Gerard Dirks

Q: SMB Logon: ImPossible after Restart

Hello

 

Since the introduction of OS X 10.8 and their OS X Server we have an real Problem with SMB logon.

 

When the Server is restartet it is not possible to connect over SMB with the OS X Server. It always comes with unkown user. We have about 8 Server all have the same problem.

 

The Windows clients connect to the SMB Server of OS X with an netlogin.bat. Also Our HP MFC Printers uses SMB to drop the Scans to an SMB SharePoint because the OS X Scan driver is toooooo slow.

 

I openend a lot of Cases about this Problem with Apple but we steill got no fix, only a workaround.

 

Everytime we restart the server we need to to a lot a manuell handling which makes me angry

1) First Connect with SSH to the Server and do a following CLI-Commands

 

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

 

2) Then we need to deacitve the filesharing a couple of times till we are able to connect with SMB.

 

It is for me not acceptable that Apple hasn't fix this bug now for 1 year!!!!

 

Has other OS X Server User not the same Problem.

 

Is their a way to fix this?

 

Regards

Gérard

Mac mini, OS X Server, 10.8.4 with 2.2.1 Server

Posted on Jul 5, 2013 4:19 AM

Close

Q: SMB Logon: ImPossible after Restart

  • All replies
  • Helpful answers

  • by JaimeMagiera,

    JaimeMagiera JaimeMagiera Jul 5, 2013 2:30 PM in response to Gerard Dirks
    Level 2 (305 points)
    Jul 5, 2013 2:30 PM in response to Gerard Dirks

    Are these local network users or AD/Third-party LDAP users?

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jul 5, 2013 2:36 PM in response to JaimeMagiera
    Level 1 (38 points)
    Desktops
    Jul 5, 2013 2:36 PM in response to JaimeMagiera

    We have about 12 Servers Ten Server uses OD für the Users, only 2 have Lokal Users, but all have the same Problem :-(

     

    What all servers have is that they running Filemaker Server 12

  • by JaimeMagiera,

    JaimeMagiera JaimeMagiera Jul 5, 2013 2:39 PM in response to Gerard Dirks
    Level 2 (305 points)
    Jul 5, 2013 2:39 PM in response to Gerard Dirks

    Do you have this problem when a user tries to manually login? (as opposed to using the .bat script or coming from the printer)

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jul 5, 2013 2:44 PM in response to JaimeMagiera
    Level 1 (38 points)
    Desktops
    Jul 5, 2013 2:44 PM in response to JaimeMagiera

    Also the Problem occored manually.

     

    I used for testing this problem the Mounting of an Scan Setting of the HP MFP Printer.

     

    The Problem is also their if you try to manualy make an SMB connection from an mac with cmd-K smb://IP-Adress

  • by JaimeMagiera,

    JaimeMagiera JaimeMagiera Jul 5, 2013 5:55 PM in response to Gerard Dirks
    Level 2 (305 points)
    Jul 5, 2013 5:55 PM in response to Gerard Dirks

    These are all Windows client machines connecting? Do you get the same results with Mac clients?

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jul 5, 2013 5:58 PM in response to JaimeMagiera
    Level 1 (38 points)
    Desktops
    Jul 5, 2013 5:58 PM in response to JaimeMagiera

    As I write in the previous thread the prblem also occured on mac!

  • by JaimeMagiera,

    JaimeMagiera JaimeMagiera Jul 5, 2013 6:40 PM in response to Gerard Dirks
    Level 2 (305 points)
    Jul 5, 2013 6:40 PM in response to Gerard Dirks

    Sorry, I missed that in your last sentence. Have you put OpenDirectory in debug mode to see what is happening there? It seems odd that a user related error would be affected by disk ACLs.

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jul 5, 2013 6:51 PM in response to JaimeMagiera
    Level 1 (38 points)
    Desktops
    Jul 5, 2013 6:51 PM in response to JaimeMagiera

    I have really no idea how to put OD in debig mode an read the log what happens their.

