Translation(s): English - Français - Italiano
Sharing a USB or network scanner over a network with SANE.
Contents
Introduction
SCANNER SERVER CLIENT +-------------------+ +------------------------+ +-----------------------------+ | Non-networked | | libsane + sane-utils | | libsane | | stand-alone or | USB | | cable/wireless | | | multifunctional |<----->| saned.conf: permitted |<-------------->| dll.conf: uncomment net | | device | | connections | | net.conf: server IP address | +-------------------+ +------------------------+ +-----------------------------+
This page is written principally in the context of a user with Debian 8 (jessie), Debian 9 (stretch) or Debian 10 (buster) installed. These distributions have an init system (the first process started during booting of the computer and which governs its subsequent behaviour) based on systemd. On a machine with a scanner connected to a USB port (the server), SANE with systemd can be socket activated (check that the service is enabled). The saned daemon is started when a request is received on the server from a client and is stopped when the request is fulfilled. This forms the basis for a scanner shared by the server to serve up an image of a document to an application on a client.
Essentially, saned on the server and the net backend on the client are used to convert a non-networked or network-incapable scanner into a networked one.
SCANNER CLIENT +-----------------+ +--------------------------+ | Network-capable | | | | stand-alone or | cable/wireless | libsane | | multifunctional |<-------------->| Vendor-specific packages | | device | | | +-----------------+ +--------------------------+
A scanner which is network enabled with a cabled or wireless connection (a network scanner) is accessed with the help of libsane and one of its collection of backends. Consult a backend's manual for information on whether the backend supports scanning over the network. For example, theepson2 and pixma backends do. libsane interworks with the non-SANE, HP-provided hpaio backend. Other vendors also provide a means to access a network-capable scanner but there is generally a non-free aspect to what they offer, so configuration of their devices is not treated on this page.
Sharing a USB Connected Scanner
Server Configuration
Install sane-utils to get saned.
Check that the contents of /etc/default/saned fit the system and that saned is in the scanner group. No changes need be made to this file for the vast majority of users. You should see this:
$ groups saned saned : saned scanner
Add the hostnames, IP addresses or IP subnets that are permitted to use local SANE devices on the server in /etc/sane.d/saned.conf. For example, you could allow the local network using the following configuration, which will vary according to your network configuration:
192.168.0.1/24
If necessary (look at systemctl status saned.socket) and enable the systemd socket service:
$ sudo systemctl enable saned.socket Created symlink from /etc/systemd/system/sockets.target.wants/saned.socket to /lib/systemd/system/saned.socket. $ sudo systemctl start saned.socket $ sudo systemctl status saned.socket
- The server will now be sharing the USB connected scanner with other designated machines on the network.
A first installation of libsane has the socket service disabled, so it would be necessary to enable and start it as described above.
Client Configuration
It is essential to install libsane and, for testing the client's ability to see the networked scanner, it is recommended to install sane-utils. Success in detecting the shared scanner with scanimage indicates probable success with other frontends.
Uncomment the net backend entry in /etc/sane.d/dll.conf.
Add the IP address/hostname of the sane server to /etc/sane.d/net.conf.
- If everything is working correctly you should get something like this:
% scanimage -L
device `net:192.168.0.100:plustek:libusb:002:006' is a Canon N670U/N676U/LiDE20 USB flatbed scanner
Note that the net backend is not for accessing arbitrary scanners over a network. It's intended use is for the server (which has a SANE-supported scanner) to be able to export that scanner to clients on the network via a single SANE-specific, manufacturer-agnostic protocol.
Troubleshooting
Make sure the saned user can access the scanner locally on the server. scanimage -L should detect the scanner if there is a backend on the system for it and the saned user has permission to access the USB bus; sane-find-scanner will indicate whether the saned user does have permission.
To run as the saned user either become root with su and do
su -s /bin/bash saned sane-find-scanner scanimage -L
or use sudo:
sudo -u saned sane-find-scanner sudo -u saned scanimage -L
Also see how a USB scanner is set up for more information on the local configuration.
Having an ordinary user with or without permissions on the USB bus (libpam-systemd might not be installed) is of no consequence. It is the saned user which needs the permissions.
Bear in mind that sane-find-scanner does a generic USB scan; success indicates a user has sufficient privileges to access the USB devices. On the other hand, a negative response to scanimage -L means that none of the SANE or vendor-supplied backends have knowledge of this model of scanner, so will not talk to it.
