SMB Logon: ImPossible after Restart

Question

Level 1

38 points

SMB Logon: ImPossible after Restart

Hello

Since the introduction of OS X 10.8 and their OS X Server we have an real Problem with SMB logon.

When the Server is restartet it is not possible to connect over SMB with the OS X Server. It always comes with unkown user. We have about 8 Server all have the same problem.

The Windows clients connect to the SMB Server of OS X with an netlogin.bat. Also Our HP MFC Printers uses SMB to drop the Scans to an SMB SharePoint because the OS X Scan driver is toooooo slow.

I openend a lot of Cases about this Problem with Apple but we steill got no fix, only a workaround.

Everytime we restart the server we need to to a lot a manuell handling which makes me angry

1) First Connect with SSH to the Server and do a following CLI-Commands

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO

sudo Defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

2) Then we need to deacitve the filesharing a couple of times till we are able to connect with SMB.

It is for me not acceptable that Apple hasn't fix this bug now for 1 year!!!!

Has other OS X Server User not the same Problem.

Is their a way to fix this?

Regards

Gérard

Mac mini, OS X Server, 10.8.4 with 2.2.1 Server

Posted on Jul 5, 2013 4:19 AM

Reply

Answer 1

Jul 5, 2013 2:30 PM in response to Gerard Dirks

Are these local network users or AD/Third-party LDAP users?

Reply

Answer 2

Gerard Dirks Author

Level 1

38 points

Jul 5, 2013 2:36 PM in response to JaimeMagiera

We have about 12 Servers Ten Server uses OD für the Users, only 2 have Lokal Users, but all have the same Problem :-(

What all servers have is that they running Filemaker Server 12

Reply

Answer 3

Jul 5, 2013 2:39 PM in response to Gerard Dirks

Do you have this problem when a user tries to manually login? (as opposed to using the .bat script or coming from the printer)

Reply

Answer 4

Gerard Dirks Author

Level 1

38 points

Jul 5, 2013 2:44 PM in response to JaimeMagiera

Also the Problem occored manually.

I used for testing this problem the Mounting of an Scan Setting of the HP MFP Printer.

The Problem is also their if you try to manualy make an SMB connection from an mac with cmd-K smb://IP-Adress

Reply

Answer 5

Jul 5, 2013 5:55 PM in response to Gerard Dirks

These are all Windows client machines connecting? Do you get the same results with Mac clients?

Reply

Answer 6

Gerard Dirks Author

Level 1

38 points

Jul 5, 2013 5:58 PM in response to JaimeMagiera

As I write in the previous thread the prblem also occured on mac!

Reply

Answer 7

Jul 5, 2013 6:40 PM in response to Gerard Dirks

Sorry, I missed that in your last sentence. Have you put OpenDirectory in debug mode to see what is happening there? It seems odd that a user related error would be affected by disk ACLs.

Reply

Answer 8

Gerard Dirks Author

Level 1

38 points

Jul 5, 2013 6:51 PM in response to JaimeMagiera

I have really no idea how to put OD in debig mode an read the log what happens their.

Here some entries of the Protocol in the Server-App

-- Start: Server rolled log on: Jul 5 2013 09:20:53 --

Jul 5 2013 09:50:58 264129us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 10:06:23 685419us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 11:44:10 992457us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 14:14:20 121879us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 14:47:19 184105us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 15:11:44 486325us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 5 2013 23:20:57 436530us Error: command: slapconfig -updateaddresses, exitcode = 70.

Jul 6 2013 00:55:57 112150us Registration is finished error: (10, -72000).

Jul 6 2013 00:55:57 114761us Registration is finished error: (10, -72000).

Jul 6 2013 01:30:51 582585us Error: command: slapconfig -updateaddresses, exitcode = 70.

and the Server Error Protocoll

-- Start: Server rolled log on: Jul 5 2013 13:48:04 --

Jul 5 2013 13:48:23 620378us TestPolicies: updating last login time

Jul 5 2013 13:48:23 637037us AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

Jul 5 2013 14:00:09 362424us DoAuth: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

Jul 5 2013 14:00:22 422622us TestPolicies: updating last login time

Jul 5 2013 14:00:22 433835us AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

Jul 5 2013 14:07:45 173761us GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

Jul 5 2013 14:07:45 179319us GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

Jul 5 2013 14:07:45 183144us GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

Jul 5 2013 14:07:45 187326us GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

Jul 5 2013 14:07:45 265953us GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

Jul 5 2013 14:07:45 394862us GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

Jul 5 2013 14:07:45 522851us GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

Jul 5 2013 14:07:51 931139us GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

Jul 5 2013 14:14:09 952722us AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

Jul 5 2013 14:14:10 36514us A network transition was received.

Jul 5 2013 14:14:20 38006us Initializing TCP ...

Jul 5 2013 14:14:20 38137us Updating interface list due to a network transition.

Jul 5 2013 14:26:25 250162us DoAuth: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

Jul 5 2013 14:26:54 124886us TestPolicies: updating last login time

Jul 5 2013 14:26:54 139890us AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

Jul 5 2013 14:47:09 87096us A network transition was received.

