Analyzing SMB behavior when different client OS connect (Mainly OSX)

edit

The story about "all clients need the same operating system" sounds weird. IMHO this is a matter of the samba client configuration.

Try to analyze the handshake between client and server

• Will both systems use TCP port 445? Or do they fail back to port 139?
• hint: It should be 445.

• Will they agree on a common SMB dialect?
• hint: should be at least SMB 2.002 or higher.

• Will the devices establish a SMB session? This would be like a logon to the server
• hint: Make sure that the clients do not send a Lan Manager Hash in the response. The presence of the hash might cause the server to refuse the connection. This depends on the security policy and is hard to find in the log files.
• hint: Check if the client sends NTLM or NTLM v2 hash or both. Check with the server if NTLM hashes are refused
• hint: Check if both sides share the same signing policy (Signing enabled / signing required)
• Extra hint if you are using a domain: Check if the client could obtain the required Kerberos tickets

• Check if the Tree Connect Request names the correct share name.
• hint: \hostname\share and not \ip.address\share
• hint: Are you using only ASCII characters for the share name? Or are you struggling with Unicode characters?

• Check if your DFS referrals work.
• hint: No trace file, no comment

Good luck

Eddi