I have been struggling with this issue for at least a month. I am running a Windows 2012 Server which holds my media files. Since I have not been able to use Samba, I had to set up NFS. It's been working kind-of OK, but recently it's been indicating some tv shows at 0B (they are not!) and therefore refusing to play them.
So today I decided to try the suggestions in this post. I turned off SMB1 & 2 via Powershell:
Quote:PS C:\Users\Administrator> get-smbserverconfiguration
AnnounceServer : False
AsynchronousCredits : 64
AutoShareServer : True
AutoShareWorkstation : True
CachedOpenLimit : 5
AnnounceComment :
EnableDownlevelTimewarp : False
EnableLeasing : True
EnableMultiChannel : True
EnableStrictNameChecking : True
AutoDisconnectTimeout : 0
DurableHandleV2TimeoutInSeconds : 30
EnableAuthenticateUserSharing : False
EnableForcedLogoff : True
EnableOplocks : True
EnableSecuritySignature : False
ServerHidden : True
IrpStackSize : 15
KeepAliveTime : 2
MaxChannelPerSession : 32
MaxMpxCount : 50
MaxSessionPerConnection : 16384
MaxThreadsPerQueue : 20
MaxWorkItems : 1
NullSessionPipes :
NullSessionShares :
OplockBreakWait : 35
PendingClientTimeoutInSeconds : 120
RequireSecuritySignature : False
EnableSMB1Protocol : True
EnableSMB2Protocol : True
Smb2CreditsMax : 2048
Smb2CreditsMin : 128
SmbServerNameHardeningLevel : 0
TreatHostAsStableStorage : False
ValidateAliasNotCircular : True
ValidateShareScope : True
ValidateShareScopeNotAliased : True
ValidateTargetName : True
EncryptData : False
RejectUnencryptedAccess : True
PS C:\Users\Administrator> set-smbserverconfiguration -enablesmb1protocol $false
PS C:\Users\Administrator> set-smbserverconfiguration -enablesmb2protocol $false
When I attempted to create the share again after turning off SMB, the message changed from "Operation not permitted" to "Connection timed out".
Then I went to enable the Guest account as a last attempt and I noticed that it was enabled! I disabled that account and changed the SMB settings back to true.
When I went back to setting up the SMB shared on this computer, the shares displayed immediately! It did not ask for username/password. It was magical.
You can see how desperate I was to get the shares set by viewing its
permissions.
Well, somehow the error messaging started again. I lost all the shares I had defined. When I went to create a new share, the moment I selected the Windows 2012 server, the message popped up - Operation not permitted.
There was another machine in my workgroup, loaded with Windows 7. When I selected that machine, it asked me for my credentials in order to access the shares offered by that machine.
So why is there this difference?
Perhaps more importantly, why am I able to access the Windows 2012 shares via a Nexus 7 (patched to current version) tablet? It asks for the Windows 2012 credentials and I am able to access those shares.
Openelec must be doing something differently than Windows 7 and Nexus 7 do.
AGAIN sorry for necroing a slightly old thread (did 2 of em today but this one and the other are "connect" in the error department..)
but i have been working on a similar issue for a LONG time now, i have a raspberry pie that at the time had openelec on it version 4.X and trying to get to the system with the SMB shares it would just not do ANYTHING upgraded it to 5.x openelec/kodi and no changes. finally got it to repeat on my amazon fire tv with kodi installed, but it would actually give the error "operation not permitted"..
Looking at the system logs on that windows machine that had the SMB shares, i could see it attempting to login with 'guest' and failing, but for some odd reason from that point kodi/xbmc said "fuck it" and didn't give me the chance to log in past that using a domain account OR even another local user account on that machine.. The only solution i have found was to edit the Sources.xml file under userdata..
<video>
<default pathversion="1"></default>
<source>
<name>Movies</name>
<path pathversion="1">smb://DOMAIN;USERNAME
ASSWORD@###.###.###.###/directory/directory/</path>
<allowsharing>true</allowsharing>
</source>
</video>
is an example, i am not sure if your issue was behind a domain (i suspect not because your were trying to surf to workgroup), for some odd reason under very specific circumstances xbmc/kodi does NOT (after failing to connect via guest) give you the prompt to enter a username/password, i can only get it to do this connecting to a windows 2012 R2 machine that is acting as a hyper-v host machine (and host for the raid shares), however the 2 VM domain controllers also running 2012 R2 i can connect to just FINE (gives me the popup to inter a username and password)..