Jul 5 2013 14:47:19 88857us Initializing TCP ...

Jul 5 2013 14:47:19 88942us Updating interface list due to a network transition.

Jul 5 2013 14:47:41 647489us A network transition was received.

Jul 5 2013 14:47:51 649475us Initializing TCP ...

Jul 5 2013 14:47:51 649592us Updating interface list due to a network transition.

Jul 5 2013 14:55:58 788745us AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

Jul 5 2013 15:11:34 167067us AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

Jul 5 2013 15:11:34 177007us AUTH2: {0xb6ed29c4d11211e28e03a8206645a020, vpn_0c35fb2dc3c9} MS-CHAPv2 authentication succeeded.

Jul 5 2013 15:11:34 177685us GETPPTPKEYS: requested

Jul 5 2013 15:11:34 382815us A network transition was received.

Jul 5 2013 15:11:44 383780us Initializing TCP ...

Jul 5 2013 15:11:44 383853us Updating interface list due to a network transition.

Jul 5 2013 15:16:52 222893us A network transition was received.

Jul 5 2013 15:17:02 224886us Initializing TCP ...

Jul 5 2013 15:17:02 225005us Updating interface list due to a network transition.

Jul 5 2013 17:59:11 670577us AUTH2: {0x09b08398d2af11e28687a8206645a020, fundus} SMB-NTLMv2 authentication succeeded.

Jul 5 2013 23:20:47 220832us AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

Jul 5 2013 23:20:47 325856us A network transition was received.

Jul 5 2013 23:20:57 326615us Initializing TCP ...

Jul 5 2013 23:20:57 326672us Updating interface list due to a network transition.

Jul 5 2013 23:37:02 392640us GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

Jul 5 2013 23:37:02 397424us GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

Jul 5 2013 23:37:02 401367us GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

Jul 5 2013 23:37:02 405085us GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

Jul 5 2013 23:37:02 408627us GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

Jul 5 2013 23:37:02 412482us GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

Jul 5 2013 23:37:02 415734us GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

Jul 5 2013 23:52:54 825721us AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

Jul 5 2013 23:54:59 558974us AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

Jul 5 2013 23:55:26 187360us AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

Jul 6 2013 00:32:12 917581us AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} SMB-NTLMv2 authentication succeeded.

Jul 6 2013 00:55:33 271826us A network transition was received.

Jul 6 2013 00:55:43 273466us Initializing TCP ...

Jul 6 2013 00:55:43 273555us Updating interface list due to a network transition.

Jul 6 2013 00:55:57 123864us Stopping server processes ...

Jul 6 2013 00:55:57 123896us Closing all incoming connections ...

Jul 6 2013 00:55:57 123911us StopCentralThreads: Stopping Connection Listeners ...

Jul 6 2013 00:55:57 124772us StopCentralThreads: Current Threads: 5

Jul 6 2013 00:55:57 124796us Stopping Network Processes ...

Jul 6 2013 00:55:57 124808us Deinitializing networking ...

Jul 6 2013 00:55:57 124827us Server Processes Stopped ...

Jul 6 2013 00:55:57 124854us RunAppThread Stopped

Jul 6 2013 00:55:57 124870us RunAppThread Deleted

Jul 6 2013 00:55:58 958531us Mac OS X Password Service (pid = 102) was shut down at: Sat Jul 6 00:55:58 2013

.

Jul 6 2013 00:56:08 288653us Mac OS X Password Service version 387.2 (pid = 76) was started at: Sat Jul 6 00:56:08 2013

.

Jul 6 2013 00:56:08 289386us RunAppThread Created

Jul 6 2013 00:56:08 289870us RunAppThread Started

Jul 6 2013 00:56:08 289895us Initializing Server Globals ...

Jul 6 2013 00:56:08 310213us Initializing Networking ...

Jul 6 2013 00:56:08 310263us Initializing TCP ...

Jul 6 2013 00:56:09 460149us SASL is using realm "server8590.praxiswagner.lan"

Jul 6 2013 00:56:09 460204us Starting Central Thread ...

Jul 6 2013 00:56:09 460219us Starting other server processes ...

Jul 6 2013 00:56:09 460231us StartCentralThreads: 1 threads to stop

Jul 6 2013 00:56:09 460277us Initializing TCP ...

Jul 6 2013 00:56:09 460312us Starting TCP/IP Listener on ethernet interface, port 106

Jul 6 2013 00:56:09 460392us Starting TCP/IP Listener on ethernet interface, port 3659

Jul 6 2013 00:56:09 460424us Starting TCP/IP Listener on interface lo0, port 106

Jul 6 2013 00:56:09 460451us Starting TCP/IP Listener on interface lo0, port 3659

Jul 6 2013 00:56:09 460477us StartCentralThreads: Created 4 TCP/IP Connection Listeners

Jul 6 2013 00:56:09 460490us Starting UNIX domain socket listener /var/run/passwordserver

Jul 6 2013 00:56:09 462171us Finished starting other server processes ...

