[Samba] Cannot scan to network share from Canon
Matthew Broadhead
matthew.broadhead at nbmlaw.co.uk
Thu Dec 6 11:52:24 UTC 2018
without comments
[global]
workgroup = NBMDARTFORD
server string = Samba Server Version %v
netbios name = SCARECROW
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
map to guest = Bad User
guest account = nobody
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M
-d /nohome -s /bin/false "%u"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"
delete group script = /usr/sbin/groupdel "%g"
admin users = richard.broadhead
wins support = yes
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
[Profiles]
path = /var/lib/samba/profiles
browseable = no
read only = no
profile acls = yes
[software]
path = /home/software
read only = no
valid users = @users
write list = @users
browseable = no
create mask = 0664
force directory mode = 0775
[legal]
path = /home/legal
read only = no
valid users = @users
write list = @users
writable = yes
create mask = 0664
force directory mode = 0775
[laserform]
path = /home/laserform
read only = no
valid users = @users
valid users = +users
force create mode = 770
[applications]
path = /home/applications
read only = no
guest ok = yes
[scans]
path = /home/scans
read only = no
guest ok = yes
public = yes
On 06/12/2018 12:38, Matthew Broadhead via samba wrote:
> scans is the share that the printer cannot reach
>
> # This is the main Samba configuration file. For detailed information
> about the
> # options listed here, refer to the smb.conf(5) manual page. Samba has
> a huge
> # number of configurable options, most of which are not shown in this
> example.
> #
> # The Official Samba 3.2.x HOWTO and Reference Guide contains
> step-by-step
> # guides for installing, configuring, and using Samba:
> # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> #
> # The Samba-3 by Example guide has working examples for smb.conf. This
> guide is
> # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
> #
> # In this file, lines starting with a semicolon (;) or a hash (#) are
> # comments and are ignored. This file uses hashes to denote commentary
> and
> # semicolons for parts of the file you may wish to configure.
> #
> # Note: Run the "testparm" command after modifying this file to check
> for basic
> # syntax errors.
> #
> #---------------
> # Security-Enhanced Linux (SELinux) Notes:
> #
> # Turn the samba_domain_controller Boolean on to allow Samba to use
> the useradd
> # and groupadd family of binaries. Run the following command as the
> root user to
> # turn this Boolean on:
> # setsebool -P samba_domain_controller on
> #
> # Turn the samba_enable_home_dirs Boolean on if you want to share home
> # directories via Samba. Run the following command as the root user to
> turn this
> # Boolean on:
> # setsebool -P samba_enable_home_dirs on
> #
> # If you create a new directory, such as a new top-level directory,
> label it
> # with samba_share_t so that SELinux allows Samba to read and write to
> it. Do
> # not label system directories, such as /etc/ and /home/, with
> samba_share_t, as
> # such directories should already have an SELinux label.
> #
> # Run the "ls -ldZ /path/to/directory" command to view the current
> SELinux
> # label for a given directory.
> #
> # Set SELinux labels only on files and directories you have created.
> Use the
> # chcon command to temporarily change a label:
> # chcon -t samba_share_t /path/to/directory
> #
> # Changes made via chcon are lost when the file system is relabeled or
> commands
> # such as restorecon are run.
> #
> # Use the samba_export_all_ro or samba_export_all_rw Boolean to share
> system
> # directories. To share such directories and only allow read-only
> permissions:
> # setsebool -P samba_export_all_ro on
> # To share such directories and allow read and write permissions:
> # setsebool -P samba_export_all_rw on
> #
> # To run scripts (preexec/root prexec/print command/...), copy them to
> the
> # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to
> run them.
> # Note that if you move the scripts to /var/lib/samba/scripts/, they
> retain
> # their existing SELinux labels, which may be labels that SELinux does
> not allow
> # smbd to run. Copying the scripts will result in the correct SELinux
> labels.
> # Run the "restorecon -R -v /var/lib/samba/scripts" command as the
> root user to
> # apply the correct SELinux labels to these files.
> #
> #--------------
> #
> #======================= Global Settings
> =====================================
>
> [global]
>
> # ----------------------- Network-Related Options
> -------------------------
> #
> # workgroup = the Windows NT domain name or workgroup name, for
> example, MYGROUP.
> #
> # server string = the equivalent of the Windows NT Description field.
> #
> # netbios name = used to specify a server name that is not tied to the
> hostname.
> #
> # interfaces = used to configure Samba to listen on multiple network
> interfaces.
> # If you have multiple interfaces, you can use the "interfaces ="
> option to
> # configure which of those interfaces Samba listens on. Never omit the
> localhost
> # interface (lo).
> #
> # hosts allow = the hosts allowed to connect. This option can also be
> used on a
> # per-share basis.
> #
> # hosts deny = the hosts not allowed to connect. This option can also
> be used on
> # a per-share basis.
> #
> # max protocol = used to define the supported protocol. The default is
> NT1. You
> # can set it to SMB2 if you want experimental SMB2 support.
