New Samba Version Questions & Comments

I saw your recent post about updating Samba and built a new ipfire machine to test it out. I have a need to make the machine a print server … and it’s not working.

A couple of notes & questions …

  1. The web dialog is unable to add a user. You have a default in there, but I cannot add new user or change password manually at the # prompt.

     [root@ipfire ~]# smbpasswd -a user
     New SMB password:
     Retype new SMB password:
     Failed to add entry for user user.
     [root@ipfire ~]# 
    

Tried it multiple times with full fails.


The smb.conf - I got the impression after digging around on the machine that you wanted to keep everything you manage under the var/ipfire directory. This is problematic from a standards point of view. I’d recommend staying with the standard /etc/samba folder.

Perusing the smb.conf - the web dialog offers no real options, and so I loaded my own, but you set everything up to use /var/ipfire/samba and this is a non-standard strategy that just makes administering samba a PIA. This may be why adding users, and being able to simply managing the smb.conf is mucked up by doing things in a nonstandard fashion. Just install it the way it is normally installed.

  1. There are features to Samba that can make creating automated config file easier. Little things like %L & %m in the smb.conf shares that makes an automatic host identifier out of
    a share.

      [%L-somesharename]
     	browsable = yes
     	read only = no
     	valid users = user
     	path = /somesharename
     	comment = %m Some Share Name Directory
    

would show IPFIRE-somesharename in a network browser. This makes the shares immediately identified with the server they are on. Why is this important? Because when you browse shares on various machines, smb attachments don’t usually identify their origins, and the simplicity of the %L adds this automatically.


5. You’re not using some very important options that can increase performance.

After dealing with performance issues with Samba on Linux, I did some digging around and found this out on the net to add to the smb,conf.
I’ll warn ya, you need to be able to tweak these to your machines … and so these parameters should be modifiable from your web dialogs.


# IF YOU USE A FILE SYSTEM THAT DOES NOT SUPPORT UNWRITTEN
# EXTENTS, SET "strict allocate = no".

strict allocate = no

# THIS IS TO COUNTERACT SPACE WASTAGE THAT CAN BE CAUSED BY THE PREVIOUS OPTION 

allocation roundup size = 4096

# ALLOW READS OF 65535 BYTES IN 1 PACKET - MAJOR PERFORMANCE BENEFIT.
# SUPPORT RAW WRITE SMBs WHEN TRANSFERRING DATA FROM CLIENTS.

read raw = Yes
write raw = Yes

# SERVER SIGNING SLOWS THINGS DOWN WHEN ENABLED - 
# DISABLED BY DEFAULT BEFORE SAMBA 4.

server signing = No

# WHEN "strict locking = no", THE SERVER PERFORMS FILE LOCK CHECKS ONLY WHEN THE 
# CLIENT EXPLICITLY ASKS FOR THEM. WELL-BEHAVED CLIENTS ALWAYS ASK FOR LOCK CHECKS 
# WHEN IT IS IMPORTANT, SO IN THE VAST MAJORITY OF CASES,
# "strict locking = auto" OR "strict locking = no" IS ACCEPTABLE.

strict locking = auto

# TCP_NODELAY:    SEND AS MANY PACKETS AS NECESSARY TO KEEP DELAY LOW
# IPTOS_LOWDELAY: [Linux IPv4 Tweak] MINIMIZE DELAYS FOR INTERACTIVE TRAFFIC
# SO_RCVBUF:      ENLARGE SYSTEM SOCKET RECEIVE BUFFER
# SO_SNDBUF:      ENLARGE SYSTEM SOCKET SEND BUFFER

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072

# SMBWriteX CALLS GREATER THAN "min receivefile size" WILL BE
# PASSED DIRECTLY TO KERNEL recvfile/splice SYSTEM CALL.
# TO ENABLE POSIX LARGE WRITE SUPPORT (SMB/CIFS WRITES UP TO 16MB),
# THIS OPTION MUST BE NONZERO.
# THIS OPTION WILL HAVE NO EFFECT IF SET ON A SMB SIGNED CONNECTION.
# MAX VALUE = 128k
        
min receivefile size = 16384

# USE THE MORE EFFICIENT sendfile() SYSTEM CALL FOR EXCLUSIVELY OPLOCKED FILES.
        
use sendfile = Yes

# READ FROM FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER THAN THIS VALUE.
# WRITE TO FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER THAN THIS VALUE
# NOTE: SAMBA MUST BE BUILT WITH ASYNCHRONOUS I/O SUPPORT
###	aio read size = 16384
###	aio write size = 16384

aio read size = 4096
aio write size = 4096

### default	max xmit = 65535

max xmit = 8192
dead time = 15
getwd cache = yes

Hello Bacon,

thank you for your elaborate post, but I guess you have come to the wrong place. This is a support forum and I am not entirely sure what you are asking.