After reading this post, i am suspecting it may not be a xbmc/kodi issue at all but a Android software one perhaps, (but also shows up in the Fire OS that amazon TV uses)
just wanted to throw out a possible long term solution, it is a bit of a pain to input it by hand, but once you have your shares hooked up, hopefully you won't have to edit it ever again..
BTW props to DBMandrake who posted about editing sources.xml, i also see you attempted to do this wingman, and it did not work, but did you set it up with a username/password AND if you were using a domain, the domain name too??
You're right, I'm in a workgroup not a domain. I tried changing the sources.xml file as described above. After making this change and rebooting, I did see the new source. However, clicking on it gives the same message - Operation not permitted!
I was tired of this so I just shared out NFS mounts from Windows 2012 - it works in Openelect.
I read with amusement in this thread that it must be an issue related to Windows 2012 and its SMB protocol. When I'm sitting in front of Openelec and watching content via the NFS shares, my Android effortlessly connects to the SMB shares on that same Windows 2012, which Openelec cannot.
Interesting..... it is obvious something is funky here with android/kodi, i found more reports of this same error dealing with certain brands of NAS or RAID devices (stand alone ones).. The odd part is i can't seem to reproduce that is weird with my one 2012 r2 hyper-v host machine...i can get to other 2012r2's no problem i just have to put in name/pw and it automatically logs into the domain on that machine, but this one machine it just won't do it.. Another idea i had was making a separate local account on that machine, but that was option 2 if setting up that SMB link like that did not work..
So are you getting the error trying to go to "workgroup" not just trying to go to a machine UNDER the workgroup?? Glad you got it working with NFS, i have zero experience with that type of share, so i really hated to have to move to it
that is why i kept working on it (also the fact my GF wanted to watch a movie stored on the server, that she no longer could after i "upgraded" it and it stopped working hahaha)
Glad ya got it working, i hope someone much smarter than I might make sense of what is happening, when kodi is freaking out on certain systems and only trying the guest account and not letting us put in a name/pw.. also another temp idea/fix might be adding a "domain" field to setting up a share WITHIN kodi (so you don't have to edit the sources.xml directly) i tried putting my "name" as DOMAIN:name" but that didn't work it tried to log in with that FULL name then not breaking it up between domain and name..
I feel for you with your frustrations. That's why I gave up and did NFS. It's easier to get working than SMB (which does not).
I don't understand your comment about funkiness with android/kodi. My Nexus 7 can easily control the Openelec(Raspberry Pi) device. And, as I said earlier, it can get to the SMB shares on the Windows 2012 machine. But I don't like the RDP app to Windows 2012. It's difficult for me to navigate.
No, I can open my 'Workgroup' and see two machines under it, the Windows 2012 and a Windows 7 box. If I click on that server box, boom, 'operation not permitted'. But if I click on the 7 box, it asks for username and password. It then exposes a window with no shares, since the 7 box does not define any.
ah ok that makes more sense then, if you looked at the (i believe it is) system log under event viewer, you would see a "login failed" because the kodi tried to log in with the guest account, that failed (that is normal) but then instead of giving you the option to input a valid username/password it just quits with that error.. no idea WHY.. if you were to setup a direct share (under kodi) and input a valid username/password for an account that is on the 2012 R2 machine i bet it would work.. OR (as some suggested) unlock the guest account (i wouldn't do this..)
the majority of times i have seen the "operation not permitted" it is ALWAYS dealing with a SMB connection, and more often than not dealing with a windows 2012 OR a standalone NAS/RAID box, it also seems to be MAINLY dealing with kodi, but i saw a handful of people have issues just using raw android, (what some versions of android working and some not...
wtf...) yet those same machines could use ES explorer and get to the SMB just fine, i suspect kodi/xbmc is relying on some pre-existing code that seems to be shared between multiple linux variations (for sample android/openelec/fireOS/etc).. it is that code that is causing xbmc/kodi to throw out that error, and i have NO clue why, i can only guess windows 2012 under certain circumstances is sending a failure to login reply that is confusing the machine requesting the login...
part that confuses me to no end is why two of my 2012 r2 machines work and one does not.. by any chance do you have any type of raid setup on your 2012 server?? my 2012 R2 Hyper-v host machine is using "storage solutions" the built in software raid that windows has.. i mirrored a few drives to see how it worked..
I really don't get it: there are only a few things to do to enable any device to access SMB shares hosted by Win 7/8/2008(R2) or 2012(R2).
