Can't Access SMB 2/3 Share on macOS from Intel NUC w/LE

  • Hello,

    I've been trying to get myself moved 100% off of SMB1 for a while, but unfortunately my Nvidia Shield will only support SMB1 until they decide to drop an update with Oreo, which supposedly supports SMB 2/3. Now that the Linux kernel is correctly handling bitstreams, my Intel NUC has become a viable primary video player with LE. (I have an Atmos receiver, so I had to stick with the Shield for that functionality until I decided to jump to LE Alpha-land.)

    Anyway, I've been working on accessing a single macOS High Sierra share (my music) since...I believe it was LE 8.2. No luck.

    -I understand that I cannot browse - I don't care - I know the path.

    -I have a Guest account allowing file sharing.

    -File Sharing is enabled.

    -The folder I need access to is shared and set to my username RW, Everyone RO.

    -"Share Folders Using SMB" is ticked, and so is my username in the Windows File Sharing area below.

    -Windows 10 Pro, which I dual-boot on my NUC, can see the share.

    -When I choose Zeroconf in LE, I see "MACMINI (SAMBA)" listed, but nothing happens when I hit enter - makes sense...can't browse, I know that.

    -When I type in smb://192.168.86.254/Music/ I get a Unix Operation Not Permitted Error

    -smb://192.168.86.254:445/Music/ - same result

    -smb://MACMINI/Music/ - same result

    -smb://MACMINI:445/Music/ - same result

    -I created nsmb.conf in /etc/ on the Mac per the suggestion of about 10 websites, with the line "signing_required=no"

    -restarted LE - same result

    -Someone else suggested that choosing dynamic global hostname in File Sharing along with my username and password might work.

    -restarted LE - same result

    -And a thousand other things that I can't remember

    -It may be worth noting that the Guest account can't be ticked for Windows File Sharing, because it's not listed. Thought I could add it....

    -Tried to create account name "Guest," because stock account name is "Guest Account" - but macOS said that the word guest is reserved or something like that.

    Every once in a while I spend eight to ten hours trying to figure this out. I've probably invested 40-50 hours overall. HELP!

    Thank you

  • Well I'd venture to guess that nobody else has a clue either.

    I found ~/.smb/smb.conf in macOS; very much bare bones. Since the GUI won't allow LE access to shared folders, maybe just come in from behind and kick it into gear?

    ---------------Begin macOS default smb.conf---------------

    [global]

    preferred master = no

    local master = no

    domain master = no

    client lanman auth = yes

    lanman auth = yes

    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536

    lock directory = /Users/alexsisk/.smb/

    name resolve order = bcast host

    ---------------End macOS default smb.conf---------------

    Made a backup... why not just add a home section like below?

    [Music]

    path = /Volumes/Media Storage/iTunes/iTunes Media/Music

    available = yes

    browseable = yes

    public = yes

    writeable = yes

  • Well that just made things worse. Even after I restored the original smb.conf and rebooted. URLs .... smb: are not supported.

    Anyone care to step in here? Things are going from bad to worse. All I'm trying to do is connect LE to a macOS share.

  • I found this YouTube video that may help

    External Content www.youtube.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.

  • I take that back. I was thinking of another video. This guy is talking about SMBUp, which is another thing I tried months back. The software isn't maintained (and it didn't fix the problem.) :(

  • IDK much about MAC OS but have you tried creating a user account other than one called "Guest" Try making one called "kodi" and giving it a password. (Required for SMB 2/3 iirc).

    Later you can figure out how to hide the user from a login screen if you need to do that.

  • Wow I was really stuck inside the box with regard to thinking on this one. macOS likes you to create "Sharing Only" accounts that sort of exist in the background, but you're totally right - I was easily able to do that with one named kodi, password kodi... nice and simple.

    The strange thing is, now it works, but I never entered that username and password in LibreELEC at any point. I selected the option in LibreELEC settings under "Services" to "Use Samba Password Authentication," for a sec, but I noticed that the defaults were username libreelec, and pw libreelec. I was going to try putting in kodi, kodi (as I had created on my Mac) but it worked without even bothering. So strange. I've been trying to get it to work for months and it finally just works....

    Thanks for the suggestion.

  • That's great news! Glad I could help.

    I had forgot I changed my default name from libreelec, and changed the PW. I try to stay clear of defaults just in case somebody were to make it past my firewall. Did you at anytime change the minimum SMB in LibreElec back to SMB v1? Just wondering because you said you didn't have to change the default username/pw.

    To tighten up your security now that you got it working I would check that v2 is the minimum. Then if the connection fails go ahead and update your default name/pw in LE like you mentioned. Then try again.

    Otherwise, if you are already have the minimum set to v2 perhaps LE or Kodi has a backdoor that you discovered "kodi/kodi" (I would hope this is not the case).

  • Yes I did have it set to allow for 1-3 previously. Now it's just set to allow 2-3. You're right - makes sense to avoid defaults.

    Some more thinking also got me wondering if Little Snitch connection monitoring software (recent acquisition - I kinda forgot about it) possibly blocked the incoming request. My Intel NUC w/LibreELEC is in another room, so I may have missed a prompt asking me if I was OK with the incoming request.