     

    Here some entries of the Protocol in the Server-App

     

    -- Start: Server rolled log on: Jul  5 2013 09:20:53 --

    Jul  5 2013 09:50:58 264129us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 10:06:23 685419us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 11:44:10 992457us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 14:14:20 121879us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 14:47:19 184105us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 15:11:44 486325us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  5 2013 23:20:57 436530us    Error: command: slapconfig -updateaddresses, exitcode = 70.

    Jul  6 2013 00:55:57 112150us    Registration is finished error: (10, -72000).

    Jul  6 2013 00:55:57 114761us    Registration is finished error: (10, -72000).

    Jul  6 2013 01:30:51 582585us    Error: command: slapconfig -updateaddresses, exitcode = 70.

     

    and the Server Error Protocoll

    -- Start: Server rolled log on: Jul  5 2013 13:48:04 --

    Jul  5 2013 13:48:23 620378us    TestPolicies: updating last login time

    Jul  5 2013 13:48:23 637037us    AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

    Jul  5 2013 14:00:09 362424us    DoAuth: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

    Jul  5 2013 14:00:22 422622us    TestPolicies: updating last login time

    Jul  5 2013 14:00:22 433835us    AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

    Jul  5 2013 14:07:45 173761us    GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

    Jul  5 2013 14:07:45 179319us    GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

    Jul  5 2013 14:07:45 183144us    GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

    Jul  5 2013 14:07:45 187326us    GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

    Jul  5 2013 14:07:45 265953us    GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

    Jul  5 2013 14:07:45 394862us    GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

    Jul  5 2013 14:07:45 522851us    GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

    Jul  5 2013 14:07:51 931139us    GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

    Jul  5 2013 14:14:09 952722us    AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

    Jul  5 2013 14:14:10 36514us    A network transition was received.

    Jul  5 2013 14:14:20 38006us    Initializing TCP ...

    Jul  5 2013 14:14:20 38137us    Updating interface list due to a network transition.

    Jul  5 2013 14:26:25 250162us    DoAuth: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

    Jul  5 2013 14:26:54 124886us    TestPolicies: updating last login time

    Jul  5 2013 14:26:54 139890us    AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

    Jul  5 2013 14:47:09 87096us    A network transition was received.

    Jul  5 2013 14:47:19 88857us    Initializing TCP ...

    Jul  5 2013 14:47:19 88942us    Updating interface list due to a network transition.

    Jul  5 2013 14:47:41 647489us    A network transition was received.

    Jul  5 2013 14:47:51 649475us    Initializing TCP ...

    Jul  5 2013 14:47:51 649592us    Updating interface list due to a network transition.

    Jul  5 2013 14:55:58 788745us    AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

    Jul  5 2013 15:11:34 167067us    AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

    Jul  5 2013 15:11:34 177007us    AUTH2: {0xb6ed29c4d11211e28e03a8206645a020, vpn_0c35fb2dc3c9} MS-CHAPv2 authentication succeeded.

    Jul  5 2013 15:11:34 177685us    GETPPTPKEYS: requested

    Jul  5 2013 15:11:34 382815us    A network transition was received.

    Jul  5 2013 15:11:44 383780us    Initializing TCP ...

    Jul  5 2013 15:11:44 383853us    Updating interface list due to a network transition.

    Jul  5 2013 15:16:52 222893us    A network transition was received.

    Jul  5 2013 15:17:02 224886us    Initializing TCP ...

    Jul  5 2013 15:17:02 225005us    Updating interface list due to a network transition.

    Jul  5 2013 17:59:11 670577us    AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

    Jul  5 2013 23:20:47 220832us    AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

    Jul  5 2013 23:20:47 325856us    A network transition was received.

    Jul  5 2013 23:20:57 326615us    Initializing TCP ...

    Jul  5 2013 23:20:57 326672us    Updating interface list due to a network transition.

