[Samba] Samba AD - Scanner permission issues
viktor at troja.ch
Mon Nov 21 13:21:44 UTC 2016
I'm running a small Samba based AD, consisting of one Samba DC and one
Samba Fileserver (AD member).
I use rfc2307 and manually give the users their UID (there aren't many).
This setup used to work well at the beginning but with every Samba update
(I run a rolling release), I seem to stumble upon new issues. I hope
someone can help me with the latest one.
I have a folder on the fileserver, let's call it \\FILESERVER\SHARE, that I
wish to use for scanner output. I checked and checked again, both share
permissions (everyone=full control) as well as NTFS permissions seem
correct, and yet I can't get my network scanner to connect to it. It keeps
complaining about unsuccessful authentication.
I checked user access with smbclient, it works. If I hook up another laptop
to the network and just browse the network and open the folder, the
credentials work too. However, I can do the same type of browsing with the
scanner but the exact same credentials don't work. Just as one more test, I
used VLC on my Android phone to browse the network and I also cannot get
into the folders although I'm using the correct credentials.
Does anyone know what my problem could be? I don't think it will help but
just in case attaching my smb.conf (from the member).
netbios name = FILESERVER
workgroup = WORKGROUP
security = ADS
realm = WORKGROUP.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
username map = /etc/samba/samba_usermap
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config WORKGROUP:backend = ad
idmap config WORKGROUP:schema_mode = rfc2307
idmap config WORKGROUP:range = 10000-99999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
path = /srv/samba/share
comment = "Common Files"
guest ok = no
writeable = yes
acl_xattr:ignore system acls = yes
More information about the samba