1. Allow File- and Printersharing for your local network(s), be it a domain or a workgroup or both, on your server(s)
2. Create a user (local or domain) on those servers that you'll later use to authenticate your clients
3. Make sure that this given user has full access to the shares as well as being allowed to write/change the changes data (if the connecting Kodi client should be able to export nfo's etc)
4. Now configure your sources from one client (I usually do this initial setup with a Windows client) using the user's credentials from step 2 and allow Kodi to save those credentials
5. You'll end up with a passwords.xml and a sources.xml inside your %appdata%\Kodi\userdata folder
6. Copy those to the corresponding paths of your remaining clients and you're good to go
Did it that way countless times and never ever had any problems: right now I'm having 3x Win7-, 1x Win8.1-, 2x Android-, 1x iOS and 1x RPi-clients (OpenElec) connecting to SMB-shares on a Server 2012R2 and a Win7 box and it just works.
gomfedj, the server just has a 120GB SSD and a 2TB WD disk, no storage pools.
(2015-02-26, 10:07)Fry7 Wrote: [ -> ]I really don't get it: there are only a few things to do to enable any device to access SMB shares hosted by Win 7/8/2008(R2) or 2012(R2).
1. Allow File- and Printersharing for your local network(s), be it a domain or a workgroup or both, on your server(s)
2. Create a user (local or domain) on those servers that you'll later use to authenticate your clients
3. Make sure that this given user has full access to the shares as well as being allowed to write/change the changes data (if the connecting Kodi client should be able to export nfo's etc)
4. Now configure your sources from one client (I usually do this initial setup with a Windows client) using the user's credentials from step 2 and allow Kodi to save those credentials
5. You'll end up with a passwords.xml and a sources.xml inside your %appdata%\Kodi\userdata folder
6. Copy those to the corresponding paths of your remaining clients and you're good to go
Did it that way countless times and never ever had any problems: right now I'm having 3x Win7-, 1x Win8.1-, 2x Android-, 1x iOS and 1x RPi-clients (OpenElec) connecting to SMB-shares on a Server 2012R2 and a Win7 box and it just works.
I agree no idea WHAT is causing this issue, and why it is obviously only a select FEW 2012 R2 systems that have the issue (or i suspect we would see MANY MANY more posts!).. I can see both clients attempt to connect to the server with the guest account but neither kodi setup then attempt to ask me a login/pw to try a second time (with an authenticated account).. if i enable the guest account bang! works great.. but otherwise i get the error "operation not permitted" and the only way i found around it was to create a full link in the sources.xml.. all my other machines on the domain connect to that server just fine (mix of win xp, 7 , 2012 r2's).. Weirest part the kodi boxes can get to my OTHER 2012 r2 machine just fine.. i can't figure out what is "special" about that one machine... Though i just had an idea, that perhaps because it is not a domain controller it is doing something different.......
I guess that throws the "raid" idea out the window Larzeb, though i did just realize perhaps it has something to do with the machine just being a domain controller.. i will test this when i can by setting up a 3rd 2012 R2 virutal machine that is NOT a DC and see if i can get to it...
**I know this is older, but figured I would close the loop**
First off to the couple people bitching all of this is pretty simple if you're technical (evtmon shows guest trying to login since I don't want guest enabled guess I have to pass login/pass during connect) which is what this kind of thing is geared towards. If you aren't technical you should look into a Roku or if you have MKVs go get a WDTVLive...
Windows requires a username/password if you have guest off (which you should). Samba clients for other Android and Linux based apps have built in a username/password prompt that they built this stuff doesn't come off of a shelf, but for OpenElec they assume some level of technical knowledge or ability to find the answer (it's not for us to say one way or the other unless you are helping with the project). Since you have guest disabled (if you don't care about it being on then enable guest because as you can see in your evt it's using guest right...) you must pass login/password when connecting to a SMB share. Go to Music or whatever you want to add a share to, then right click Music (or choose add instead), choose edit, double click the existing path, and you want to use (if you have a domain) smb://domain:username:
[email protected]/Share/Folder (case matters) with XXX's being your server's IP or off a domain it would be smb://user:
[email protected]/Share/Folder with XXX's being your server's IP. At this point it should connect and you should now have a passwords.xml in the Userdata folder. Another option is to edit the sources.xml manually and then create the passwords.xml as the examples show in the bottom of this post. Yet another option is to mount the share on boot which is one of the first hits on Google when you search for OpenElec SMB (RTFM as they say).
