[Samba] Network Browsing

Doug Sampson dougs at dawnsign.com
Fri Oct 15 14:41:19 MDT 2010 

Hello,

We use a Ricoh Aficio 3035 copier which has multiple functions- one of
them is to scan to a folder via SMB/FTP/NFS. We've chosen to scan
documents into PDF documents via SMB to user's shared folders on a
Windows NT server for several years with no issues. About a year ago the
user's folders location was changed to one on Windows 2003 Server also
with no problems. Last week I attempted to change the location of the
folders to a Samba server and ran into problems. Working through this
problem, I eventually discovered that while I could see all Windows and
Samba servers from the copier, I could not browse into any of our Samba
servers' shares. I can see shares under all Windows servers but not on
any of the Samba servers. Now, all of our Windows and Mac clients can
browse through all shared on both Windows and Samba servers on the
network just fine.

When using the SMB method, the copier uses a workgroup name of the old
NT domain name and also the username and password of an administrator.
The network is currently in mixed mode. Haven't upgraded to pure AD mode
just yet. All of the Samba servers are using the AD realm method and
appear to serve successfully.

Is it the copier misconfigured or are the Samba servers misconfigured?
Our smb.conf for all of the servers are generally like this:

#======================= Global Settings
=====================================
[global]
security = ads
realm = DAWNSIGN.COM
workgroup = <nt domain name>
password server = 192.168.xxx.xxx 192.168.xxx.xxx 
server string = CETUS
netbios name = Cetus
encrypt passwords = yes 
ldap ssl = no 
unix extensions = no
name resolve order = hosts wins dns lmhosts bcast
wins server = 192.168.xxx.xxx
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
load printers = no
disable spoolss = yes
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
#guest account = nobody 
guest account = <nt domain name>-admin 

# Log settings
log level = 1
log file = /var/log/samba34/log.%m
max log size = 50
syslog = 1

# Browser settings
local master = no
domain master = no
preferred master = no

# ACL settings
#inherit acls = yes
acl compatibility = auto
acl check permissions = yes
acl map full control = yes
dos filemode = yes

# Use inherited ACLs for directories
    nt acl support = yes
#    inherit acls = yes
#    map acl inherit = yes

# Config domain security
;idmap backend = ad
;idmap alloc config: range = 50001 - 100000
idmap uid = 50001 - 100000
idmap gid = 50001 - 100000

;idmap config MYDOMAIN:default      = yes
;idmap config MYDOMAIN:backend      = ad
;idmap config MYDOMAIN:range        = 10000 - 50000
;idmap config MYDOMAIN:schema-mode  = sfu
hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.xxx.

# Winbind settings
# Enable offline logon support
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
;winbind nss info = sfu
winbind nested groups = yes
winbind separator = -
winbind use default domain = no
allow trusted domains = no
;client schannel = no

# client settings
template homedir = /home/%D/%U

admin users = <nt domain name>-doug <nt domain name>-admin @"<nt domain
name>-domain admins"

#============================ Share Definitions
==============================
# [homes]
#   comment = Home Directories
#   browseable = no
#   writable = yes
; File creation mask is set to 0700 for security reasons. If you want to
; create files with group=rw permissions, set next parameter to 0775.
#   create mask = 700
; Directory creation mask is set to 0700 for security reasons. If you
want to
; create dirs. with group=rw permissions, set next parameter to 0775
#   directory mask = 700

[shared]
   comment = Shared Folders
   browseable = yes
   path = /home/<nt domain name>/shared
   public = yes
   writeable = yes
   create mask = 2774
   directory mask = 2774
   delete veto files = Yes
   veto files = /lost+found/Network Trash
Folder/TheFindByContentFolder/TheVolumeSettingsFolder/._.DS_Store/
   hide files =
/_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Temporary
Items/.DS_Store/*.gmon


The scanned documents go to the "shared" share. I use the "<nt domain
name>-admin" username to authenticate the transfer of the scanned
documents from the copier into the "shared" share. When switching from
the Windows server to the Samba server, I get an error message on the
copier as follows:

"Authentication with the destination has failed. Check settings."

I tried the "public = yes" statement and specified the "guest account =
<nt domain name>-admin" in conjunction with "public = yes" but no dice.
This share should be available to anyone. I tried the "valid users = <nt
domain name>-admin" statement to no effect.

What am I doing wrong? Or is it the Ricoh copier?

Using Samba 3.4 on FreeBSD 7.3/8.1 servers.

~Doug

More information about the samba mailing list