In your proposed configuration changes, you simply are disabling the security features - and yes, that usually increases performance, but obviously removes the security.

Samba on IPFire does not exist to convert a firewall into a full-blown file server.

3 Likes

The samba service is behind the firewall, and not an imaginary security problem.

If there is a security problem with the information I supplied, then state clearly where that problem is.

I suggested some actual improvements to your system, and so you should be thankful and humble not condescending.

Thanks

What you’re saying is that you do not understand how Samba works, or that you do not know how it’s security works.

The builtin security has been fine for Samba for years.

To just throw a crappy installation of samba on the machine as an afterthought is a waste of time.

Cheers!

So you never answered this problem:

The web dialog is unable to add a user. You have a default in there, but I cannot add new user via the web admin dialog or change password manually at the # prompt. If you understood Samba, you would know what I am referring to.

[root@ipfire ~]# smbpasswd -a user
New SMB password:
Retype new SMB password:
Failed to add entry for user user.
[root@ipfire ~]#
Tried it multiple times with full fails.

Don’t use IPFire as a file server. Is like using a plier for unbolt a screw.
You can, but it doesn’t work well.
You want a full fledged one man band distro? PM me, i can make you a name.
SMBv1 is old and unsafe, may it “die” soon.

Yelling is not useful, moreover is quite rude.
I don’t appreciate that much choices made to the development, and I’m not soft when i criticize.
But the mistake, IMVHO, was not to make a Samba Addon available, but from the system architect who choose a “firewall only distro” to use it as one man band install.

If you want something different, you can configure whatever you want. You want a distro made in your way? Feel free to compile every package you need from headers to footer.

Stop yelling, please, be a nice guest.

3 Likes

For a print server I would try CUPS.
I usually mess it up at least 3 times before i get it setup right.

1 Like

You were wrong? In any case, as @hvacguy stated, maybe CUPS can be a nice solution. Samba for sharing printer IMVHO is a … bad idea.

2 Likes

I suggest to read this https://wiki.samba.org/index.php/Performance_Tuning
special the last paragraph. So the most of our “optimizations” are bad ideas and are the reasons for removing the such settings from the gui.

If you really need a special option it can added via smb.conf.local which is copied at the end of the global section if the webif save the config.

I also have tested again user creation via WebIF on a fresh installed testsystem and it works. Have you tried this before or after changing the smb.conf which also has settings for the user management?

1 Like

If you understand samba like you state you should know that smbpasswd only create user entries in samba that has a matching unix account. At my system i can create a user also on the shell.

[root@ipfire ~]# useradd user
[root@ipfire ~]# smbpasswd -a user
New SMB password:
Retype new SMB password:
[root@ipfire ~]#
(off course useradd should have matching group and shell options for security that i have not set here)

2 Likes

Hello,

I just updated my dedicated box that is used only for Samba to core 152.
All works fine - I mean I can access the content well and with high throughput.

However I see in /var/log/messages a bunch of errors that were never there in core 148 (I jumped from 148 to 152 today).

Should I care about these?

Nov 19 21:28:25 filefire-x86-64 smbd[14852]: widelinks_warning: Share ‘HDD’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
.
.
.

Nov 19 21:32:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:32:41.831080, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:32:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:32:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:32:41.833272, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:32:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:37:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:37:41.835426, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:37:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:37:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:37:41.836598, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:37:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:42:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:42:41.840333, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:42:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:42:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:42:41.841479, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:42:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:47:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:47:41.840872, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:47:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:47:41 filefire-x86-64 winbindd[13312]: [2020/11/19 21:47:41.842014, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 19 21:47:41 filefire-x86-64 winbindd[13312]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 19 21:48:41 filefire-x86-64 Downloaded new database from Thu, 19 Nov 2020 04:29:32 GMT
Nov 19 21:50:11 filefire-x86-64 kernel: perf: interrupt took too long (2514 > 2500), lowering kernel.perf_event_max_sample_rate to 79500