Jul 6 2013 00:56:09 462197us -- Password Server successfully started --

Jul 6 2013 00:56:09 462210us -- Start time: 1 sec, 189 msec --

Jul 6 2013 00:56:14 486488us A network transition was received.

Jul 6 2013 00:57:31 107158us Initializing TCP ...

Jul 6 2013 00:57:31 107229us Updating interface list due to a network transition.

Jul 6 2013 01:30:41 200140us RSAVALIDATE: success.

Jul 6 2013 01:30:41 207041us AUTH2: {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin} MS-CHAPv2 authentication succeeded.

Jul 6 2013 01:30:41 437596us A network transition was received.

Jul 6 2013 01:30:51 439631us Initializing TCP ...

Jul 6 2013 01:30:51 439715us Updating interface list due to a network transition.

Jul 6 2013 01:35:27 958136us GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

Jul 6 2013 01:35:27 964304us GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

Jul 6 2013 01:35:27 968991us GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

Jul 6 2013 01:35:27 973478us GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

Jul 6 2013 01:35:27 978904us GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

Jul 6 2013 01:35:27 984291us GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

Jul 6 2013 01:35:27 988411us GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

Jul 6 2013 01:35:27 993258us GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

Jul 6 2013 01:41:17 304670us AUTH2: {0x2d981648d2b111e28687a8206645a020, scanner} SMB-NTLMv2 authentication succeeded.

Jul 6 2013 01:48:47 163963us AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} SMB-NTLMv2 authentication succeeded.

Jul 6 2013 01:53:01 383104us AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

Jul 6 2013 02:52:30 645142us AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

Jul 6 2013 02:54:22 41424us AUTH2: {0xf979873ad29b11e288d0a8206645a020, untersuchung1} DIGEST-MD5 authentication succeeded.

Jul 6 2013 02:54:33 870304us AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

Jul 6 2013 03:00:50 17283us AUTH2: {0x0512babcd29c11e288d0a8206645a020, untersuchung2} DIGEST-MD5 authentication succeeded.

Jul 6 2013 03:01:20 245707us AUTH2: {0xee64fed8d29b11e288d0a8206645a020, empfang} DIGEST-MD5 authentication succeeded.

Jul 6 2013 03:24:45 454203us A network transition was received.

Jul 6 2013 03:24:55 456152us Initializing TCP ...

Jul 6 2013 03:24:55 456230us Updating interface list due to a network transition.

Jul 6 2013 03:44:22 687941us GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

Jul 6 2013 03:44:22 692675us GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

Jul 6 2013 03:44:22 697508us GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

Jul 6 2013 03:44:22 702690us GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

Jul 6 2013 03:44:22 707306us GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

Jul 6 2013 03:44:22 712501us GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

Jul 6 2013 03:44:22 717495us GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

Jul 6 2013 03:44:22 722236us GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

Jul 6 2013 03:47:14 3411us GETPOLICY: user {0x09b08398d2af11e28687a8206645a020, fundus}.

Jul 6 2013 03:47:14 8520us GETPOLICY: user {0xf979873ad29b11e288d0a8206645a020, untersuchung1}.

Jul 6 2013 03:47:14 12465us GETPOLICY: user {0x0512babcd29c11e288d0a8206645a020, untersuchung2}.

Jul 6 2013 03:47:14 16206us GETPOLICY: user {0xfcf3b5c6d2ae11e28687a8206645a020, perimeter}.

Jul 6 2013 03:47:14 19713us GETPOLICY: user {0x2d981648d2b111e28687a8206645a020, scanner}.

Jul 6 2013 03:47:14 23234us GETPOLICY: user {0xafb8a37cd11211e2a9d6a8206645a020, wagnerdiradmin}.

Jul 6 2013 03:47:14 26323us GETPOLICY: user {0x7bcb13a0d2e911e2adcba8206645a020, vpnadmin}.

Jul 6 2013 03:47:14 29406us GETPOLICY: user {0xee64fed8d29b11e288d0a8206645a020, empfang}.

Reply

Answer 9

Jul 5, 2013 7:08 PM in response to Gerard Dirks

http://support.apple.com/kb/HT4696?viewlocale=en_US&locale=en_US

Attempt a connection from a client and follow up in the OD log at that time.

Reply

Answer 10

Jul 9, 2013 11:28 AM in response to Gerard Dirks

I have the exact same issue and your fix worked for me. Mac Mini 10.8.4 Server. SMB connections do not authenticate. Even as a Guest User.

I first lauched Terminal, copied and pasted the commands. One after another. Tried to authenicate Via smb://ip.of.server and nothing. Authenication fails. Them I turned the File Share Server on and off 3 times. Then Authenication is successful. For some reason the Terminal commands alone don't fix the issue.

Thank you for the Fix. You saved my Bacon. Hopefully apple fixes this issue.

Reply

Answer 11

Gerard Dirks Author

Level 1

38 points

Jul 9, 2013 1:48 PM in response to Gerard Dirks

Hello Sergio

It is not a fix, it is a workaround.

After a restart of the server you will need to do it again.

So let's hope apple will be able to make a "real fix"

Gérard

Reply