5
Samba server: Raspberry Pi3, running osmc media server (I believe this is a down-scaled Raspbian version). Samba version: 4.2.10
Domain controller: Windows 2012
Windows client: Windows 10 Evt. 64-bit
Before I set up the domain controller and connected the Win10 client to it, I was able to access the smb shares on the smb server without problems.
After connecting the Win10 client to the AD, I can see the smb server, but I'm not able to log in ("Access denied").
EDIT: Naturally, I've tried logging in to the samba share with WORKGROUP\username, which according to some should work. It doesn't.
From what I'm reading, this is because of the smb server not supporting the smb client version (3?) used by Windows 10. So, since there is no Windows 10 help to be found, I tried this MS article for Windows 7:
https://support.microsoft.com/en-us/kb/2696547
I disabled smb version 2 and 3, and enabled version 1, as suggested in another forum. When I rebooted the machine, the Win10 client wasn't even able to SEE the smb shares. When I disabled version 1, and enabledf version 2 and 3 again, I was back to the client seeing the share but not being able to log in.
Anyone know how to fix this? It was also suggested to join the smb/linux server to the Windows domain, but since the easy solution for that doesn't work on the Pi3 architecture, I'm reluctant to try installing Kerberos and all that stuff manually, since I really don't know much about it. Also, I excpect that some essential package doesn't exist for the Pi3, and I'll be stuck halfway through with a more or less broken system.
It seems that several people claim that disabling samba 2/3 works for them. Strange that this doesn't work for me, on either the Win 10 client og the Win 2008 server. And MS seems to be more or less unwilling to help with this too - which is not uncommon, in my experience.
The smb.conf file (unchanged after the installation):
[global]
config file = /etc/samba/smb-local.conf
workgroup = WORKGROUP
security=user
follow symlinks = yes
wide links = no
unix extensions = no
lock directory = /var/cache/samba
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
log level = 1
map to guest = bad user
usershare template share = automount template
read raw = Yes
write raw = Yes
strict locking = no
min receivefile size = 16384
use sendfile = true
aio read size = 2048
aio write size = 2048
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
[osmc]
browsable = yes
read only = no
valid users = osmc
path = /home/osmc
comment = OSMC Home Directory
[automount template]
browseable = yes
-valid = no
valid users = osmc
path = %P
hide files = /$RECYCLE.BIN/System Volume Information/desktop.ini/thumbs.db/
UPDATE
I gave up on the Windows AD server, and set up a Samba DC instead. Incredibly, the EXACT same problem is present when the Windows 10 computer is logged on to the Samba domain. And the Samba DC is also unable to access the same samba share(s), getting "Access denied".
It seems that Samba is the real source of pain and suffering here, and there doesn't seem to be any way to fix it either. The solution must be to use only Windows as file servers.
So you run a business with an RPi server ? – None – 2016-09-29T11:43:10.510
Nah, it's just a home project with a server borrowed from work. Why? – Frank H. – 2016-09-29T11:46:08.153
Does it yield a better error message than just
Access denied
anywhere. Anything in the eventviewer? Did you check that you are still using the same account? (E.g not previously working with a computer local accounts and now switched to a domain account which has insufficient credentials on the Pi?). – Hennes – 2016-09-29T13:04:24.303Not sure where in the even viewer I'd expect to find any more details? The security to log reports an "audit success" for the event, specifying the account and credentials used. As for the account used, it's a samba share with only one valid user (on the samba server), and this is the user I'm trying to use. The same user that I'm able to log in when the Win10 machine is not logged on to the 2008 AD. – Frank H. – 2016-09-29T13:11:12.243
Samba has supported SMB3 for quite some time now. Also, Windows 10 can of course connect to older versions no problem. Do you have any group policies defined that might interfere with SMB connectivity? Like requiring Kerberos or whatever? – Daniel B – 2016-10-01T16:14:54.977
Not that I know of, but I'm no AD expert, so I'm not sure where to look for it? The AD is "vanilla", with no custom configuration other than the domain name. – Frank H. – 2016-10-04T12:43:09.160