Previous 1 4 5 6 7 8 Next 136 Replies Latest reply: Sep 21, 2014 6:50 PM by brad-dog Go to original post
  • Thomas Gutzmann Level 1 Level 1

    Hi LostLib,


    Many thanks - you saved me from the madhouse.


    Before stopping and starting SMB the messages in /private/var/log/krb5kdc/kdc.log invariably had been:


    2011-10-10T16:57:56 digest-request: init request

    2011-10-10T16:57:56 digest-request: init return domain: BUILTIN server: G-DATOR-S

    2011-10-10T16:57:56 digest-request: uid=0

    2011-10-10T16:57:56 digest-request: user=G-DATOR-S\\thomas

    2011-10-10T16:57:56 NTLM domain not configured

    2011-10-10T16:57:56 digest-request: kdc failed with 36150275 proto=unknown

    2011-10-10T16:57:56 digest-request: guest failed with 22 proto=ntlmv1-with-v2-session


    Then I tried it your way:


    sudo serveradmin stop smb

    wait a few seconds

    sudo serveradmin start smb


    Now I can connect, and the message is:


    2011-10-10T17:15:59 digest-request: init request

    2011-10-10T17:15:59 digest-request: init return domain: G-DATOR-S server: G-DATOR-S

    2011-10-10T17:15:59 digest-request: uid=0

    2011-10-10T17:15:59 digest-request: user=G-DATOR-S\\thomas

    2011-10-10T17:15:59 digest-request kdc: ok user=G-DATOR-S\\thomas proto=ntlmv1 flags: NEG_KEYEX, ENC_128, NEG_VERSION, NEG_TARGET_INFO, NEG_NTLM2, NEG_ALWAYS_SIGN, NEG_NTLM, NEG_SIGN, NEG_TARGET, NEG_UNICODE




    I'm running the Lion server in a VMware machine inside my MacBook Pro (SSD). I always thought that that's a slow combination, but from your words it follows that it's not sooo bad :-)


    Following your advice, I created a launchd script:


    sudo su -

    cd /System/Library/LaunchDaemons


    cat > com.gutzmann.restart_smb.plist <<@@EOF

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

    <plist version="1.0">








            <string>sleep 60&#59;serveradmin stop smb&#59;sleep 5&#59;serveradmin start smb</string>








    launchctl load com.gutzmann.restart_smb.plist


    Thank you very much again,



  • mikecentola Level 1 Level 1

    This just happened to me when upgrading to Lion 10.7.2. Unchecking/Rechecking SMB worked perfectly for me.

  • Steve Maser Level 1 Level 1

    Same issue here.  I was able to reboot my 10.7.1 server without issue (SMB connections would work fine).


    However after applying the 10.7.2 delta server update via Software Update, SMB was open, but nobody could authenticate to the server (Mac or Windows using SMB).


    Having to stop/start smb has temporarily resolved it.


    I haven't rebooted the server again (yet), so I don't know if this is/was a one-time issue related to the upgrade process or if it's now a every-time-you-restart issue.


    I would agree it may be a hardware-specific issue.  The older core2duo Mac Mini I use for testing server does not show this problem.  My production server (a current-gen MacPro) showed this today.



    THAT SAID:  10.7.2 fixes the need to prefix the user name (on Windows) with the server's netbios name!


    I can now log into my server from windows with "maser" instead of "<netbios>\maser" again!   (Though the prefix still works, too...)

  • greenvespa Level 1 Level 1

    Yes i can confirm that after 10.7.2 Server Upgrade there's no need to prefix the user name with server name.

    But 10.7.2 didn't fix Windows Vista strange behavior creating new folder. As explained by Jeroen in another post (  there is a problem whith Vista client and SMB shares on Lion. I can confirm what Jeroen wrote: "When I add for example a new folder, in explorer the folder shows up as "ew Folder" instead of "New Folder". When I try to change the name of the created folder, Windows report it can't find the folder. When I refresh the explorer, the foldername is correct".

    This problem doesn't affect mine XP and Vindows 7 clients that are working very well.


    Could someone confirm to have the same problem?

    Any ideas or solutions?

  • LeeHill Level 1 Level 1

    I can get my XP machines to connect but complex files like .doc or .xls always open as read only.

    For me going into CLI and restarting SMB protocol fixes the connection issue.