Thank you!
H&M

Hello,

just updated from core 151 to core 152 and now my shares from the ipfire are no more visible in my network. Direct links to the shares are working, but not visible in the network neighbourhood. On my linux sat-receiver the shares are also not visible and can not be mounted by the box.
I also have a lot of errors in my samba log:

|12:29:31|smbd|widelinks_warning: Share ‘IPC$’ has wide links and unix extensions enabled. T hese parameters are incompatible. Wide links will be disabled for this share.|
|—|---|—|
|12:29:31|smbd|[2020/11/21 12:29:31.676022, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:29:15|smbd|widelinks_warning: Share ‘Bash’ has wide links and unix extensions enabled. T hese parameters are incompatible. Wide links will be disabled for this share.|
|12:29:15|smbd|[2020/11/21 12:29:15.861383, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:29:15|smbd|widelinks_warning: Share ‘Python’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.|
|12:29:15|smbd|[2020/11/21 12:29:15.842196, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:29:06|nmbd||
|12:29:06|nmbd||
|12:29:06|nmbd|Samba name server IPFIRE is now a local master browser for workgroup BIKINIBO TTOM on subnet 192.168.2.1|
|12:29:06|nmbd||
|12:29:06|nmbd|
|
|12:29:06|nmbd|[2020/11/21 12:29:06.110770, 0] …/…/source3/nmbd/nmbd_become_lmb.c:397(becom e_local_master_stage2)|
|12:29:06|nmbd||
|12:29:06|nmbd||
|12:29:06|nmbd|Samba name server IPFIRE is now a local master browser for workgroup BIKINIBO TTOM on subnet 192.168.1.1|
|12:29:06|nmbd||
|12:29:06|nmbd|
|
|12:29:06|nmbd|[2020/11/21 12:29:06.110378, 0] …/…/source3/nmbd/nmbd_become_lmb.c:397(becom e_local_master_stage2)|
|12:29:05|smbd|widelinks_warning: Share ‘Backup’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.|
|12:29:05|smbd|[2020/11/21 12:29:05.896615, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:58|smbd|widelinks_warning: Share ‘Python’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.|
|12:28:58|smbd|[2020/11/21 12:28:58.351573, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:58|smbd|widelinks_warning: Share ‘Bash’ has wide links and unix extensions enabled. T hese parameters are incompatible. Wide links will be disabled for this share.|
|12:28:58|smbd|[2020/11/21 12:28:58.295861, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.257527, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.256865, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.255819, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.255739, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.255382, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.255313, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.255005, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.254930, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.254621, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.254550, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|Ignoring unknown parameter “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.254232, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:58|smbd|Unknown parameter encountered: “user”|
|12:28:58|smbd|[2020/11/21 12:28:58.254076, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:58|smbd|widelinks_warning: Share ‘Filme’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.|
|12:28:58|smbd|[2020/11/21 12:28:58.208686, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:55|smbd|widelinks_warning: Share ‘Python’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.|
|12:28:55|smbd|[2020/11/21 12:28:55.064220, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:55|smbd|widelinks_warning: Share ‘Bash’ has wide links and unix extensions enabled. T hese parameters are incompatible. Wide links will be disabled for this share.|
|12:28:55|smbd|[2020/11/21 12:28:55.038939, 0] …/…/source3/param/loadparm.c:4626(widelinks_ warning)|
|12:28:54|smbd|Ignoring unknown parameter “user”|
|12:28:54|smbd|[2020/11/21 12:28:54.980796, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:54|smbd|Unknown parameter encountered: “user”|
|12:28:54|smbd|[2020/11/21 12:28:54.980739, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:54|smbd|Ignoring unknown parameter “user”|
|12:28:54|smbd|[2020/11/21 12:28:54.980492, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:54|smbd|Unknown parameter encountered: “user”|
|12:28:54|smbd|[2020/11/21 12:28:54.980274, 0] …/…/lib/param/loadparm.c:815(lpcfg_map_param eter)|
|12:28:54|smbd|Ignoring unknown parameter “user”|
|12:28:54|smbd|[2020/11/21 12:28:54.979982, 0] …/…/lib/param/loadparm.c:1895(lpcfg_do_servi ce_parameter)|
|12:28:54|smbd|Unknown parameter encountered: “user” |

In /var/ipfire/samba/settings is UNIXEXTENSION=off, nevertheless the log says that unix extensions are enabled.

Thank you

I temporarily went back to samba 3.6.25 because i need to access the shares from my stb.

