[Samba] Samba AD - Scanner permission issues

Viktor Trojanovic viktor at troja.ch
Mon Nov 21 13:21:44 UTC 2016 

Hi all,

I'm running a small Samba based AD, consisting of one Samba DC and one
Samba Fileserver (AD member).

I use rfc2307 and manually give the users their UID (there aren't many).

This setup used to work well at the beginning but with every Samba update
(I run a rolling release), I seem to stumble upon new issues. I hope
someone can help me with the latest one.

I have a folder on the fileserver, let's call it \\FILESERVER\SHARE, that I
wish to use for scanner output. I checked and checked again, both share
permissions (everyone=full control) as well as NTFS permissions seem
correct, and yet I can't get my network scanner to connect to it. It keeps
complaining about unsuccessful authentication.

I checked user access with smbclient, it works. If I hook up another laptop
to the network and just browse the network and open the folder, the
credentials work too. However, I can do the same type of browsing with the
scanner but the exact same credentials don't work. Just as one more test, I
used VLC on my Android phone to browse the network and I also cannot get
into the folders although I'm using the correct credentials.

Does anyone know what my problem could be? I don't think it will help but
just in case attaching my smb.conf (from the member).

[global]

  netbios name = FILESERVER
  workgroup = WORKGROUP
  security = ADS
  realm = WORKGROUP.EXAMPLE.COM
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab

  username map = /etc/samba/samba_usermap

  idmap config *:backend = tdb
  idmap config *:range = 2000-9999
  idmap config WORKGROUP:backend = ad
  idmap config WORKGROUP:schema_mode = rfc2307
  idmap config WORKGROUP:range = 10000-99999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes


[share]
  path = /srv/samba/share
  comment = "Common Files"
  guest ok = no
  writeable = yes
  acl_xattr:ignore system acls = yes

More information about the samba mailing list