    Jul  5 2013 23:37:02 392640us    GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

    Jul  5 2013 23:37:02 397424us    GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

    Jul  5 2013 23:37:02 401367us    GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

    Jul  5 2013 23:37:02 405085us    GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

    Jul  5 2013 23:37:02 408627us    GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

    Jul  5 2013 23:37:02 412482us    GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

    Jul  5 2013 23:37:02 415734us    GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

    Jul  5 2013 23:52:54 825721us    AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

    Jul  5 2013 23:54:59 558974us    AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

    Jul  5 2013 23:55:26 187360us    AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 00:32:12 917581us    AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} SMB-NTLMv2 authentication succeeded.

    Jul  6 2013 00:55:33 271826us    A network transition was received.

    Jul  6 2013 00:55:43 273466us    Initializing TCP ...

    Jul  6 2013 00:55:43 273555us    Updating interface list due to a network transition.

    Jul  6 2013 00:55:57 123864us    Stopping server processes ...

    Jul  6 2013 00:55:57 123896us    Closing all incoming connections ...

    Jul  6 2013 00:55:57 123911us    StopCentralThreads: Stopping Connection Listeners ...

    Jul  6 2013 00:55:57 124772us    StopCentralThreads: Current Threads: 5

    Jul  6 2013 00:55:57 124796us    Stopping Network Processes ...

    Jul  6 2013 00:55:57 124808us    Deinitializing networking ...

    Jul  6 2013 00:55:57 124827us    Server Processes Stopped ...

    Jul  6 2013 00:55:57 124854us    RunAppThread Stopped

    Jul  6 2013 00:55:57 124870us    RunAppThread Deleted

    Jul  6 2013 00:55:58 958531us    Mac OS X Password Service (pid = 102) was shut down at: Sat Jul  6 00:55:58 2013

    .

    Jul  6 2013 00:56:08 288653us    Mac OS X Password Service version 387.2 (pid = 76) was started at: Sat Jul  6 00:56:08 2013

    .

    Jul  6 2013 00:56:08 289386us    RunAppThread Created

    Jul  6 2013 00:56:08 289870us    RunAppThread Started

    Jul  6 2013 00:56:08 289895us    Initializing Server Globals ...

    Jul  6 2013 00:56:08 310213us    Initializing Networking ...

    Jul  6 2013 00:56:08 310263us    Initializing TCP ...

    Jul  6 2013 00:56:09 460149us    SASL is using realm "server8590.praxiswagner.lan"

    Jul  6 2013 00:56:09 460204us    Starting Central Thread ...

    Jul  6 2013 00:56:09 460219us    Starting other server processes ...

    Jul  6 2013 00:56:09 460231us    StartCentralThreads: 1 threads to stop

    Jul  6 2013 00:56:09 460277us    Initializing TCP ...

    Jul  6 2013 00:56:09 460312us    Starting TCP/IP Listener on ethernet interface, port 106

    Jul  6 2013 00:56:09 460392us    Starting TCP/IP Listener on ethernet interface, port 3659

    Jul  6 2013 00:56:09 460424us    Starting TCP/IP Listener on interface lo0, port 106

    Jul  6 2013 00:56:09 460451us    Starting TCP/IP Listener on interface lo0, port 3659

    Jul  6 2013 00:56:09 460477us    StartCentralThreads: Created 4 TCP/IP Connection Listeners

    Jul  6 2013 00:56:09 460490us    Starting UNIX domain socket listener /var/run/passwordserver

    Jul  6 2013 00:56:09 462171us    Finished starting other server processes ...

    Jul  6 2013 00:56:09 462197us    -- Password Server successfully started --

    Jul  6 2013 00:56:09 462210us    -- Start time: 1 sec, 189 msec --

    Jul  6 2013 00:56:14 486488us    A network transition was received.

    Jul  6 2013 00:57:31 107158us    Initializing TCP ...

    Jul  6 2013 00:57:31 107229us    Updating interface list due to a network transition.

    Jul  6 2013 01:30:41 200140us    RSAVALIDATE: success.

