SMB share for Konica Minolta copier, permissions problem

[mjlkr]

I'm stuck on smb share permissions configuration. I've created share, it works correctly in Windows AD network, permissions are for domain users.
But I can't set it for copier. Copier uses AD account but can't write anything to that share. I tried even to create new share with guest access but it doesn't help too.
When I try to get guest share for Windows 10, it asks for credentials. Maybe that's a problem?
Tell me, please which part of config I should post here, I know that nobody can help me without seeing my config :)

 

[anodos]

I'm stuck on smb share permissions configuration. I've created share, it works correctly in Windows AD network, permissions are for domain users.
But I can't set it for copier. Copier uses AD account but can't write anything to that share. I tried even to create new share with guest access but it doesn't help too.
When I try to get guest share for Windows 10, it asks for credentials. Maybe that's a problem?
Tell me, please which part of config I should post here, I know that nobody can help me without seeing my config :)

The printer may require legacy features to be enabled (SMB1 or NTLMv1). Windows 10 doesn't work out of the box anymore with guest shares.

 

[mjlkr]

Do you mean that I have to enable SMB1 or NTLMv1 on printer? I can enable SMBv1 on FreeNAS (but is it secure)? But can Windows Server 2012R2 use NTLMv1?

 

[anodos]

Do you mean that I have to enable SMB1 or NTLMv1 on printer? I can enable SMBv1 on FreeNAS (but is it secure)? But can Windows Server 2012R2 use NTLMv1?

No. I mean that printers often have crap SMB clients. You might be stuck having to enable some legacy features to get it to work correctly. A packet capture on the FreeNAS side will usually tell where the client is failing (or increasing SMB log level to "normal" and trolling through /var/log/samba4/log.smbd.

 

[mjlkr]

I work so intensive that I didn't even thought to sniff with Wireshark. Nice tip, I'll try it :) But what do you suggest to do (except packet sniffing)?

 

[anodos]

I work so intensive that I didn't even thought to sniff with Wireshark. Nice tip, I'll try it :) But what to you suggest to do (except packet sniffing)?

Increasing log level. In the pcap you should first look at the negprot packets (where the server and client try to come to an agreement on what protocol to use). You can use tcpdump to get the pcap and then load it in wireshark. tcpdump -i ix3 -w /tmp/smb.pcap host 192.168.0.42 where your interface is ix3 and the remote client is 192.186.0.42. Hit ^c when you're done and copy the file to your desktop and analyze with wireshark.

 

[mjlkr]

OK, I'll do it tomorrow (in my country it's almost 10pm) and let you know.

 

[mjlkr]

I've dumped traffic with tcpdump. In smb negotiation copier sends requested dialects LANMAN1.0 and NT LM 0.12 , FreeNAS reply with PC NETWORK PROGRAM 1.0 , copier sends again requested dialects, then FreeNAS sends FIN, ACK and close connection. What can I do?