Password to SMB/LAN resources appears invalid after OSMC update

LE uses Samba 3.6 (if I remember correctly).

OSMC uses Samba 4.x. They behave very differently after the Badlock CVE. I am not sure if the version LE uses has been patched against this vulnerability.

One of the other main issues is that Kodi still targets an old version of Samba. This is partly because new versions of Samba use WAF as their build system, and Kodi’s depends system is not adapted to handle this.


Hi Ken,

Given your system I wouldn’t have thought LibreElec would be a permanent option for you as it doesn’t really include a full OS, just enough bits to run kodi, so it is very limited as to what else you can use it for: there is no real command line or ability to install other linux packages.

OSMC shouldn’t require anymore samba configuration at the client end than LibreElec - they both use the same version of kodi to generate the same sources.xml file.

It would be interesting to compare the log file between OSMC and LE and also to compare sources.xml & passwords.xml between the two also.

Your use of LE has at least proved that your samba server config is ok.


Try this:

Add videos…
Add network location…
Protocol: Windows network (SMB)
Server name: IP Address
Username: enter share credentials
Password: enter share credentials
Choose the location you’ve just created.

Please feedback as there’s a load of SMB threads at the moment, I’ll write a how to guide once we know what works for everyone.

Thanks Gavin … indeed I wouldn’t want to use LibreELEC permanently - it is quite a bit slower than OSMC anyway and took ages to create the libraries. But the fact that it is Jarvis and worked straightaway was interesting, at least!
I tried changing the content of the smb.conf file of OSMC to that if LibreELEC but that didn’t do much good! There were a few differences to do with LanMan Auth.
Then I copied the data from passwords.xml and sources.xml from Libre to OSMC, but that didn’t do any good either. There were several differences.
I have now just done a new installation of OSMC to clear the air as I have been fiddling with the old installation for quite a while.
Thanks Martin - I will try your approach later this evening with the new installation - my wife is making a very nice stew at the moment so I’ll be off to eat it!

Thanks all

Kenneth Spencer

Hello Martin, and thanks for the idea. Unfortunately, I’m afraid it gave the same end result: cycling through the Lock Settings dialogue repeatedly asking for the password. That in itself rather bemuses me because Lock Settings is disabled in the Configuration options.

Gavin: I posted the logs earlier, using MyOSMC, but I’m not sure where they went! I sent them once as an upload, and once to the SD card, but in neither case am I exactly sure what happened to them. Maybe I should download the log poster add-on, if that’s what people use rather then the MyOSMC option.

OK, it seems that we aren’t over this quite yet!

Thanks again,

Kenneth Spencer

Just saw this.

This is quite outdated, and I believe it is intentional in the latest version of Samba not to connect to insecure shares. Security is essential for OSMC. OSMC uses Samba 4 with Badlock CVE patches.

I think you may need to upgrade to a newer version of Samba (Raspbian Jessie is recommended). I’m not sure Debian Wheezy’s LTS improvements have been continued to Raspbian.

I did not see you were using Samba 3.6 as a server. LE will connect as it also uses 3.6, but this is not ideal.


1 Like

Thanks, Sam. I’ll have a look at that tomorrow. I’m hoping it won’t then break everything else!

Kenneth Spencer

I will probably go quiet on this thread for a while. Following Sam’s recent comment, I shall investigate possible upgrades of the server OS, and Samba to later versions.

At present, and for a long time, everything (except KODI Jarvis/16.1) has worked faultlessly, and any new configuration of the server will need to continue to support three websites (hosted on a further RPi) two of which sites involve significant traffic in large files (music video files and virtual pipe organ sample set data) provided from the server. A new configuration will also probably involve an update of WebMin 1.8, and LDAP Account Manager 3.7, which also run on the server.

I’ll report progress (if any!!)

Best wishes,

Kenneth Spencer

If a command line mount works OK, set that up in fstab instead of Kodi

Hi Ken,

I think Sam is probably correct, I’ve done some reasing around myself and the version mismatch will not help that’s for sure.

You can probably confirm this quickly by checking the smbd.log on the samba server, you should see the connection attempt from your OSMC box and also the refusal and the reason for it.

You’re right to be concerned about your other services though, you will likely need to upgrade Samba on all of your Linux machines.

Do you have a spare RPi? If so, you could set that up as an upgraded PDC and one by one try the other machines against it keeping the current one running so you can fail back as necessary.

In the meantime you may be able to downgrade Samba on your otherwise upgraded OSMC box and the hold the Samba package to prevent it upgrading again until you’re alk sorted, that way you can have all the other upgrades and fixes.


  1. Thanks Sam - I have played around with trying a command line SMB mount in preparation for putting it into fstab, but I will try that again.

  2. Thanks Gavin. Your idea of downgrading the Samba client on the OSMC RPi sounds like a good thought. I will play with that.
    I do have a couple of spare RPi machines. But at present I am happy to load in whatever SD Card with the OSMC under test, as I can’t watch or listen to media while I am fiddling withOSMC!

