In addition to offering file sharing using the Mac-native Apple Filing Protocol (AFP), Apple also includes an option for the Server Message Block (SMB) protocol so you can share files with Windows machines.
Unlike the AFP option that is enabled for the whole system, the SMB service is enabled or disabled for individual users in the Sharing preferences pane. Unfortunately, in some instances after upgrading from OS X 10.6 to OS X 10.7 Lion, some people who have had the SMB service enabled are finding they cannot disable it for their accounts. When they enter their passwords at the prompt, instead of turning off SMB the system claims the incorrect password was given, and keeps SMB enabled. This happens even though the same password successfully allowed the user to log into the account in the first place.
One possible reason for why this is happening is an incompatibility with how the SMB configuration in Lion is authenticating with the system directory to grant access or account changes. In OS X Lion, Apple had to switch its windows file sharing technology from the open source Samba suite to an in-house developed suite because of changes to the licensing for Samba. Because of this switch, some configurations that worked in Snow Leopard might experience odd problems when used for the different software in Lion.
To fix this problem, as described by Apple Discussion poster SanderFromH, you will need to switch the entries for your account's authentication authority configuration. It appears that Apple's SMB tool may only access one of these for some systems, and switching them forces the tool to use the appropriate one. You can do this with the following procedure:
- Back up your system
Switching these entries in your account configuration should not affect how other system services authenticate, but as a precaution before modifying this aspect of your account be sure to back up your system. Use a cloning tool or Time Machine (preferably both) to make a full and restorable backup of your system before continuing.
- Open Directory Utility
Go to the /System/Library/CoreServices/ folder and open the Directory Utility application.
- Locate your user account
In the Directory Utility program, select Users in the Viewing menu, and select "/Local/Default" as the node. Then ensure the lock next to these menus is unlocked (you will have to authenticate as an admin if it is locked). After doing this, select your account name from the list on the left, which by default should show your full account name and not the short one.
- Locate the AuthenticationAuthority tag
In the right-hand box, find the AuthenticationAuthority tag in the Name column, expand it by clicking the triangle next to it, and note that in the Value column next to it there are two listings: one on the same line as the "AuthenticationAuthority" that begins with "Kerberos" in as its value, and the one below it that begins with "ShadowHash" as its value.
- Cut the top-most entry
Select the entry that begins with "Kerberos," and in the box below the Name/Value list, you should see a long list of numbers and letters. Select all of this text and press Command-X to cut it to the clipboard (if you make a mistake, you can always click the Revert button at the bottom of the window). After doing this, go back to the Name/Value list and click the "ShadowHash" entry. When you select it, the "Kerberos" entry you just cut will disappear and entries will shift upward, so be sure that the "ShadowHash" entry is selected.
- Paste the copied entry
With the ShadowHash entry selected, click the plus sign next to it, and a new entry will be made with "new_value" as its contents. In the box below, select the new_value text and press Command-V to paste in the copied "Kerberos..." text. At this point you have switched the order of these two values.
- Save and close
With the text pasted, save the file and close it.
When this procedure is completed, you should now be able to change the SMB sharing settings in the Sharing system preferences.