SMB and Lion

The new samba file sharing in Lion (and in Mountain Lion) breaks things sometime. I have a zfs drive that I’m sharing using samba from Lion and a strange thing is happening: I cannot see the share from the command line on another machine:

> mount -t smbfs '//user:pwd@server.local/Media' /Users/user/Media
mount_smbfs: server rejected the connection: Authentication error

However, if I go to the server, disable and enable file sharing, everything works as expected. I traced the problem to a race condition during the server OS startup. Apparently, file sharing starts up before some security configuration is finalized, so when I try to mount the share, the server fails to correctly authenticate the request (I see errors in kdc.log: NTLM domain not configured). If I restart the file sharing, all the prerequisites are in place and authentication succeeds. I added a small startup script to /Library/LaunchDaemons that restarts smbd after the system is done loading:

cat >
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
        <string>sleep 60;touch "/Library/Preferences/SystemConfiguration/"</string>

Update: Do not forget to change the owner of the file to root and change the permissions:

sudo chown root:wheel
sudo chmod 0644

It will ask you for an administrator password.

  1. mike said:

    another bug (or feature) in os x server?

    • Anton said:

      It’s the regular Mac OS X, not the server version. But, yes, a bug.

  2. mike said:

    oooops ๐Ÿ˜‰

  3. Simon Lau said:

    Thanks for fixing the smb authentication bug.

    There’s another nasty samba bug: on a Windows machine, you cannot copy large files (eg, over 1GB) to a Mountain Lion smb share.

    In short, Apple now turns the Windows sharing feature into unstable/unreliable sh*t.

    Hope you can come up with a workaround. Thank you in advance.

  4. Thierry said:

    Hi, thanks a lot for the trick i was expecting.
    Unfortunately it doesn’t work on my mini with 10.8.2.
    The touch……plist command works great if i put it in the terminal : instantly my smb restarts and all my shares are available on my PCs.

    But the plist file, CHmoded to 770 and placed in /library/LaunchDaemons doesn’t work for me.
    To enable those .plist scripts, do I have something more to do, or just to put them in the launcdaemons folder and restart ???

    It’s only 2 weeks i’m a mac user, so i’m still learning.

    • Thierry said:

      Ok i’ll reply to myself, maybe it will help other people, the mistake i made is that i was the owner of the .plist, so i just had to change owner to root, and that s perfect. Thank you very much for the script.

      • Franck said:

        Thanx Thierry ๐Ÿ™‚

  5. Hello,

    We had the same problem on 4 Mac Mini running Mac OS X 10.8.2!
    Your solution worked flawless

    Thank you!

  6. Prickly said:

    Many thanks. Fixed the problem with HP Scanner scanning to OSX share on network.

  7. Alain said:


    this script looks very interesting since I have the problem to log from a window’s PC into my Mac, and also to scan document over my local network to my mac.

    However I am not too familiar with the internal of Mac OS X. To make sure I understand properly, I have a couple of questions. Long script lines on this page appear truncated in my web browser.

    Does: “<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "; (What I see in my browser)

    should read: "

    and: sleep 60;touch “/Library/Preferences/SystemConfiguration/co (What I see in my browser)

    should read: sleep 60;touch “/Library/Preferences/SystemConfiguration/>

    Finally how would I change the file owner to root?

    Sorry to be so basic.

    Thanks for your Help.


    • Anton said:

      Yea, the wordpress template style cuts it off. If you select the content of the gray rectangle with the code, copy, and paste it into Terminal, it should transfer correctly.

      To change the owner (and group) you use “sudo chown root:wheel” It will prompt you for an administrator password.

      You should probably check the permissions and set them to rw-r–r–: “sudo chmod 0644”

      • Alain said:

        Thanks for your reply. I assumed I would have to create the file in the “/Library/LaunchDaemons” directory as mentioned at the beginning. Going into terminal in the “/library/LaunchDaemons” directory with administrator privilege when I issue the “cat >” I get a permission denied. Do I have to login as root? From what I see only System as got read/write permission on that directory.

    • Anton said:

      sudo allows you to do tasks as root without logging in as root explicitly. You can do sudo like this:

      sudo cat >

      or you can create the file in your home directory and then move it over

      sudo mv ~/ /Library/LaunchDaemons

      • Alain said:

        Hello Anton,

        “sudo cat > …” got me a permission denied but I was able to create the script in a personal directory, change owner, permissions and move it to “/library/LauchDaemons”. I am now able to connect pc’s on my local network reliably and also to scan from my Epson network multifunction printer to my Mac. I had been searching internet for a long time and had also contacted Apple support (paid) and Espon support. Neither had a clue about the problem.

        Many thanks for the script and your help in dealing with terminal.


  8. Brian said:

    Hi Anton,
    Thanks heaps for this excellent suggestion.
    I’m getting in my logs:

    Jun 14 20:20:01 minnie[153] ([293]): Exited with code: 1

    so I guess there’s something amiss.

    I’m running OS X Server 10.8.4

    I put your .plist script in Library/LaunchAgents
    because Library/LaunchDaemons doesn’t exist in OS X Server as far as I can see.

    Does that sound correct?

    Any ideas why I’m getting Exited with code: 1

  9. Thanks a lot for this post. I had this issue since I bought my iMac last december, and I even called the Apple support line. They weren’t aware of the issue at the time and couldn’t help me at all.
    Now it finally works, thanks to you!
    Can I quote and put a link to your post on my blog? I’d like to share this with people not that familiar with the Terminal, so I would put some additional info but based on the content from your post.

    • Anton said:

      I’m glad that it helped. Feel free to share.

  10. Pre said:

    Thanks a lot! this worked for me, I have been working on this issue since past few months! Great work!

  11. Matthew Cho said:

    Thank you!
    This resolved my issue.

  12. Tony said:

    After trawling Google for hours trying to find a solution for “Permission Denied” on my OS X Samba share, you have solved my problem. I tested the solution by switching File Sharing off and then on and found that now I can connect from Ubuntu to my OS X Samba share (Mountain Lion 10.8.5). Have installed your restart_smb script, but not tested yet. AT last I understand the problem and know how to fix it.

    Many Thanks,
    Asante Sana,

    – Tony (Australia)

  13. garegin said:

    after you paste the cat command, you have to hit control z to stop the process, otherwise the cat just wait for more input.

    • Anton said:

      Ctrl+z will put the process into background. I guess, you meant Ctrl+d.

  14. smccollough said:

    Thanks YOU! This worked and fixed my small network after we upgraded to 10.7.5 I have software that has to run on this version and sure enough we were going crazy with the broken SMB. Well done. Most of the sites talked about some complex solution with Samba3. This was very straightforward!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: