figure out where vsftpd chroots its users and specify the path on the scanner accordingly. If it is user's home, as most probably is the case, then it should be /FTP/Scans/...

bennypr0fane · 12-10-2023, 04:30 PM

Yes, I tested the ftp connection from another pc:

Code:

$ ftp -p 192.168.178.4
Connected to 192.168.178.4 (192.168.178.4).
220 (vsFTPd 3.0.3)
Name (192.168.178.4:ben): xeroxb225
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd ..
250 Directory successfully changed.
ftp> dir
227 Entering Passive Mode (192,168,178,4,171,42).
150 Here comes the directory listing.
drwxr-xr-x    2 1002     1002         4096 Dec 10 01:25 Scans
-rw-r--r--    1 0        0              17 Dec 09 23:44 test.txt
226 Directory send OK.
ftp> cd /home/xeroxb225
550 Failed to change directory.

Btw in the default config it used Extended Passive Mode rather than Passive mode - I changed that by entering the `passive`command, and now I can't find a way to go back. Could Passive Mode be causing problems?

Looking at the vsftpd.conf file, can you see anything wrong?

Quote:

you can figure out where vsftpd chroots its users and specify the path on the scanner accordingly. If it is user's home, as most probably is the case, then it should be /FTP/Scans/...

I'm guessing these lines in vsftpd.conf are doing what you mean:

Code:

chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/FTP

The scanner-side setting is indeed to send to

Quote:

file name: /home/xeroxb225/FTP/Scans/scannedimage

rkelsen · 12-10-2023, 04:58 PM

Quote:

Originally Posted by bennypr0fane

I actually felt that it might be a more robust solution with a Linux server. Also, when I have to use Micrsoft tech, I feel like I'm getting my hands dirty.

I don't think FTP is more robust than a direct connection. Samba isn't Microsoft software.

Quote:

Originally Posted by bennypr0fane

Apparently, it can. How is it better in your opinion?

Easier to use, wider compatibility, better security, etc. FTP is a dying protocol.

Quote:

Originally Posted by bennypr0fane

I already have the FTP server all set up (with some config error still to fix, apparently), and would have to go through the whole procedure again setting up SMB. Is the hypothetical advantage worth it?

You do whatever you like... but there are better ways.

michaelk · 12-10-2023, 05:12 PM

You do need to specify port number i.e. 21

Quote:

file name: /home/xeroxb225/FTP/Scans/scannedimage

In a chroot environment the "root" directory is /home/xeroxb225/FTP which is seen as /. The filename to specify in the printer would be I would guess:

file name: /Scans/scannedimage

From reviewing the online manual all it says is configure the settings which does not help much if I am looking at the correct document.

Check the logs /var/log/vsftpd.log

Also according to the online manual the printer supports sftp by specifying the port numbers as 22. You can also configure a ssh user with a chroot jail or sftp only privileges.

samba isn't Microsoft software, just the implementation of Microsoft software...

bennypr0fane · 12-15-2023, 06:55 PM

It works with the file name /Scans/scannedimage! And in one of the scan profiles (one for .pdf, one for .jpeg), I had it configured completely wrong, which found out looking into the logs.
I already had port 21 specified in settings.
Thanks for all the helpful hints!

Btw I also set up and SMB share, just to see how it's cooler and everything - and it's not working (and the logs have me stumped as well)... Maybe I'll make a separate post about it, if somehow I find out it actually is better for my purposes.

michaelk · 12-15-2023, 08:38 PM

The client software on the printer might only support SMB version 1 which is now depreciated so it may not work at all. Did you add a samba password if required using the smbpasswd command?

bennypr0fane · 12-20-2023, 07:36 PM

I confirmed that the client supports SMB up to v3.
Yes, I used the smbpassword command, but it's still not working. I created a new thread for this problem here.
Thanks for all the help!