I have a Samba 3.4.7 server with ADS authentication. Windows clients have no issues, but non-domain MFPs cannot access shares, even with guest ok = yes. The MFPs can scan to a Samba 3.2.7 server, configured with Openfiler. This line is the same on both servers Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24 This is what comes next on the working, 3.2.7 server: check_ntlm_password: Checking password for unmapped user [WCNB]\[printers]@[RNPE96472] with the new password interface This is what comes next from the failing server: check_ntlm_password: Checking password for unmapped user []\[printers]@[RNPE96472] with the new password interface I have turned on winbind use default domain = yes, as the working server has. I have tried various username permutations - WCNB\printers, printers at WCNB. Those names remain whole in the logs, rather than being split. The printers account appears in getent passwd. The MFPs are Ricoh/Aficio MP 5000. Portion of log level 3 for the device on failing server: 2010/08/19 14:47:03, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2010/08/19 14:47:03, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24 [2010/08/19 14:47:03, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[printers]@[RNPE96472] with the new password interface [2010/08/19 14:47:03, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [DATASVR2]\[printers]@[RNPE96472] [2010/08/19 14:47:03, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/08/19 14:47:03, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/08/19 14:47:03, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/08/19 14:47:03, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/08/19 14:47:03, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'printers' in passdb. [2010/08/19 14:47:03, 3] auth/auth_winbind.c:54(check_winbind_security) check_winbind_security: Not using winbind, requested domain [DATASVR2] was for this SAM. [2010/08/19 14:47:03, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [printers] -> [printers] FAILED with error NT_STATUS_NO_SUCH_USER Globals from smb.conf on failing server: # Samba config file created using SWAT # from UNKNOWN (192.168.0.23) # Date: 2010/08/19 14:37:44 [global] workgroup = WCNB realm = WCNB.LOCAL server string = Data Server security = ADS map to guest = Bad User obey pam restrictions = Yes password server = dc.wcnb.local, * pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto load printers = No local master = No domain master = No dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 1000000-2000000 idmap gid = 1000000-2000000 template homedir = /mnt/users/homes/%U winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes This e-mail and attachment(s) may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copy of this message is strictly prohibited. If received in error, please notify the sender immediately and delete/destroy the message and any copies thereof.