• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.

‎06-25-2015 08:39 PM

HP Recommended
Product: Hp OfficeJet 8620
Operating System: Microsoft Windows 7 (64-bit)

Greetings, all.

 

Could someone please advise which authentication protocls are used by HP printers when performing user authentication to a network folder? NTLM, NTLMv2, etc? Is SMB encryption supported?

 

I've seen nothing of detail in this on any HP documentation.

 

I have successfully set up *one* "Scan to Network Folder" entry to an existing shared folder on a Samba server using a dedicated domain account intended for use by the scanner service. The *second* one I attempt, against a second SAMBA server (my BDC in this domain), using the same network identity, fails. The shares are configured identically, which suggests to me some aspect of authentication protocols being negotiated between the printer and the shares are not the same. If I could find some documentation on what the HP printer is trying to negotiate, it would likely point out my issue.

 

When I set up a temporary shared folder on my Windows 7 domain-joined laptop, and authenticated to it via the same dedicated domain account, the Windows 7 security logs indicated that the printer used only NTLMv1 authentication. I do not know if this is simply because it is the only version the printer supports, or if it negotiated *down* to this for some reason. Obviously, NTLMv1 is not my preferred configuration; hence, info on the printer's actual protocol negotiation would be very helpful.

 

Thanks,

David

 

 

 

2 REPLIES 2

‎06-27-2015 10:13 AM - edited ‎06-27-2015 11:32 AM

HP Recommended

At present, after extensive testing, I can state with a high level of confidence that the HP 8620 *cannot* negotiate an SMB2 protocol-based connection for authenticating to a Samba-based share. 

 

With the 8620 configured to scan to a network share hosted on an Samba 3.6.24 server with support from SMB to SMB2, the printer authenticated properly. When connecting to a share on a Samba 4.x server supporting *only* SMB2, the printer connect fails. After reconfiguring the *working* Samba server to support only SMB2, the previously working connection fails as well. Restoring SMB1 works.

 

Mandatory server signing will also prevent the printer from connecting to the share. Changing "server signing" to "auto" from "mandatory" will fix this issue.

 

Was this reply helpful? Yes No

‎06-27-2015 10:50 AM

HP Recommended

Subsequent investigation reveals that the HP 8620 supports *only* NTLM 0.12 authentication under the SMB1 protocol.

 

For a printer that is designed to work in an office/business environment, I don't think this configuration would be considered acceptable - especially for one of HP newest printers. 

 

Can someone with HP advise if perhaps there is additional configuration or later firmware for this printer that will support something more secure, such as SMB2/NTLMv2? or SMB3?

 

My research was done with an 8620 configured to scan to two different network shares, one supporting SMB1, the other SMB2, and the latter refusing to connect. Disabling SMB1 on the former then caused the working share to fail. Packet captures from the printer to each server hosting the respective shares show the printer requesting NTLM 0.12.

 

 

Was this reply helpful? Yes No
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.