If the scanner works on the server but not remotely, make sure the saned.socket service is running correctly on the server; systemctl should tell you this:
$ systemctl status saned.socket ● saned.socket - saned incoming socket Loaded: loaded (/lib/systemd/system/saned.socket; enabled) Active: active (listening) since Wed 2017-11-15 22:28:05 UTC; 1s ago Listen: [::]:6566 (Stream) Accepted: 0; Connected: 0 Nov 15 22:28:05 mafalda systemd[1]: Listening on saned incoming socket.
You should also be able to ping the host configured:
$ ping -c1 mafalda PING mafalda.anarc.at (192.168.0.6) 56(84) bytes of data. 64 bytes from mafalda.anarc.at (192.168.0.6): icmp_seq=1 ttl=64 time=0.400 ms --- mafalda.anarc.at ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
You can also try to connect directly to the scanner with:
xsane net:192.168.0.6
If you have trouble connecting multiple computers to the server, systemctl status saned.socket might show:
saned.socket: Too many incoming connections (1), dropping connection.
This is a known bug in the systemd unit. For a workaround on jessie or stretch:
cp /lib/systemd/system/saned.socket /etc/systemd/system/saned.socket.
Edit and replace MaxConnections=1 with MaxConnections=64.
systemctl daemon-reload.
On stretch it is probably more convenient to do:
systemctl edit --full saned.socket.
Scanning with the eSCL Protocol
Many modern MFDs and scanners support the eSCL protocol. The protocol is a vendor-neutral network protocol that allows driverless scanning with suitable SANE backends via ethernet, wireless and USB connected devices. In other words.the protocol works not only with network-connected devices that advertise themselves via DNS-SD but also with USB devices using IPP-over-USB.
Two suitable SANE backends are sane-escl, which is provided by the SANE Project (but not yet in the unstable archive), and the independent sane-airscan, which is developed by Alexander Pevzner and which also works with the WSD protocol. Although based on using the same eSCL protocol, sane-escl and sane-airscan do not at present provide the same set of scanning facilities.
- A Debian 11 (bullseye) user is advised to have both backends on the system for a successful modern scanning experience.
eSCL is also known as Apple AirScan or AirPrint scanning. It was introduced by Apple as a way of scanning from a mobile device and any device that supports AirPrint version 1.4 should support eSCL. Official documentation of the protocol is non-existent but it has turned out to be relatively easy to reverse-engineer because it is a simple XML and HTTP based protocol. SCL stands for Scanner Control Language; what e stands for is unknown.
A device that understands the eSCL protocol will provide an output from the following command giving the capabilities of the scanner device. The meaning of uscan is not obvious but it is possibly universal scan.
avahi-browse -rt _uscan._tcp
Very many modern scanner devices now become amenable to working with SANE and its frontends. A case in point is the situation regarding Canon devices. SANE frontends can now access such devices.
Scanning with the WSD Protocol
Another vendor-neutral network protocol that allows driverless scanning with a suitable SANE backend is based on Microsoft's Web Services for Devices framework. WSD is a set of specifications aimed at handling network communication between devices that offer some kind of functionality, such as scanners. There's a discovery protocol, a way to retrieve a list of service attributes from a scanner and a set of rules to signal commands or events. WSD is a technology similar to eSCL in that it is based on connecting by http and XML.
Scanner devices may offer
eSCL only.
- WSD only.
- eSCL and WSD.
Of the two previously mentioned backends only sane-airscan will deal with the WSD protocol. Its backend implements escl as well as WSD, choosing automatically between them. The use of this backend obviously brings more scanner devices into use with SANE. To use eSCL mode or WSD mode a user usually has nothing to do. However, some WSD-capable devices require the protocol to be explicitly activated on them from an EWS. See the sane-airscan website for details. But do note:
The WSD protocol is not yet available over an IPP-over-USB connection with sane-airscan.
With sane-airscan on the system, either of these two commands should indicate which protocols (eSCL and/or WSD) are supported by the device:
scanimage -L airscan-discover
Network Scanner Configurations
Scanning with a Network HP all-in-one (aio)-1
To scan over the network from a scanner on an HP aio (one which is not connected by USB to a computer) you need only to install libsane-hpaio (without its recommended packages) and pass the URI of the scanner to the frontend. A non-free plugin might be required for the scanning function.
The format of the URI is:
hpaio:/net/<aio_model_name>?ip=<IP_address_of_the_aio>
This URI can be given directly to the frontend. It can also be provided automatically to the frontend if either a print queue with the hp:/... backend is set up or mDNS broadcasts for the scanner are done by the aio. Automatic discovery will happen via the print queue if both it and mDNS are available as discovery methods.
