[Samba] Samba AD - Scanner permission issues

Viktor Trojanovic viktor at troja.ch
Mon Nov 21 15:26:32 UTC 2016 

Thanks for the hint, James.

In that case, I assume the man page for smb.conf is outdated. According to
the manual, "ntlm auth = yes" is the default. Running testparm -sv reveals,
however, that it is set to "no" by default.

Having said that, changing it  to yes didn't bring me further, yet, the
scanner still can't connect.

This is now the output of testparm -sv | grep auth

Server role: ROLE_DOMAIN_MEMBER

        ldap server require strong auth = Yes
        allow dcerpc auth level connect = No
        auth methods =
        client lanman auth = No
        client NTLMv2 auth = Yes
        client plaintext auth = No
        lanman auth = No
        ntlm auth = Yes
        raw NTLMv2 auth = No

Any other ideas?


On Mon, Nov 21, 2016 at 2:29 PM, lingpanda101 <lingpanda101 at gmail.com>
wrote:

> On 11/21/2016 8:21 AM, Viktor Trojanovic via samba wrote:
>
>> Hi all,
>>
>> I'm running a small Samba based AD, consisting of one Samba DC and one
>> Samba Fileserver (AD member).
>>
>> I use rfc2307 and manually give the users their UID (there aren't many).
>>
>> This setup used to work well at the beginning but with every Samba update
>> (I run a rolling release), I seem to stumble upon new issues. I hope
>> someone can help me with the latest one.
>>
>> I have a folder on the fileserver, let's call it \\FILESERVER\SHARE, that
>> I
>> wish to use for scanner output. I checked and checked again, both share
>> permissions (everyone=full control) as well as NTFS permissions seem
>> correct, and yet I can't get my network scanner to connect to it. It keeps
>> complaining about unsuccessful authentication.
>>
>> I checked user access with smbclient, it works. If I hook up another
>> laptop
>> to the network and just browse the network and open the folder, the
>> credentials work too. However, I can do the same type of browsing with the
>> scanner but the exact same credentials don't work. Just as one more test,
>> I
>> used VLC on my Android phone to browse the network and I also cannot get
>> into the folders although I'm using the correct credentials.
>>
>> Does anyone know what my problem could be? I don't think it will help but
>> just in case attaching my smb.conf (from the member).
>>
>> [global]
>>
>>    netbios name = FILESERVER
>>    workgroup = WORKGROUP
>>    security = ADS
>>    realm = WORKGROUP.EXAMPLE.COM
>>    dedicated keytab file = /etc/krb5.keytab
>>    kerberos method = secrets and keytab
>>
>>    username map = /etc/samba/samba_usermap
>>
>>    idmap config *:backend = tdb
>>    idmap config *:range = 2000-9999
>>    idmap config WORKGROUP:backend = ad
>>    idmap config WORKGROUP:schema_mode = rfc2307
>>    idmap config WORKGROUP:range = 10000-99999
>>
>>    winbind nss info = rfc2307
>>    winbind trusted domains only = no
>>    winbind use default domain = yes
>>    winbind enum users  = yes
>>    winbind enum groups = yes
>>    winbind refresh tickets = Yes
>>
>>    vfs objects = acl_xattr
>>    map acl inherit = Yes
>>    store dos attributes = Yes
>>
>>    load printers = no
>>    printing = bsd
>>    printcap name = /dev/null
>>    disable spoolss = yes
>>
>>
>> [share]
>>    path = /srv/samba/share
>>    comment = "Common Files"
>>    guest ok = no
>>    writeable = yes
>>    acl_xattr:ignore system acls = yes
>>
>
>
> You most likely need to add 'ntlm auth = yes' in your global config
> section of smb.conf.
>
> --
> - James
>
>

More information about the samba mailing list