Chiral Software, Inc. 310-356-7869

Linux network scanning with saned

Category: Linux

3:30 PM, Tue, Jul 17 2007

Scanner Access Now Easy (sane), the scanner control package for Linux, has the ability to expose local scanners as network services, and to access remote scanners over the network. Network scanner access is the best way for a group of computers to share a scanner, or for a laptop to get access to the scanner when needed. Configuring sane and the sane daemon (saned) can be tricky, but once it works, it works beautifully. We configure a client and server machine in this example. Both machines are running KDE Ubuntu (Kubuntu) 7.04, "Feisty Fawn".

Install the software on the server

Open Adept, the package management system. Install sane and sane-utils. Also install xinetd. Saned must be run from xinetd, and xinetd does not come installed by default.

Plug in and turn on the scanner. On the server machine, run the following command:

scanimage -L

If scanimage is not found, the sane packages have not been installed. If scanimage is found and the scanner is being detected correctly, it will return something like:

% scanimage -L
device `epson:libusb:005:003' is a Epson GT-9300 flatbed scanner
device `epkowa:libusb:005:003' is a Epson Perfection 2400 flatbed scanner

Configure saned, xinetd and network on the server

saned must be configured to expose the scanner over the net. Doing this is simple: add the network to /etc/sane.d/saned.conf. You can add an entire network, like this:

192.168.1.0/24

Make sure xinetd is active. It should be activated upon installation. You will need to add a file to the /etc/xinetd.d directory to activate saned. Create a file called saned which contains:

service sane
{
   disable     = no
   socket_type = stream
   wait        = no
   user        = saned
   group       = saned
   server      = /usr/sbin/saned
}

Check that /etc/services contains a line for sane like this:

sane-port       6566/tcp        sane saned      # SANE network scanner daemon

xinetd will use that line to determine which port to listen on for sane connections.

Also make sure that the firewall is set up correctly. The scanner server machine must be able to receive tcp connections on ports above 1024. The connections should be restricted to office machines only. saned is not designed as a secure network server.

The client machine

sane with the network backend must be installed on the client. Install the sane package. Also install Kooka, the KDE scanner application.

Configure the network scanner back-end. To do this, edit the file /etc/sane.d/net.conf and put in the IP address of the scanner server machine.

At this point, the client machine should be ready to scan. Unfortunately, it didn't work. It said that it failed to detect any scanners. How to debug this situation?

Turn off xinetd using this command:

sudo /etc/init.d/xinetd stop

And run saned in debug mode using this command:

saned -d20

This command starts saned in the foreground, waiting for connections, and displays copious debug information to stderr. Running it that way, the client was able to scan. This indicates that the problem was somewhere in the way xinetd is executing saned. Debugging is by elimination: figure out what is different about saned's environment when running from xineted vs. from the command line.

xinetd was shut down, and the following test was made:

Run saned as user saned:

sudo -u saned saned -d

This did not work, whereas running saned as the normal login user, without a sudo, did work. The problem is with the saned user permissions or environment.

Running sudo -u saned saned -d30 did not display any additional debug information.

Running saned as root, like this:

sudo saned -d30

worked. The problem is with the saned user. The problem could be either permissions, or environment variables. It is strange that the saned user is the only user which cannot access saned.

Next step was to try changing the user and group to root in saned's xinetd configuration. This worked. The scanner is now network accessible. The saned user exists to allow saned to run as a non-root user. Unfortunately Ubuntu is not letting saned operate when it runs as user saned. For now we have left the machine with saned running as root. We are looking for more information about what is preventing saned from running as user saned.

At this point, the xinetd file looks like this:

service sane
{
   disable     = no
   socket_type = stream
   wait        = no
   user        = root
   group       = root
   server      = /usr/sbin/saned
}

Now scanimage -L on the client machine returns:

scanimage -L
device `net:192.168.1.21:epson:libusb:005:003' is a Epson GT-9300 flatbed scanner
device `net:192.168.1.21:epkowa:libusb:005:003' is a Epson Perfection 2400 flatbed scanner

The same scanner that was detected on the server is detected on the client, with net:192.168.1.21: as the prefix now.

Conclusion

Saned works as a network scanner. It is normally not difficult to set up, but there is a problem within Ubuntu which is preventing saned from running as user saned. Hopefully this will be resolved.

Copyright 2003-2012, Chiral Software, Inc. colophon