Hi there, I got several problems making filesharing working on OpenWrt -- mainly because windows 10 lastest updates confuses the server a lil'. Tried a lot of stuff on my first samba install, including forcing SMB2 protocol (didn't tried the trick to disable force-encrypt on windows registry) .
Incredibly, I got now samba4 working flawlessly, with user logins, almost with no config (cfg template at the end).
Important: my kernel was compiled with all POSIX ACL and ACL kernel flags enabled.
W10 client is with smb1/cifs client installed, smb1 removal and server uninstalled, and smb direct uninstalled.
This is how luci-samba screen looks:
Note that force root causes effect only on writeable shares, with it unmarked, the owner of the created file is the user, behavior what binds to my needs (always have the directories correctly mounted, because if the shared folder doesn't exists, will throw an error):
root@warezRAID:/mnt/warezRAID/incoming# ls -l 0*
-rwxr--r-- 1 wrz users 59453 Feb 9 22:57 01.png ### not getting 0755, dunno why, np for me
-
Install the packages. I just installed samba4 (ksmbd was already installed, but I removed it AFTER installing almost all samba pkgs [except luci-app-samba4] to not remove kernel stuff what we will need -- I compiled my kernel version), made very minor changes, and that's it. I'll let my installed pkgs list at the end. Note that I LETTED ksmbd-avahi-service and wsdd2 pkgs because they share the name of the server via Active Directory services.
-
I guess the cat's jump was making the linux user WITHOUT a group, and with the SAME login of Windows (you can confirm at your c:\users folder), with the following cmd:
useradd -M -N -s /bin/false <nameofwinlogin>
Then, I added the user in samba:
smbpasswd -L -a <nameofwinlogin>
Don't forget to set the SAME windows passwd. If your win acct doesn't have pass, I don't know if it'll work -- leave some feedback.
And:
smbpasswd -e <nameofwinlogin>
And that's it, saved and applied all, didn't tried to connect at glance and did a reboot.
###template for cfg
[global]
netbios name = |NAME|
interfaces = |INTERFACES|
server string = |DESCRIPTION|
unix charset = |CHARSET|
workgroup = |WORKGROUP|
#bind interfaces only = yes
deadtime = 15
enable core files = no
security = user
#smb encrypt = default
invalid users = root
map to guest = Bad User
null passwords = yes
passdb backend = smbpasswd
#smb passwd file = /etc/samba/smbpasswd
## LAN (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT) WiFi (SO_KEEPALIVE) try&error for buffer sizes (SO_RCVBUF=65536 SO_SNDBUF=65536)
socket options = IPTOS_LOWDELAY TCP_NODELAY
#aio read size = 0
#aio write size = 0
#aio write behind = /*.tmp/
#use sendfile = yes
#blocking locks = No
load printers = No
printcap name = /dev/null
disable spoolss = yes
printing = bsd
#dns proxy = No
#idmap config * : backend = tdb
mdns name = mdns
#disable netbios = Yes
#local master = no
#preferred master = yes
#smb ports = 445 139
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
delete veto files = yes
#Filesystem and creation rules
## reported filesystem type (NTFS,Samba,FAT)
#fstype = FAT
#dos filemode = Yes
## file/dir creating rules
#create mask = 0666
#directory mask = 0777
#force group = root
#force user = root
#inherit owner = windows and unix
Pkglist:
[https://drive.google.com/file/d/1qwjlI_C6gBpZHIrVnTsUaaH_lIcR5lV5/view?usp=share_link]
Also, I did a firewall rule (only in my openwrt router, not in my openwrt samba4/nfs server) for allowing it visible by ipv6 from outside (ipv4 cgnatted here), tested on a portscan website and it's ok, but didn't managed yet how to make a remote w10 connect (nor my ddns ipv6 or the ipv6-literal site worked).
Note: "do not track" instead of "accept" didn't worked here for the job.
Hope it helps several ppl to recover their own lifetimes, geezzz! Last 24hs had been painful. 
LK