In my case I get SMBv3 negotiated , a really good speed (much higher than I had with old samba 3.x server) and I also enforced encryption!

But I still get some errors in var/log/messages and I do need some help to understand if I can fix those somehow or I need to drop a bug

Errors in var/log/messages

Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: [2020/11/22 14:34:58.511888, 0] …/…/source3/nmbd/nmbd.c:167(nmbd_sig_hup_handler)
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: Got SIGHUP dumping debug info.
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: [2020/11/22 14:34:58.512684, 0] …/…/source3/nmbd/nmbd_workgroupdb.c:278(dump_workgroups)
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: dump_workgroups()
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: dump workgroup on subnet 192.168.10.2: netmask= 255.255.255.0:
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: ^IWORKGROUP(1) current master browser = FILEFIRE-X86-64
Nov 22 14:34:58 filefire-x86-64 nmbd[13382]: ^I^IFILEFIRE-X86-64 40849a03 (Samba on IPFire)
Nov 22 14:36:20 filefire-x86-64 smbd[11294]: [2020/11/22 14:36:20.751587, 0] …/…/source3/param/loadparm.c:4626(widelinks_warning)
Nov 22 14:36:20 filefire-x86-64 smbd[11294]: widelinks_warning: Share ‘IPC$’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
Nov 22 14:36:20 filefire-x86-64 smbd[11294]: [2020/11/22 14:36:20.781243, 0] …/…/source3/param/loadparm.c:4626(widelinks_warning)
Nov 22 14:36:20 filefire-x86-64 smbd[11294]: widelinks_warning: Share ‘HDD’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.
Nov 22 14:37:21 filefire-x86-64 winbindd[13407]: [2020/11/22 14:37:21.617179, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 22 14:37:21 filefire-x86-64 winbindd[13407]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 22 14:37:21 filefire-x86-64 winbindd[13407]: [2020/11/22 14:37:21.621705, 0] …/…/source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Nov 22 14:37:21 filefire-x86-64 winbindd[13407]: rpcint_dispatch: DCE/RPC fault in call lsarpc:32 - DCERPC_NCA_S_OP_RNG_ERROR
Nov 22 14:38:43 filefire-x86-64 smbd[11294]: [2020/11/22 14:38:43.819201, 0] …/…/source3/param/loadparm.c:4626(widelinks_warning)
Nov 22 14:38:43 filefire-x86-64 smbd[11294]: widelinks_warning: Share ‘IPC$’ has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share.

testparm
Load smb config files from /var/ipfire/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
‘winbind separator = +’ might cause problems with group membership.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

Global parameters

[global]
bind interfaces only = Yes
guest account = samba
idmap gid = 10000-20000
idmap uid = 10000-20000
interfaces = green0 blue0 127.0.0.0/8
logging = syslog
map to guest = Bad User
passdb backend = smbpasswd
realm = samba.local
server role = standalone server
server string = Samba on IPFire
winbind separator = +
winbind use default domain = Yes
idmap config * : range = 10000-20000
idmap config * : backend = tdb
smb encrypt = required
vfs objects = catia fruit streams_xattr recycle
wide links = Yes

[printers]
browseable = No
path = /var/spool/samba/
printable = Yes

[HDD]
comment = HDD Share
create mask = 0755
directory mask = 0777
force user = xxxxxx
path = /HDD
read only = No

Status page in WEB UI white I wasuploading with 200Mbit/s a 2GB file (heavily encrypted file)

Samba version 4.13.1
PID Username Group Machine Protocol Version Encryption Signing

11294 xxxxx sambauser a.b.c.d (ipv4:a.b.c.d:49604) SMB3_02 AES-128-CCM partial(AES-128-CMAC)

Service pid Machine Connected at Encryption Signing

HDD 11294 a.b.c.d Sun Nov 22 14:36:21 2020 EET AES-128-CCM AES-128-CMAC

Locked files:
Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time

11294 1002 DENY_ALL 0x17019f RDWR LEASE(RWH) /HDD SambaTest/2GB.Encrypted.file Sun Nov 22 14:36:31 2020
11294 1002 DENY_NONE 0x100081 RDONLY NONE /HDD . Sun Nov 22 14:36:20 2020
11294 1002 DENY_NONE 0x100081 RDONLY NONE /HDD . Sun Nov 22 14:36:20 2020

Not a Samba expert.
browseable = no
Sounds wrong if you want to find them on your network.
Not sure why it is under (printers)
Would try changing to “browseable = yes”