    Jul  6 2013 01:30:41 207041us    AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

    Jul  6 2013 01:30:41 437596us    A network transition was received.

    Jul  6 2013 01:30:51 439631us    Initializing TCP ...

    Jul  6 2013 01:30:51 439715us    Updating interface list due to a network transition.

    Jul  6 2013 01:35:27 958136us    GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

    Jul  6 2013 01:35:27 964304us    GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

    Jul  6 2013 01:35:27 968991us    GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

    Jul  6 2013 01:35:27 973478us    GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

    Jul  6 2013 01:35:27 978904us    GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

    Jul  6 2013 01:35:27 984291us    GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

    Jul  6 2013 01:35:27 988411us    GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

    Jul  6 2013 01:35:27 993258us    GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

    Jul  6 2013 01:41:17 304670us    AUTH2: {0x2d981648d2b111e28687a8206645a020, scanner} SMB-NTLMv2 authentication succeeded.

    Jul  6 2013 01:48:47 163963us    AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} SMB-NTLMv2 authentication succeeded.

    Jul  6 2013 01:53:01 383104us    AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 02:52:30 645142us    AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 02:54:22 41424us    AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 02:54:33 870304us    AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 03:00:50 17283us    AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 03:01:20 245707us    AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

    Jul  6 2013 03:24:45 454203us    A network transition was received.

    Jul  6 2013 03:24:55 456152us    Initializing TCP ...

    Jul  6 2013 03:24:55 456230us    Updating interface list due to a network transition.

    Jul  6 2013 03:44:22 687941us    GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

    Jul  6 2013 03:44:22 692675us    GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

    Jul  6 2013 03:44:22 697508us    GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

    Jul  6 2013 03:44:22 702690us    GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

    Jul  6 2013 03:44:22 707306us    GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

    Jul  6 2013 03:44:22 712501us    GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

    Jul  6 2013 03:44:22 717495us    GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

    Jul  6 2013 03:44:22 722236us    GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

    Jul  6 2013 03:47:14 3411us    GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

    Jul  6 2013 03:47:14 8520us    GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

    Jul  6 2013 03:47:14 12465us    GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

    Jul  6 2013 03:47:14 16206us    GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

    Jul  6 2013 03:47:14 19713us    GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

    Jul  6 2013 03:47:14 23234us    GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

    Jul  6 2013 03:47:14 26323us    GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

    Jul  6 2013 03:47:14 29406us    GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

  • by JaimeMagiera,

    JaimeMagiera JaimeMagiera Jul 5, 2013 7:08 PM in response to Gerard Dirks
    Level 2 (305 points)
    Jul 5, 2013 7:08 PM in response to Gerard Dirks

    http://support.apple.com/kb/HT4696?viewlocale=en_US&locale=en_US

     

     

    Attempt a connection from a client and follow up in the OD log at that time.

  • by Sergio Batista,

    Sergio Batista Sergio Batista Jul 9, 2013 11:28 AM in response to Gerard Dirks
    Level 1 (0 points)
    Jul 9, 2013 11:28 AM in response to Gerard Dirks

    I have the exact same issue and your fix worked for me.  Mac Mini 10.8.4 Server.  SMB connections do not authenticate.  Even as a Guest User.  

     

    I first lauched Terminal, copied and pasted the commands. One after another.  Tried to authenicate Via smb://ip.of.server and nothing.  Authenication fails.   Them I turned the File Share Server on and off 3 times.  Then Authenication is successful.    For some reason the Terminal commands alone don't fix the issue. 

     

    Thank you for the Fix.  You saved my Bacon.  Hopefully apple fixes this issue. 

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jul 9, 2013 1:48 PM in response to Gerard Dirks
    Level 1 (38 points)
    Desktops
    Jul 9, 2013 1:48 PM in response to Gerard Dirks

    Hello Sergio

     

    It is not a fix, it is a workaround.

     

    After a restart of the server you will need to do it again.

     

    So let's hope apple will be able to make a "real fix"

     

    Gérard