Can't access Samba shares from desktop but can from laptop

[dmpm]

I edited /etc/samba/smb.conf and added a few shares, and from my Windows desktop I was able to open the Run box and type \\10.10.55.198 and it opened a folder in Explorer showing all the shares. I wasn't able to login to the ones where I hadn't set 'guest ok = yes' regardless of which username I used, but the couple of folders that I'd enabled guest access for (media and software) were browsable.

Then I tried to set the media folder to only allow access to certain users and to be writeable by using 'valid users =' and restarted smbd (which I'd done many times before) and now I can't access any of the shares, even if I comment out the entry for media and restart smbd again. I also tried rebooting the PVE server, but when I try to access \\10.10.55.198 now I just get an error "Windows cannot access \\10.10.55.198"

Before it would show the shares without prompting for a username and password, it was only when I tried to access one of them that didn't have guest access enabled that it would prompt for credentials, so I don't understand why it's stopped working. I checked whether there are any saved connections with 'net use * /del' but that confirms "There are no entries in the list".

How do I get Samba working again?

 

[dmpm]

I tested using a laptop and when I entered \\10.10.55.198 it prompted me for a username and password and I logged in with the media account and it let me access the shares.

In smb.conf under [global] I've got:

client min protocol = SMB2
client max protocol = SMB3
protocol = SMB3
client ntlmv2 auth = yes
dns proxy = no

workgroup = WORKGROUP

log file = /var/log/samba/log.%m[/CODE]
log level = 3
syslog = 0

I read a suggestion to manually add the credentials under User Accounts - Credential Manager, so I tried that on the desktop but it didn't help so it seems to be ignoring that.

I read another suggestion to edit /etc/samba/smb.conf and comment out the line 'map to guest = bad user', then edit /etc/samba/smbd.conf and add 'username map = username.map' and create a new file called username.map and add 'linuxuser = windowslogin@outlook.com' where linuxuser is the user you want to use to access the shares and windowslogin@outlook.com is the account that you're logged in to Windows as, but that didn't work. In the samba log I saw an error about not being able to find the username.map file but I created it in /etc/samba and chmod 775'd it so I don't know why it can't see it.

If I comment out the username map line in /etc/samba/smbd.conf, I see this in the log:

[2025/01/12 16:59:46.394149, 1] ../../source3/smbd/smb2_tcon.c:245(smbd_smb2_tree_connect)
smbd_smb2_tree_connect: reject request to share [IPC$] as 'PVE\dee' without encryption or signing. Disconnecting.

dee is one of the shares, but as I'm only trying to view the top-level when I try to connect to \\10.10.55.198 I'm not sure why it's giving an error about sharing the dee folder.

There's also this:

[2025/01/12 16:59:46.389493, 3] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [MicrosoftAccount]\[dee] at [Sun, 12 Jan 2025 16:59:46.389476 GMT] with [NTLMv2] status [NT_STATUS_OK] workstation [I5] remote host [ipv4:10.10.18.64:50868] became [PVE]\[dee] [S-1-5-21-2243287844-1900603482-152639096-1002]. local host [ipv4:10.10.55.198:445]
{"timestamp": "2025-01-12T16:59:46.389546+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:10.10.55.198:445", "remoteAddress": "ipv4:10.10.18.64:50868", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "dee", "workstation": "I5", "becameAccount": "dee", "becameDomain": "PVE", "becameSid": "S-1-5-21-2243287844-1900603482-152639096-1002", "mappedAccount": "dee", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 4913}}
[2025/01/12 16:59:46.389580, 2] ../../source3/auth/auth.c:324(auth_check_ntlm_password)
check_ntlm_password: authentication for user [dee] -> [dee] -> [dee] succeeded

The [MicrosoftAccount]\[dee] bit is strange, as the only credentials I've saved are with the username 'media', so I don't know where it's getting dee from, but at the end it says authentication for dee has succeeded and it still doesn't let me connect.

 

[dmpm]

I have another Proxmox server on \\10.10.18.198 and I can connect to to the shares on that from my desktop.

If I do 'systemctl status smb' on either server, it shows at the end:

Jan 12 23:13:40 pve smbd[118691]: pam_unix(samba:session): session opened for user dee(uid=1001) by (uid=0)

Strangely, if I open a privileged command prompt and run 'net view \\10.10.55.198 it lists the shares, but if I run 'net view \\10.10.18.198' it says "
System error 5 has occurred. Access is denied." So it lists the shares for the server than I can't access but gives an error for the server that I can access.