[Samba] Samba AD - Scanner permission issues
lingpanda101
lingpanda101 at gmail.com
Mon Nov 21 13:29:52 UTC 2016
On 11/21/2016 8:21 AM, Viktor Trojanovic via samba wrote:
> Hi all,
>
> I'm running a small Samba based AD, consisting of one Samba DC and one
> Samba Fileserver (AD member).
>
> I use rfc2307 and manually give the users their UID (there aren't many).
>
> This setup used to work well at the beginning but with every Samba update
> (I run a rolling release), I seem to stumble upon new issues. I hope
> someone can help me with the latest one.
>
> I have a folder on the fileserver, let's call it \\FILESERVER\SHARE, that I
> wish to use for scanner output. I checked and checked again, both share
> permissions (everyone=full control) as well as NTFS permissions seem
> correct, and yet I can't get my network scanner to connect to it. It keeps
> complaining about unsuccessful authentication.
>
> I checked user access with smbclient, it works. If I hook up another laptop
> to the network and just browse the network and open the folder, the
> credentials work too. However, I can do the same type of browsing with the
> scanner but the exact same credentials don't work. Just as one more test, I
> used VLC on my Android phone to browse the network and I also cannot get
> into the folders although I'm using the correct credentials.
>
> Does anyone know what my problem could be? I don't think it will help but
> just in case attaching my smb.conf (from the member).
>
> [global]
>
> netbios name = FILESERVER
> workgroup = WORKGROUP
> security = ADS
> realm = WORKGROUP.EXAMPLE.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> username map = /etc/samba/samba_usermap
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config WORKGROUP:backend = ad
> idmap config WORKGROUP:schema_mode = rfc2307
> idmap config WORKGROUP:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>
> [share]
> path = /srv/samba/share
> comment = "Common Files"
> guest ok = no
> writeable = yes
> acl_xattr:ignore system acls = yes
You most likely need to add 'ntlm auth = yes' in your global config
section of smb.conf.
--
- James
More information about the samba
mailing list