cam815

Q: 10.7.4 has killed my SMB Shares

I updated a server to 10.7.4 this weekend based on the release notes:

 

 

- Address an issue that may prevent files from being saved to an SMB server.

 

Instead, now my Windows users can't connect at all.

 

I've manually restarted the SMB service

 

- sudo launchctl unload -F /System/Library/LaunchDaemons/com.apple.smbd.plist

- sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.smbd.plist

 

I've removed all my shares and recreated them.

 

I've restarted the server.

 

I've gone to Storage in Server.app and propagated the permissions on folders.

 

So far, none of the previous fixes I've used in the past have worked.

 

Additionally, my local Administrator can see all the shares, but my Open Directory Users cannot.

 

Anyone else have this problem or fix it yet?

Mac mini, Mac OS X (10.7.4), Server

Posted on May 14, 2012 8:36 AM

Close

Q: 10.7.4 has killed my SMB Shares

  • All replies
  • Helpful answers

  • by cam815,

    cam815 cam815 May 14, 2012 9:37 AM in response to cam815
    Level 1 (0 points)
    May 14, 2012 9:37 AM in response to cam815

    Further investigation is pointing towards Kerberos Authentication.

     

    My kdc.log shows this when trying to connect from a Windows PC:

     

    2012-05-14T12:35:59 digest-request: init request

    2012-05-14T12:35:59 digest-request: init return domain: FILES server: FILE1

    2012-05-14T12:35:59 digest-request: uid=0

    2012-05-14T12:35:59 digest-request: user=FILES\\chris.marcera

    2012-05-14T12:35:59 digest-request: kdc failed with 36150275 proto=unknown

    2012-05-14T12:35:59 digest-request: guest failed with 22 proto=ntlmv1

    2012-05-14T12:36:03 digest-request: uid=0

     

    I attempted this fix on an XP machine but it didn't work.

     

    https://discussions.apple.com/thread/3206725?start=45&tstart=0

     

    I've also tried connecting with various domain names in the username. By default it uses the computer's name (WINDOWSXP). I've tried the File server's host name (FILE1), computer name (FILES), as well as the Open Directory server's name (DIRECTORY), neither worked.

  • by Jonathan Melville,

    Jonathan Melville Jonathan Melville May 14, 2012 12:16 PM in response to cam815
    Level 2 (450 points)
    May 14, 2012 12:16 PM in response to cam815

    Try this.

     

    First duplicate the plist file for the SMB service so you have a backup:

    • cd /Library/Preferences/SystemConfiguration
    • cp -vp com.apple.smb.server.plist com.apple.smb.server.plist.bak

     

    Next stop SMB:

    • sudo serveradmin stop smb

     

    Next edit the plist file to use your server's Kerberose realm instead of the LKDC. Example:


         <key>LocalKerberoseRealm</key>

         <string>YOUR.REALMNAME.net</string>

     

     

    Now save the plist and restart SMB:

    • sudo serveradmin start smb

     

     

    This restored my SMB service after it started failing to authenticate users.

  • by cam815,Solvedanswer

    cam815 cam815 May 14, 2012 1:12 PM in response to cam815
    Level 1 (0 points)
    May 14, 2012 1:12 PM in response to cam815

    I was actually able to get SMB Shares to work again right before your post. I also tried in Terminal:

     

    % sudo serveradmin stop smb

    % sudo serveradmin start smb

     

    With a 30 second wait in between. Didn't work.

     

    What ended up working was going though every share and unchecking "Share with Windows clients (SMB)", waiting a bit, then rechecking it on one and testing that share. It worked. I then readded the rest of my SMB shares.

     

    Absolutely ridiculous. 10.7 is garbage compared to it's predecessors. The only reason I thought to try the above is because I've spent entirely too many hours on these forums and the rest of the web trying to get simple things like Open Directory, Mail, and File Sharing to work 'out of the box' and I recalled seeing it somewhere.

  • by David Kurtz2,

    David Kurtz2 David Kurtz2 May 18, 2012 4:18 PM in response to cam815
    Level 1 (55 points)
    May 18, 2012 4:18 PM in response to cam815

    cam85:

    Did you happen to notice any smb crashes when you were experiencing this issue?

  • by David Kurtz2,

    David Kurtz2 David Kurtz2 May 24, 2012 2:37 PM in response to cam815
    Level 1 (55 points)
    May 24, 2012 2:37 PM in response to cam815

    If you're seeing this issue can you verify whether running the following will fix the problem?