> #
> ; workgroup = MYGROUP
> workgroup = NBMDARTFORD
> server string = Samba Server Version %v
>
> ; netbios name = MYSERVER
> netbios name = SCARECROW
>
> ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ; hosts allow = 127. 192.168.12. 192.168.13.
> ; hosts allow = 127. 192.168.1.
>
> ; max protocol = SMB2
>
> # --------------------------- Logging Options
> -----------------------------
> #
> # log file = specify where log files are written to and how they are
> split.
> #
> # max log size = specify the maximum size log files are allowed to
> reach. Log
> # files are rotated when they reach the size specified with "max log
> size".
> #
>
> # log files split per-machine:
> log file = /var/log/samba/log.%m
> # maximum size of 50KB per log file, then rotate:
> max log size = 50
>
> # ----------------------- Standalone Server Options
> ------------------------
> #
> # security = the mode Samba runs in. This can be set to user, share
> # (deprecated), or server (deprecated).
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
> configuration
> # is required for tdbsam. The "smbpasswd" utility is available for
> backwards
> # compatibility.
> #
>
> security = user
> passdb backend = tdbsam
>
> map to guest = Bad User
> guest account = nobody
>
> # ----------------------- Domain Members Options ------------------------
> #
> # security = must be set to domain or ads.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
> configuration
> # is required for tdbsam. The "smbpasswd" utility is available for
> backwards
> # compatibility.
> #
> # realm = only use the realm option when the "security = ads" option
> is set.
> # The realm option specifies the Active Directory realm the host is a
> part of.
> #
> # password server = only use this option when the "security = server"
> # option is set, or if you cannot use DNS to locate a Domain
> Controller. The
> # argument list can include My_PDC_Name, [My_BDC_Name], and
> [My_Next_BDC_Name]:
> #
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> #
> # Use "password server = *" to automatically locate Domain Controllers.
>
> ; security = domain
> ; passdb backend = tdbsam
> ; realm = MY_REALM
>
> ; password server = <NT-Server-Name>
>
> # ----------------------- Domain Controller Options
> ------------------------
> #
> # security = must be set to user for domain controllers.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
> configuration
> # is required for tdbsam. The "smbpasswd" utility is available for
> backwards
> # compatibility.
> #
> # domain master = specifies Samba to be the Domain Master Browser,
> allowing
> # Samba to collate browse lists between subnets. Do not use the
> "domain master"
> # option if you already have a Windows NT domain controller performing
> this task.
> #
> # domain logons = allows Samba to provide a network logon service for
> Windows
> # workstations.
> #
> # logon script = specifies a script to run at login time on the
> client. These
> # scripts must be provided in a share named NETLOGON.
> #
> # logon path = specifies (with a UNC path) where user profiles are
> stored.
> #
> #
> ; security = user
> ; passdb backend = tdbsam
>
> domain master = yes
> domain logons = yes
>
> # the following login script name is determined by the machine name
> # (%m):
> ; logon script = %m.bat
> # the following login script name is determined by the UNIX user
> used:
> ; logon script = %u.bat
> logon path = \\%L\Profiles\%U
> logon drive = H:
> logon home = \\%L\%U
> # use an empty path to disable profile support:
> ; logon path =
>
> # various scripts can be used on a domain controller or a stand-alone
> # machine to add or delete corresponding UNIX accounts:
>
> add user script = /usr/sbin/useradd "%u" -n -g users
> add group script = /usr/sbin/groupadd "%g"
> add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M
> -d /nohome -s /bin/false "%u"
> delete user script = /usr/sbin/userdel "%u"
> delete user from group script = /usr/sbin/userdel "%u" "%g"
> delete group script = /usr/sbin/groupdel "%g"
>
> ;admin users = matthew.broadhead
> admin users = richard.broadhead
>
> # ----------------------- Browser Control Options
> ----------------------------
> #
> # local master = when set to no, Samba does not become the master
> browser on
> # your network. When set to yes, normal election rules apply.
> #
> # os level = determines the precedence the server has in master browser
> # elections. The default value should be reasonable.
> #
> # preferred master = when set to yes, Samba forces a local browser
> election at
> # start up (and gives itself a slightly higher chance of winning the
> election).
> #
> ; local master = no
> ; os level = 33
> ; preferred master = yes
>
> #----------------------------- Name Resolution
> -------------------------------
> #
> # This section details the support for the Windows Internet Name
> Service (WINS).
> #
> # Note: Samba can be either a WINS server or a WINS client, but not both.
> #
> # wins support = when set to yes, the NMBD component of Samba enables
> its WINS
> # server.
> #
> # wins server = tells the NMBD component of Samba to be a WINS client.
> #
> # wins proxy = when set to yes, Samba answers name resolution queries
> on behalf
> # of a non WINS capable client. For this to work, there must be at
> least one
> # WINS server on the network. The default is no.
> #
> # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names
> via DNS
> # nslookups.
>
> wins support = yes
> ; wins server = w.x.y.z
> ; wins proxy = yes
>
> ; dns proxy = yes
>
> # --------------------------- Printing Options
> -----------------------------
> #
> # The options in this section allow you to configure a non-default
> printing
> # system.
