Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: cam815
cam815 Author
User level: Level 1
8 points

10.7.4 has killed my SMB Shares

I updated a server to 10.7.4 this weekend based on the release notes:



- Address an issue that may prevent files from being saved to an SMB server.


Instead, now my Windows users can't connect at all.


I've manually restarted the SMB service


- sudo launchctl unload -F /System/Library/LaunchDaemons/com.apple.smbd.plist

- sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.smbd.plist


I've removed all my shares and recreated them.


I've restarted the server.


I've gone to Storage in Server.app and propagated the permissions on folders.


So far, none of the previous fixes I've used in the past have worked.


Additionally, my local Administrator can see all the shares, but my Open Directory Users cannot.


Anyone else have this problem or fix it yet?

Mac mini, Mac OS X (10.7.4), Server

Posted on May 14, 2012 8:33 AM

Reply
10 replies
User profile for user: cam815
cam815 Author
User level: Level 1
8 points

May 14, 2012 9:37 AM in response to cam815

Further investigation is pointing towards Kerberos Authentication.


My kdc.log shows this when trying to connect from a Windows PC:


2012-05-14T12:35:59 digest-request: init request

2012-05-14T12:35:59 digest-request: init return domain: FILES server: FILE1

2012-05-14T12:35:59 digest-request: uid=0

2012-05-14T12:35:59 digest-request: user=FILES\\chris.marcera

2012-05-14T12:35:59 digest-request: kdc failed with 36150275 proto=unknown

2012-05-14T12:35:59 digest-request: guest failed with 22 proto=ntlmv1

2012-05-14T12:36:03 digest-request: uid=0


I attempted this fix on an XP machine but it didn't work.


https://discussions.apple.com/thread/3206725?start=45&tstart=0


I've also tried connecting with various domain names in the username. By default it uses the computer's name (WINDOWSXP). I've tried the File server's host name (FILE1), computer name (FILES), as well as the Open Directory server's name (DIRECTORY), neither worked.

Reply
User profile for user: Jonathan Melville
Jonathan Melville
User level: Level 2
450 points

May 14, 2012 12:16 PM in response to cam815

Try this.


First duplicate the plist file for the SMB service so you have a backup:

  • cd /Library/Preferences/SystemConfiguration
  • cp -vp com.apple.smb.server.plist com.apple.smb.server.plist.bak


Next stop SMB:

sudo serveradmin stop smb


Next edit the plist file to use your server's Kerberose realm instead of the LKDC. Example:

<key>LocalKerberoseRealm</key>

<string>YOUR.REALMNAME.net</string>



Now save the plist and restart SMB:

sudo serveradmin start smb



This restored my SMB service after it started failing to authenticate users.

Reply
User profile for user: cam815
cam815 Author
User level: Level 1
8 points

May 14, 2012 1:12 PM in response to cam815

I was actually able to get SMB Shares to work again right before your post. I also tried in Terminal:


% sudo serveradmin stop smb

% sudo serveradmin start smb


With a 30 second wait in between. Didn't work.


What ended up working was going though every share and unchecking "Share with Windows clients (SMB)", waiting a bit, then rechecking it on one and testing that share. It worked. I then readded the rest of my SMB shares.


Absolutely ridiculous. 10.7 is garbage compared to it's predecessors. The only reason I thought to try the above is because I've spent entirely too many hours on these forums and the rest of the web trying to get simple things like Open Directory, Mail, and File Sharing to work 'out of the box' and I recalled seeing it somewhere.

Reply
User profile for user: Trbl_Shooter
Trbl_Shooter
User level: Level 1
1 points

Aug 6, 2012 12:50 PM in response to antikus

I can confirm this solution as well. Every few weeks the smb service simply stops responding to client connections in what resembles a failed authintication attempt. (Windows machines state you have entered the wrong username and password and OS X clients' authentication dialogue box shakes back and forth)


Using the nerminal command:

serveradmin fullstatus smb

results in the status="RUNNING"


Attempting to restart the service or stop, start the service yeilds the error:

samba:error = "CANNOT_LOAD_BUNDLE_ERR"


The solution for me was to stop the smb service using:

serveradmin stop smb

And removing the smb option from every share in Server.app that uses smb. Waiting 1 minute, and then starting the service using:

serveradmin start smb

and re-enabling my shares in Server.app



What a pain. I wish I knew what caused the service to stop responding in the first place. I was unable to find anything in the logs.

Reply
User profile for user: Jsledge27
Jsledge27
User level: Level 1
0 points

Aug 10, 2012 3:15 PM in response to cam815

Solution confirmed once again. Stopped the SMB service, removed SMB from individual shares, started SMB service, then added the option back to the individual shares. I was testing primarily from a Windows 7 client where the local Windows login does not match the Open Directory login being used to access the SMB share on my Lion server.


Once I knew I had some working SMB shares, I tested some different username formats, since I originally suspected that I was using the wrong format:


These formats did not work:

OD_DOMAIN\ODUsername

OD_HOSTNAME\ODUsername

ODUsername@OD_DOMAIN

ODUsername@OD_IPADDRESS

ODUsername@OD_HOSTNAME


The only formats that worked for me were:

OD_IPADDRESS\ODUsername

ODUsername


I find it strange that plain old ODUsername works, as this should pass the local machine name by default, thus my input would be changed to LOCALHOSTNAME\ODUsername. My Windows hostname does not match up with OD, so this shouldn't technically work...


As a control in my testing, I did not change the SMB sharing option from some of my shares, then tested these after the smb restart. Directories where I toggled the status off and back on again were working, while these "control" directories produce the following error when access is attempted (I tested from a Win7 machine). This error is produced before the authentication dialogue is presented:


\\IPADDRESS\Share

A device attached to the system is not functioning.


However, I when I applied this fix to all directories, this error is gone. I just found it strange that it was not revealed until I restarted the SMB service.


I'll have to test further to find out whether this issue is resolved permanently, or if it will come back at some point.

Reply
User profile for user: Jsledge27
Jsledge27
User level: Level 1
0 points

Aug 11, 2012 11:59 AM in response to Jsledge27

Quick update: This error is not a symptom of the SMB issue by the OP:

Jsledge27 wrote:


\\IPADDRESS\Share

A device attached to the system is not functioning.

I found that I received the error after connecting to one share at \\IPADDRESS\Share1 as UserX, then attempting to connect to another share at the same address \\IPADDRESS\Share2, where UserX does not have permissions to access Share2. Windows systems cache the credentials to \\IPADDRESS and do not prompt a second time when connecting to \\IPADDRESS\Share2, thus the error.


Reply

10.7.4 has killed my SMB Shares

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up