If you still get the error after doing the above you have one of a few possible screwups on your part.
1) You already tried logging in as guest - the login/pass is already cached so you have to reboot
2) You screwed up the case
3) Your using the wrong credentials
In the below examples only Music is configured, but you just edit as needed using Music as the example or use the GUI or do it at boot, it's pretty straight forward.
Sources.xml:
Code:
<sources>
<programs>
<default pathversion="1"></default>
</programs>
<video>
<default pathversion="1"></default>
<source>
<name>Videos</name>
<path pathversion="1">/storage/videos/</path>
<allowsharing>true</allowsharing>
</source>
<source>
<name>TV Shows</name>
<path pathversion="1">/storage/tvshows/</path>
<allowsharing>true</allowsharing>
</source>
</video>
<music>
<default pathversion="1"></default>
<source>
<name>Music</name>
<path pathversion="1">smb://XXX.XXX.XXX.XXX/Media/Music</path>
<allowsharing>true</allowsharing>
</source>
</music>
<pictures>
<default pathversion="1"></default>
<source>
<name>Pictures</name>
<path pathversion="1">/storage/pictures/</path>
<allowsharing>true</allowsharing>
</source>
</pictures>
<files>
<default pathversion="1"></default>
</files>
</sources>
Passwords.xml for non-domain (you more than likely have to create this file):
Code:
<passwords>
<path>
<from pathversion="1">smb://XXX.XXX.XXX.XXX/Media</from>
<to pathversion="1">smb://User:[email protected]/Media/TV/</to>
</path>
</passwords>
Passwords.xms for domain (you more than likely have to create this file):
Code:
<passwords>
<path>
<from pathversion="1">smb://XXX.XXX.XXX.XXX/Media</from>
<to pathversion="1">smb://Domain:User:[email protected]/Media/TV/</to>
</path>
</passwords>
If you still have trouble read up on how to use Samba as that will solve your problem.
I fell over this one today with the latest Openelec6 build with Kodi for the Pi2.
Reading the posts above there are different issues here and very different versions of Windows which operate totally differently.
First one is that Kodi will try to browse the available shares either as guest or as anonymous.
Windows7 Home allows this directly
Windows7 above home does not but it can be enabled in Policy
Windows Server versions do not allow you to browse the available shares as anonymous. I don't know if you can do this via policy as I don't want my servers advertising their shares to non authenticated users.
So Kodi should, when it fails to read the shares list, ask for a username and password. It has done in previous versions so I don't see why it should not in later versions.
However let's park that for a second.
The next one is SMB and NTLM versions. Windows8, 10 and Server 2012r2 default to V2 and above. V1 of the protocols is disabled by default. Kodi should deal with this as I have two different Pi's pointed at the same server, one works (older Openelec5) and one does not.
There is a setting in the smb.conf which deals with later protocols and the line is
client NTLMv2 auth = yes
So I have one Pi (Openelec5), which can browse the server. The other one (Openelec 6), cannot.
I don't use the xml setup, I can't be bothered, I simply use the Add network location option. If you use this, select smb and the server (I used IP) and share and give username and password, then it should configure. You can then open the location from the list and see the folders inside the share.
That, for me, is the fastest way to know if it is the initial SMB login handling which is failing. My shares are only shared by user name so there is no question of anonymous or guest logins to use them.
My £55 NeoTV box, which runs on busybox, handles it flawlessly. One of my two Pi machines handles it correctly also. The other does not.
Kodi may be a free piece of software and it may be done out of developers spare time, however there is no Kudos in saying "I was one of the developers of one of the best free Media players in the world, but people went away because they couldn't get it to work with their storage systems which were using SMB".
xBox One is pushing itself into the home server and media centre space and the PS3/4 are doing the same. Both of which have excellent software for handling SMB. If Kodi wants to remain relevant and "in the space" they need to resolve issues like this. The SMB interface is excruciatingly documented, the EU courts made Microsoft document it. Ignoring that documentation and just "doing something" with SMB on the tin is not quite the kind of deliverable I would be proud of giving to my user base. I am well aware of the attitude in the Linux/Unix development space about Microsoft protocols; however that's the world we live in and doing a bad job is not the answer......
For what it's worth...
This is one of the better posts I've seen in a while. The original poster did a great job describing the issue in detail and multiple people detailed different reasonable solutions.
I was particularly happy to come across this one, as it was exactly the issue I was seeing.
Big thank you to all who contributed.