First of all, just having the proper URL to connect to the server is important. So if your server is called “MY-SERVER” and has an IP address of 192.168.1.1, and your share is called “MyShare,” you can format the URL in either of the two following ways:
When you try this and your Windows clients can’t connect to the Mac server, here are a few things you can try:
1. Enable NTLM authentication on your macOS server:
Enable NTLM with:
sudo serveradmin settings smb:ntlm auth = "yes"
If you’re using a very old Windows client version, can also try adding Lanman support, as below:
sudo serveradmin settings smb:lanman auth = “yes”
And you can confirm that the change worked by running:
sudo serveradmin settings smb
2. Add server NetBIOS / workgroup name to authentication credentials:
Depending on the version of Windows you’re using on the client machine, you may need to include the server NetBIOS name (or workgroup name) before the username, separated by a backslash (“\”), as part of the login credentials.
So for username "dave" with NetBios name “MY-SERVER, the full "name" in the login window would look like:
You can check the NetBios name of your server with the "serveradmin settings smb” command, and look for the "smb:NetBIOSName” parameter in the output.
3. Allow both NTLM v1 and v2 authentication on your macOS server:
The versions of the NTLM protocol that a Mac server will allow are specified in the following file:
Which is located in "/Library/Preferences.”
However, this file doesn't exist by default in a new installation. So in order to enforce this authentication parameter, you need to create the file in that location, with the following contents:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Give the machine a reboot, and this will allow Mac OS Server to accept both NTLMv1 and NTLMv2 authentication.
4. Enable ACL support:
One other handy tip when you’re connecting Windows clients to a Mac server (this time related to authorization and not authentication) is to enable ACL support for the SMB service (as I mentioned earlier this year in this post), which can ameliorate all kinds of permissions issues that plague only Windows machines. You can do this as follows:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES
Disabling ACL’s again (should you need to) can be done like so:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO
After doing either one, I’d suggest restarting the SMB service on your server, as follows:
sudo serveradmin stop smb
sudo serveradmin start smb
After running either of the above, you can re-issue the “sudo serveradmin settings smb” command to make sure the changes took.