The IP address could be known from the way the aio's networking was set up; or it could be got from the aio's front panel or deduced from the output of
/usr/bin/lpinfo -v
Each printer model supported by the installed verion of libsane-hpaio is listed in /usr/share/hplip/data/models/models.dat. Model names are enclosed in square brackets; like so, [envy_4500_series].
A frontend can be started with (for example):
simple-scan <URI>
Typing the URI each time can be avoided by exploring what your DE (Desktop Environment) or WM (Window Manager) offers for customising a command. For typing from a terminal you might find a simple alias sufficient.
An hplip installation pulls in libsane-hpaio as a dependency and hplip provides the utility hp-makeuri. It can be used instead of the previous technique for finding a URI. A needed plugin can also be installed with hp-plugin.
Scanning with a Network HP all-in-one (aio)-2
Many users will configure an HP aio machine by installing hplip or hplip-gui and setting up the printing side of the device with hp-setup. Scanning should now be automatically available, as explained by a user on sane-devel and by an hplipopensource troubleshooting page. Simply typing the name of a favourite frontend or clicking on a menu entry should be sufficient to run the application:
simple-scan xsane xscanimage
The URI to pass to the frontend is obtained from the printer URI by replacing hp:/... with hpaio:/....
Setting up a printer with other device URIs, socket://..., ipp://... etc, will not give this automatic discovery of a scanner URI.
Scanning with a Network HP all-in-one (aio)-3
SCANNER ClIENT +------------------+ +---------------+ | Stand-alone or | | libsane | | multifunctional | cable/wireless | | | AirPrint-enabled |<-------------->| libsane-hpaio | | device | mDNS packets-->| package | +---------------- -+ +---------------+
Recent HP aios (since 2010) will probably come with AirPrint. When activated on the aio the URI of the scanner is formed from the mDNS broadcasts of the aio in co-operation with /usr/share/hplip/data/models/models.dat. Without setting up the printing function of the aio the scanner should be detected by
scanimage -L
and the frontend should automatically run after doing
xsane simple-scan xscanimage
sharing a network HP aio scanner is not possible due to bugs 807427 and 838212. Network scanners from other vendors might work in sharing mode though.
Canon Multi-Function Printers and CanonScan Scanners via the Network
If, according to the SANE project, your scanner is using sane-pixma as a backend, you need to make sure that:
- The scanner and your computer are located in the same subnet. (If not, see below).
- UDP Ports 8610 and 8612 are open in your firewall.
Opening Ports
By default, Debian 10 (buster) uses nftables as the default firewall implementation; it is configured to allow all traffic. But if you have problems with discovering the scanner you should probably check UDP ports 8610 and 8612 are open.
If you are using another popular firewall implementation – firewalld, you should:
Check what zone you are using:
sudo firewall-cmd --get-active-zones
You should get output like this:
public interfaces: eth0 eth1
In my case I’m using zone public, so I can open ports 8610 and 8612 this way:
sudo firewall-cmd --permanent --zone=public --add-port=8610/udp sudo firewall-cmd --permanent --zone=public --add-port=8612/udp
Then you should restart the firewall to have the changes come into effect:
sudo systemctl restart firewalld
If the Scanner and Your Computer Are in Different Subnets
In this case you should add the scanner with corresponding IP to /etc/sane.d/pixma.conf. Normally only scanners that cannot be auto-detected because they are on a different subnet should be listed here.
Scanners are listed in the configuration file as follows:
<method>://<host>[:port][/timeout=<value>]
Method indicates the protocol used (bjnp is used for inkjet multi-functionals and mfnp is used for laser multi-functionals).
Host is the hostname or IP address of the scanner.
For example:
- bjnp://10.0.1.4 for IPv4.
- bjnp://[2001:888:118e:18e2:21e:8fff:fe36:b64a] for a literal IPv6 address.
- bjnp://myscanner.mydomain.org for a hostname.
The port number is optional and is normally implied by the method. Port 8610 is the standard port for mfnp, 8612 for bjnp.
A scanner specific timeout value for the network protocol can be set using the bjnp-timeout parameter. The value is in milliseconds. Define scanners each on a new line.
Inetd Configuration
An alternative to systemd socket activation is to use openbsd-inetd. Install it, take a look at /etc/default/saned and run
update-inetd --enable sane-port
See Also
/usr/share/doc/sane-utils/README.Debian may also have further instructions on your system