    I am just stunned that such a simple operration doesn't work.

  • Adam Berti Level 2 Level 2

    Thomas, I like your idea about setting a script - LostLib's post makes perfect sense.  Never worked with making launchd scripts, any chance you can help with a little more detail on making that?  Thanks.

  • Florian Kriener Level 1 Level 1

    I have an Problem by Connect a Win XP Client to a Lion Server.

    The Login Works and I see all Shares/Files/Folders



    The WinXP Client shows a Syntax Error when copy/open Files.


    "Syntax Error: File/Folder Path are wrong"


    Is there a workaround?



    Regards from Germany



  • Steve Maser Level 1 Level 1

    This is probably the attribute bug in 10.7.2's implemenation of SMB causing this.


    If you remove the attributes/metadata from the file (from the server end), then you should be able to copy it.


    If you want to remove all metadata on all the files, you can do:


    sudo xattr -r -c *   (the -r is recursive, the -c is to "clear all")


    Otherwise, you could just try removing specific attributes directly like:


    sudo xattr -d  (as an example).

  • Florian Kriener Level 1 Level 1

    Thats it.


    Thanks for Help

  • Steve Maser Level 1 Level 1

    The key (I think) is to not put files that you download from the internet on a Mac on a share where Windows users would access them -- at least until Apple releases a fix for this.


    From what I've seen, the "bad" attributes/metadata gets put on files downloaded by Safari and (IIRC) e-mailed documents from  If you put those files on the share, they'll have problems for Windows users (though, what I've seen is just trying to copy the files from the share to the Windows desktop -- not any problems actually *opening* the files, though.  YMMV...)

  • mattcampbell Level 1 Level 1

    I still don't think anyone has found a reliable fix / workaround to allow a windows client to connect to an SMB share on a mac mini server using an OD (network) account.


    If someone with this exact setup has found a way please enlighten us. We have tried everything in these posts to date with no resolution. We can only login to the share using local accounts.

  • davidh Level 4 Level 4

    Please see


    In my testing with Win 7, my descirbed method worked reliably.

    I didn't test with XP but don't recall having this issue with XP, but it would be good to try the method I outlined

    You'd need to add the tools,


  • Steve Maser Level 1 Level 1

    I'm unsure how to reply to mattcampbell.


    I run a 10.7.2 server that is an OD Master (admittedly started as a 10.5 server and updated throughout all the point updates and 10.6 and *those* point updates, etc...)   My DNS is controlled by a central authority, but both server and clients (Mac and Windows) have valid DNS (forward and reverse).


    But I have no problems at all having any of my Windows clients (XP or Windows 7) connect to my share points on the server using their OD Master account credentials.   The only "problem" -- which can be resolved on the Windows end -- would be if the user logs into Windows using the same account name as their OD account -- but with a different password.   Windows will try to "pass-through" the *Windows* credentials and if those don't match, the you get the error box about how you can't connect to the server -- this is resolved (in Windows 7) by putting the OD credentials in the "Credentials Manager" control panel.



    (I have other SMB-related bugs reported to Apple, but *connecting* is not a problem once SMB is up and running...)



    Are you having a problem with *Mac* SMB connections?  Or just Windows connections?

  • Syth Level 1 Level 1

    It's not a matterof Apple not liking the license, it is the matter of the SAMBA license being changed for from GPLv2 to GPLv3 as of SAMB 3.2.0. Apple had a choice, keep using SAMBA 3.0.x version, or write their own. GPLv3 makes it impossible to provide signed binaries without also providing the signing keys. A few seconds of thought will reveal why Apple is unwilling to provide copies of the keys they use to sign system software. Part of locking down OS X security profile required removing anythign that used GPLv3.


    Short version: GPLv3 is specifially desinged to be anti-company, and you are going to see a ever widening schism in the FSS/OSS community between GPL and all the other licenses, and you will be seeing less and less GPL code in commercial OSes and more BSD/Apache/&c code.


    This is exactly what GPL wants, and exactly what GPLv3 is intended to do. I am not confident that it will really work out for them in the long run, but only time will tell.

  • davidh Level 4 Level 4

    @Syth: Precisely ! Thank for reiterating - and further clarifying - the GPLv3 issue.


    Hopefully it will finally sink in for some folks who need to understand this.

Previous 1 4 5 6 7 8 Next