> #
> # load printers = when set you yes, the list of printers is automatically
> # loaded, rather than setting them up individually.
> #
> # cups options = allows you to pass options to the CUPS library.
> Setting this
> # option to raw, for example, allows you to use drivers on your
> Windows clients.
> #
> # printcap name = used to specify an alternative printcap file.
> #
>
> load printers = yes
> cups options = raw
>
> ; printcap name = /etc/printcap
> # obtain a list of printers automatically on UNIX System V systems:
> ; printcap name = lpstat
> ; printing = cups
>
> # --------------------------- File System Options
> ---------------------------
> #
> # The options in this section can be un-commented if the file system
> supports
> # extended attributes, and those attributes are enabled (usually via the
> # "user_xattr" mount option). These options allow the administrator to
> specify
> # that DOS attributes are stored in extended attributes and also make
> sure that
> # Samba does not change the permission bits.
> #
> # Note: These options can be used on a per-share basis. Setting them
> globally
> # (in the [global] section) makes them the default for all shares.
>
> ; map archive = no
> ; map hidden = no
> ; map read only = no
> ; map system = no
> ; store dos attributes = yes
>
>
> #============================ Share Definitions
> ==============================
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> valid users = %S
> ; valid users = MYDOMAIN\%S
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> guest ok = no
> writable = no
> printable = yes
>
> # Un-comment the following and create the netlogon directory for
> Domain Logons:
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> ; guest ok = yes
> ; writable = no
> ; share modes = no
>
> # Un-comment the following to provide a specific roving profile share.
> # The default is to use the user's home directory:
> [Profiles]
> path = /var/lib/samba/profiles
> browseable = no
> read only = no
> ; create mask = 0600
> ; directory mask = 0700
> profile acls = yes
> ; csc policy = disable
> ; guest ok = yes
>
> # A publicly accessible directory that is read only, except for users
> in the
> # "staff" group (which have write permissions):
> ; [public]
> ; comment = Public Stuff
> ; path = /home/samba
> ; public = yes
> ; writable = yes
> ; printable = no
> ; write list = +staff
>
> [software]
> path = /home/software
> read only = no
> valid users = @users
> write list = @users
> browseable = no
> # force create mode = 770
> create mask = 0664
> force directory mode = 0775
>
> [legal]
> path = /home/legal
> read only = no
> valid users = @users
> write list = @users
> writable = yes
> #force create mode = 770
> create mask = 0664
> force directory mode = 0775
>
> [laserform]
> path = /home/laserform
> read only = no
> valid users = @users
> valid users = +users
> force create mode = 770
>
> [applications]
> path = /home/applications
> read only = no
> guest ok = yes
>
> [scans]
> path = /home/scans
> read only = no
> guest ok = yes
> public = yes
>
> On 06/12/2018 11:54, Rowland Penny via samba wrote:
>> On Thu, 6 Dec 2018 11:41:04 +0100
>> Matthew Broadhead via samba <samba at lists.samba.org> wrote:
>>
>>> just checked the logs and i get this
>>>
>>> [root at localhost ~]# tail /var/log/samba/log.rnp00267380a647
>>> [2018/12/05 11:27:36.333627, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [2018/12/05 11:51:20.390991, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 11:51:20.391441, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [2018/12/05 11:53:51.060095, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 11:53:51.060209, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [root at localhost ~]# tail -n 200 /var/log/samba/log.rnp00267380a647
>>> [2018/12/05 10:06:21.081708, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 10:06:21.081856, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [2018/12/05 11:27:36.333489, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 11:27:36.333627, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [2018/12/05 11:51:20.390991, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 11:51:20.391441, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>> [2018/12/05 11:53:51.060095, 0]
>>> ../lib/param/loadparm.c:784(lpcfg_map_parameter)
>>> Unknown parameter encountered: "profile acls"
>>> [2018/12/05 11:53:51.060209, 0]
>>> ../lib/param/loadparm.c:1844(lpcfg_do_service_parameter)
>>> Ignoring unknown parameter "profile acls"
>>>
>>> On 05/12/2018 20:08, David Roth via samba wrote:
>>>> Does anything show up in the Samba logs for this?
>>>>
>>>> On Wed, Dec 5, 2018 at 10:29 AM Matthew Broadhead via samba <
>>>> samba at lists.samba.org> wrote:
>>>>
>>>>> The server is using centos-release-7-6.1810.2.el7.centos.x86_64.
>>>>> After an automatic yum update on the morning of 4th December 2018
>>>>> from samba-4.7.1-9.el7_5.x86_64 to samba-4.8.3-4.el7.x86_64 we can
>>>>> no longer scan from a Canon Aficio MP 301 to a network share
>>>>> (guest allowed). Scanning to windows machines works fine.
>>>>>
>>>>>
>>>
>> The 'profile acls' parameter was removed at 4.8.0.
>> It might help if you post your smb.conf
>>
>> Rowland
>>
>
>
More information about the samba
mailing list