2

I have an OS X Server 5.2 over which I run File Sharing over AFP and SMB. AFP works fine but the same accounts that work with AFP from Mac do not work with SMB over Windows. I have changed the Authentication levels to different versions of NTLM under local security policy in Windows client but no success!

I have created /etc/nsmb.conf with different configs such as

[default]

minauth=ntlm

streams=yes soft=yes

notify_off=yes

I have forced the server to use SMB v1 by having

protocol_vers_map=1 in the global nsmb.conf but no success!

It seems to me that OS X Server needs to store the SMB passwords local and it cannot do this when I create directory users. Actually directory users are not listed when I check under System preferences > Sharing > File Sharing > Options (I see only local users)

Although under Server App > File Sharing everything is set correctly. Thanks for your inputs!

Feri
  • 91
  • 2
  • 9
  • Are you bound to the ldap server? This is under the bottom right of "Users & Groups." The first step is fixing why you are not actually browsing network users, for sure. Also are you able to mount using SMB in OSX? This is the recommended share by default since 10.9 in OSX, so I would recommend using only SMB or at least until you verify it works in OSX, and then hopefully in Windows. – bourneN5years Mar 05 '17 at 00:32
  • Also is your Mac also running the Sierra that matches 5.2 Server? For sure the Macs are throwing lots of fits, for example, SMB versions to match up, when they are not similar versions. Once you are getting the ldap straight, you may (similarly) find that the SMB versions in Windows are in compatible with this version of OSX. – bourneN5years Mar 05 '17 at 00:33
  • @bourneN5years The LDAP and SMB packages on the Mac OS X Server are those coming with OSX Server Package. I had the OS X Sierra and just purchased the OSX Server package from Apple Store and installed it. I assume everything is compatible! The point is that SMB works between Win and Mac Server when the users are local directory users but not when their type is local network directory users on the same Mac OS Server. These are two different types of users on OSX Server when you create a new user... So LDAP, SMB, Users etc. are all on the same machine... – Feri Mar 06 '17 at 08:13
  • I was talking about the clients... but glad you got it figured out, also below is interesting, I will take another look for sure! thx – bourneN5years Mar 07 '17 at 20:59

1 Answers1

1

I found the solution. It might be of interest of some OSX Server Admins too:

To authenticate OD, LDAP or MS Active Directory users over SMB protocol, Samba needs OSX Server IP which is used by SMB clients (Windows clients) to be listed in LDAPv3 configurations in "Directory Utility". (See attached image)

Simply add the IP using manual button as below

After this configuration, Samba will work with "Local Network Directory" or OD users on the OS X as well as users from a bound MS Active Directory.

Alternatively I could also workaround this problem by adding the local OSX server IP to its /etc/hosts file and then map it with the FQDN of that OSX server. It worked that way too.

In bottom-line, the default settings of OSX server comes with 127.0.0.1 whose SMB service will only work with local users not OD or ADS users.

Feri
  • 91
  • 2
  • 9