You also mentioned looking at the Samba log on the server. So just now, I booted my card with OSMC 16.1, and then tried connecting to the share to get hold of the videos on the server. Here is the result (there were several attempts!):
First a successful connection from OSMC v15:
[2016/09/08 13:15:50.391832, 1, pid=31428, effective(0, 0), real(0, 0)] smbd/service.c:1114(make_connection_snum)
_ node4 ( connect to service NoBackup_N initially as user kass (uid=1001, gid=100) (pid 31428)_
[2016/09/08 13:15:50.516612, 1, pid=31431, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:2550(ldapsam_getgroup)
_ ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3949262546-995700555-407426867-513)): count=7_
[2016/09/08 13:15:50.522098, 1, pid=31431, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:2550(ldapsam_getgroup)
_ ldapsam_getgroup: Duplicate entries for filter (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3949262546-995700555-407426867-513)): count=7_
[2016/09/08 13:15:50.528662, 1, pid=31431, effective(0, 0), real(0, 0)] smbd/session.c:86(session_claim)
[2016/09/08 13:17:25.081222, 1, pid=31428, effective(0, 0), real(0, 0)] smbd/service.c:1378(close_cnum)
_ node4 ( closed connection to service NoBackup_N_
(I think that the duplicate entries refers to the fact that the user belongs to more than one group)

Then, a failed attempt from OSMC v16:

[2016/11/15 23:11:54.070848, 1, pid=13820, effective(0, 0), real(0, 0)] smbd/service.c:805(make_connection_snum)
_ create_connection_session_info failed: NT_STATUS_ACCESS_DENIED_
These entries don’t mean a lot to me, but they do show that the request to Samba fails so that no call is made to the LDAP Account Manager. Maybe they mean more to you!

If or when anything significant happens, I’ll let you know!

Best wishes

Kenneth Spencer

At Sam’s suggestion, I have played around more with trying to get a command-line mount of the Samba share when using OSMC v16.1.

This was the command-line I tried first:
mount.cifs // /mnt -o user=[user on server],pass=[password],sec=ntlm
This evoked the message:
mount error(13) permission denied

It tried again, with “username” instead of “user”, and then “password” instead of “pass”, but got the same error.

Then I tried each security version from the list of sec options (e.g. ntlm2). Nearly all gave the mount error(13) message above, one or two may have given “invalid argument” but none worked.

Then I created a file, .credentials, in /home/[user] with permissions at 400 and content as:
username=[Samba server user]
I then retried the command line, modified as:
mount.cifs // /mnt -o credentials=/home/[user]/.credentials,sec=ntlm
This evoked the message:
mount error(13) permission denied
as seen earlier.

Maybe there is another version of mount to use with the cifs/smb protocol?

I don’t know whether any of that helps, but it certainly has me beaten! I think that, if i/we ever solve this one I’ll invite Sam, Gavin and Martin to a champagne party!

Best wishes,

Kenneth Spencer

Are you running a domain controller?

I have always found Linux problematic with this. I use PBIS (used to be Likewise Open) to join clients to the domain.


Yes, Sam, I am indeed running the server RPi as a domain controller. LDAP Account Manager is the software I use, but that doesn’t prevent OSMC 15 from working, and has worked with the previous RaspBMC versions as well.

Incidentally, as an addendum to my immediately previous post, I tried smbclient to get a list of shares:
smbclient -L node2
And got the following answer:
session setup failed: NT_STATUS_LOGON_FAILURE
This matches the error message in the smb.log on the server, so I am thinking I have an incorrect security protocol specified, possibly in /home/osmc/.smb/smb.conf ?
Or, alternatively is this conf file overidden by the /etc/samba/smb.conf settings (maybe these are for an smb server, which I haven’t configured in the OSMC machine.)

Perhaps I’ll have a look on the actual server smb.conf file for clues regarding the security protocol.

Thanks again,

Kenneth Spencer

Hello Gavin … may I be so bold as to ask whether you have any hints as to downgrading the samba on the OSMC 16.1 installation?

Thanks alot!

Kenneth Spencer

Use strace to find out what configuration file is being used.


It seems from the strace output that the /etc/samba/smb.conf file is being used.
Therefore I copied the contents of the /home/osmc/.smb/smb.conf file (it has global params only), into it, but that action hasn’t altered anything.
One thing I did note however, was that smbclient went looking for a collection of directories which seemed to be related to the several sec protocols. But it found none of them. I suppose that when smbclient was run, no sec protocol was supplied. But the error at the end of the trace, the message was NT_STATUS_INVALID_PARAMETER. That leads me to think that something is indeed wrong with the security protocol.

I shan’t be online much for the next two days, not over the weekend, so there’s no hurry!

Best wishes,

Kenneth Spencer

Hi Ken,

I think you’re right. What’s happening is that the newer version of Samba on the newest OSMC install is no longer able to use the lower security access method required by the older version of Samba on your PDC.

In the long run the best solution will be to upgrade the PDC to a newer version of Samba, but that has possible impacts on everything else as discussed above.

In the short term I think you have two choices:

  1. Identify which protocol is causing the problem and see whether your existing PDC is capable of handling the higher security protocol and if so add that to the configuration. This post may give you an insight into which protocol you’d need to change.

  2. Downgrade the version of Samba on your OSMC box to that which was used in the last known working version. To do this run dpkg -l | grep -i samba (that’s a lowercase L at the switch) on your current version and also on the last known good version (the version is the string of numbers in the 3rd column. You’ll see a lower version on the 2015 setup and a higher one on the newest one. To perform the downgrade take note of the lower version number(s) and for each package which has a different version run sudo apt-get install <package_name>=<version_number>.

Hope this helps you get back up and running.


AFAIK that would only have an impact if he uses fstab based mounts.

Thanks Gavin (and fz).

I will look at the downgrade option on the OSMC machine, because I cannot really mess about with the Samba on the PDC machine - although I might try Samba v4 experimentally at some point. I had discounted Samba v4 on the PDC because it was only available in Beta when I was building the PDC originally, but I note that now the LDAP Account Manager may be happy with it.

I did try changing the security protocol on Samba v3 on the PDC to ntlmv2, but it appears that Samba v3.6.x does not support the “sec” parameter and I couldn’t easily see an alternative for changing it.

I will do the dkpg thing and get the appropriate version installed over the next few days and let you know what happens. And yes, fz., I will try adding the shares to fstab, which has of course, thus far failed.


Kenneth Spencer