     

    sudo touch "/Library/Preferences/SystemConfiguration/com.apple.smb.server.plist"

  • by antikus,

    antikus antikus Jun 14, 2012 12:49 PM in response to David Kurtz2
    Level 1 (0 points)
    Jun 14, 2012 12:49 PM in response to David Kurtz2

    Yes, that works. For some reason sudo serveradmin stop smb gives me an error, but the "sudo touch" works. I like this method better because it will not start up samba sharing if it was nto running already.

  • by Trbl_Shooter,

    Trbl_Shooter Trbl_Shooter Aug 6, 2012 12:50 PM in response to antikus
    Level 1 (0 points)
    Aug 6, 2012 12:50 PM in response to antikus

    I can confirm this solution as well. Every few weeks the smb service simply stops responding to client connections in what resembles a failed authintication attempt. (Windows machines state you have entered the wrong username and password and OS X clients' authentication dialogue box shakes back and forth)

     

    Using the nerminal command:

    serveradmin fullstatus smb

    results in the status="RUNNING"

     

    Attempting to restart the service or stop, start the service yeilds the error:

    samba:error = "CANNOT_LOAD_BUNDLE_ERR"

     

    The solution for me was to stop the smb service using:

    serveradmin stop smb

    And removing the smb option from every share in Server.app that uses smb. Waiting 1 minute, and then starting the service using:

    serveradmin start smb

    and re-enabling my shares in Server.app

     

     

    What a pain. I wish I knew what caused the service to stop responding in the first place. I was unable to find anything in the logs.

  • by Jsledge27,

    Jsledge27 Jsledge27 Aug 10, 2012 3:15 PM in response to cam815
    Level 1 (0 points)
    Aug 10, 2012 3:15 PM in response to cam815

    Solution confirmed once again.  Stopped the SMB service, removed SMB from individual shares, started SMB service, then added the option back to the individual shares.  I was testing primarily from a Windows 7 client where the local Windows login does not match the Open Directory login being used to access the SMB share on my Lion server. 

     

    Once I knew I had some working SMB shares, I tested some different username formats, since I originally suspected that I was using the wrong format:

     

    These formats did not work:

    OD_DOMAIN\ODUsername

    OD_HOSTNAME\ODUsername

    ODUsername@OD_DOMAIN

    ODUsername@OD_IPADDRESS

    ODUsername@OD_HOSTNAME

     

    The only formats that worked for me were:

    OD_IPADDRESS\ODUsername

    ODUsername 

     

    I find it strange that plain old ODUsername works, as this should pass the local machine name by default, thus my input would be changed to LOCALHOSTNAME\ODUsername.  My Windows hostname does not match up with OD, so this shouldn't technically work...

     

    As a control in my testing, I did not change the SMB sharing option from some of my shares, then tested these after the smb restart.  Directories where I toggled the status off and back on again were working, while these "control" directories produce the following error when access is attempted (I tested from a Win7 machine).  This error is produced before the authentication dialogue is presented:

     

    \\IPADDRESS\Share

    A device attached to the system is not functioning.

     

    However, I when I applied this fix to all directories, this error is gone.  I just found it strange that it was not revealed until I restarted the SMB service.

     

    I'll have to test further to find out whether this issue is resolved permanently, or if it will come back at some point. 

  • by Jsledge27,

    Jsledge27 Jsledge27 Aug 11, 2012 11:59 AM in response to Jsledge27
    Level 1 (0 points)
    Aug 11, 2012 11:59 AM in response to Jsledge27

    Quick update:  This error is not a symptom of the SMB issue by the OP:

    Jsledge27 wrote:

     

    \\IPADDRESS\Share

    A device attached to the system is not functioning.

    I found that I received the error after connecting to one share at \\IPADDRESS\Share1 as UserX, then attempting to connect to another share at the same address \\IPADDRESS\Share2, where UserX does not have permissions to access Share2.  Windows systems cache the credentials to \\IPADDRESS and do not prompt a second time when connecting to \\IPADDRESS\Share2, thus the error. 

     


  • by cpmax,

    cpmax cpmax Feb 23, 2015 12:12 PM in response to Jonathan Melville
    Level 1 (10 points)
    Feb 23, 2015 12:12 PM in response to Jonathan Melville

    Jonathan's solution resolved an issue with my Mavericks server. After a reboot it stopped authenticating users for SMB access.

     

    I think I'm going back to linux for servers or a good NAS product. Too many OS X Server issues and you can't update the server without updating the entire OS.

     

    Thanks!