Windows computers can not access smb-shares in Lion

I have had success by modifying the SMB server prefs. Why Apple took this out of the GUI in Server app I don't know. But the plist files tell all.

This is working for two different setups so far.

1) Lion Server SMB sharing where the server is an Open Directory Replica of a Lion Server Open Directory Master

2) Lion Server SMB sharing where this Lion server is merely bound to a Snow Leopard Server's Open Directory Master

The smb server prefs file is located at:

/Library/Preferences/SystemConfiguration/com.apple.smb.server

I opened it up in TextWrangler (with Command Line Tools installed) and added the following (which were not already there):

<key>AllowKerberosAuth</key>

<true/>

<key>AllowNTLM2Auth</key>

<true/>

<key>KerberosRealm</key>

<string>USETHEEXACTSAMESTRINGASTHELOCALKERBEROSREALM</string>

<key>Workgroup</key>

<string>Workgroup</string>

You can do it in command line if you like using methods similar to what is stated in Apple Tech Note: HT5038

http://support.apple.com/kb/HT5038

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowKerberosAuth -bool YES

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowNTLM2Auth -bool YES

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server KerberosRealm -string USETHEEXACTSAMESTRINGASTHELOCALKERBEROSREALM

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server Workgroup -string Workgroup

When you have completed the changes just stop the FileSharing in Server app and then start it up again.

Presto. Windows XP and Windows 7 can log in:

\\ServerName\ShareName

name: UserName or ODMASTERNAME\UserName (With Lion 10.7.2 you should only need the UserName

password: password

**** SOLUTION FOUND **********************

**** SOLUTION FOUND **********************

**** SOLUTION FOUND **********************

After a few hours I figured out the problem on my system. Not everyone may have the same issue so I'll explain my setup.

LION Server OS 10.7.2

Multiple windows computers running XP Professional

Multiple Mac computers runnin 10.6 / 10.7

My issue was that the Macs could connect to the share point on the Lion server without an issue. On the Windows XP computers howver I could never get it to accept the username & password. I would map the drive i.e \\192.168.1.210\MySharedFolder\ and the dialoge box would pop up asking for user/pass. However, it simply wouldn't take accept anything I entered. I tried local accounts, network accounts, admin accounts etc.

THE SOLUTION:

It turns out that all I need to do was to completely turn of the SMB file sharing on all the share points and then re-enable it. To do this:

Open "Server" app

Click on "File Sharing"

Click on the edit button for the share points you have

Remove the check from "Share with Windows Clients (SMB)"

DO THIS ON EVERY SHARE POINT YOU HAVE

This basically disables the SMB service. Now that you've disabled SMB on every share point simply go back in and re-enable it by putting the check box back in the "Share with Windows Clients (SMB)"

After I did this I went back the Windows XP computers and it logged it in perfectly. I simply entered the username and password and the drive opened up. I did NOT need to put "SERVERNAME/username" I just entered "username" for user ID & "password" for the password.

After speaking with AppleCare they told me they have had a lot of reports about Windows clients losing access via SMB after enabling a server as an Open Directory Master. This was a new server which I had just enabled as Open Directory Master. Hopefully this works for some of you but at least I was able to confirm that LION does have support for access SMB shares from Windows XP.

Thanks Alex, so far this is the only solution that finally works here with a Lion server, some mac (lion and SL) clients and a bunch of XP Pro machines. The macs work (not well, but they work) but the XP's keep asking for non existent usernames and passwords. Hence, serious part of the office down...

So, great that we got this working but......after a reboot of the server all connections were lost again, and XP asks for username and login with nothing working. After changing once again the lines in the com.apple.smb.server, exactly as Alex describes, and disabling and enabling filesharing they conect again.

So there is a solution now, but it's not sustainable.

Any idea how to get this in a permanent state?

THE EVEN SIMPLER SIMPLER SOLUTION.

Install a Samba 3 SMB file sharing system in preference to the BAD BROKEN Apple solution.

Grab an app called SMBUp, which will fully automate the install process. (Its fully reversible too!)

Available here:

www.eduo.info/apps/smbup

Thank the Author too.

Its a Godsend!!!

This is all such a tragedy. So many things broken with lion and ios5.

Thanks to all of the contributors on these forums.

Tragedy ? No more nor less than things that are supposed to work in Windows but mysteriously don't (happens all the time), or failed Windows updates (seen it often) - re 10.7.3 for some people.

Make sure you have a full backup, verify your HD with Disk Utility, and then download the COMBO updater for 10.7.3 and test. Lots of fixes in the update.

BUT - that said, this "problem" is not a problem for some, it's working for some people, so how does that make it something Apple did "wrong" ?

I outllined how I got it to work and was able to repeat & replicate the working solution.

Best of luck.

The 10.7.3 Lion COMBO Updater did not work for me to support old smb sharing.

Samba in OSX Lion uses the newer SMB2 protocol, introduced by Microsoft in Windows Vista in 2006. It is incompatible with the older and slower samba protocols that have been around since Windows 3.1 for Workgroups ala 1997.

SMBUp installs a front end for Samba v3.2.15, which will support all the older slower protocols for legacy systems. ie. pre Windows Vista

techcafe's solution worked for me.

After doing it I am able to connect a user from a Windows XP machine to our Lion Server. Thanks.

This worked for me! Thanks so much! As soon as I looked at the plist it showed my NetBIOSname was something completely different. So I created a mapped connection using the path "[IP Address]\[Volume]", then checked "Connect using different credentials", selected "User other account" and used the path "[NetBIOSName]\[OD Account]" and it worked with no problem.

Thank you so much!

Here is another thread with similar issues and work around:

https://discussions.apple.com/thread/3326397?answerId=17517129022#17517129022

Hi,

Yes to solve the problem (until Apple fix it), I went to the Lion Admin and do STOP/START of the SMB slide.

Hope Apple fix this problem ASAP !

GGi

will this fix work for a Lion client version? I had a lot of problems with Lion client edition on my mac Mini.

Windows machines can see the shares, but after getting into them, are empty or nothing is displayed.

In some instances, entering in the exact un/pw, didn't permit the connection.

Thanks,

This one actually solved my issue... We have an old copier that used to be able to authenticate to our SL server, no longer after updating to 10.6.8.

It should be noted, it is the only device in the company that uses SMB (all machines are Macs). So I just duplicated the copier's user account locally, and sure enough, now we can scan to the network share again 🙂

Thanks, Anthony!

anthonyfromporters lake wrote:

I have found that if I use Local User Account Credentials from my Lion Server then Windows 7 clients will authenticate. But they won't authenticate against open directory credentials.

@LostLib Thanks! Your suggestion was the solution that worked for us when trying to connect to a Sharepoint on Lion 10.7.3 from XP and Win 7:

You can test this with the following commands in a terminal window (AFTER the system is up and quiesced):

sleep 60

sudo serveradmin stop smb

sleep 5

sudo serveradmin start smb

Were is the slider bar for SMB?