Solved Something changed in auth/path scheme in samba46 vs. samba44?

obsigna

Profile disabled
Some weeks ago I upgraded my installation from net/samba44 to net/samba46, and all the regular clients (Win 7 to 10, and macOS) were able to access their shares as usual. Today, I wanted to scan some documents and the scanner is supposed to transfer the scans to a share provided by said samba installation, but the scanner bailed out with an access error, and the samba log told me:
Code:
...
[2017/08/24 11:54:01.005536,  3] ../lib/util/access.c:361(allow_access)
  Allowed connection from 192.168.0.201 (192.168.0.201)
[2017/08/24 11:54:01.039645,  3] ../source3/lib/util_procid.c:54(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
...
Even as there were no changes since ages, I verified all settings on the scanner, host, path, access credentials, etc ..., but everything was in shape. I only was able to get the scanner working with Samba, once I switched it back to net/samba44.

The question is what has changed in the auth/path scheme between samba44 and samba46? Is there some sort of a legacy switch in samba46, in order to get my scanner to work with it?
 
In the meantime I checked the issue with my scanner against net/samba45 and this one denies access to the Scanner share as well, therefore something must have changed in the course from 4.4 to 4.5, and so I looked into the release notes of Samba 4.5:
Code:
...
NTLMv1 authentication disabled by default
-----------------------------------------

In order to improve security we have changed
the default value for the "ntlm auth" option from
"yes" to "no". This may have impact on very old
clients which doesn't support NTLMv2 yet.
...
I re-installed net/samba46 and added to the [global] settings ntlm auth = yes, and now my scanner can access the Scanner share for storing the scans. Problem solved.
 
NTLMv1 has been turned off by default on Windows 10 too after the last updates. It was already turned off on Windows Server quite some time ago. But you may still have some older equipment that doesn't support NTLMv2 or above.
 
Back
Top