Win 11 and SMB2 for NSA325v2 - Firmware NSA325_4.81(AAAJ.1)

I would like to come back with some clarifications (year 2024) for those who want to stop having problems with samba in windows 10. This post is based on Mijzelf's tutorials (Thank you). So let's start:
Install samba 3.6.25 on a ZyXEL fw4 nas (Tested on zyxel nsa325 with latest firmware)
https://zyxel.diskstation.eu/forum/viewtopic.php?f=4&t=24
In the web interface of nsa325 in packages install and enable the Entware-ng package
ATTENTION!!! Also from the interface, disable Recycle Been from all created shares
It will be installed in /opt
su
cd /opt/bin
./opkg update
./opkg install zyxel-samba-replacement # will automatically pull the samba server

/opt/etc/init.d/S08samba stop
chmod a -x /opt/etc/init.d/S08samba

chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement start

That's it. It can be confusing that by executing '/opt/etc/init.d/S09ZyXELSambaReplacement start' you see samba stopping, and with '/opt/etc/init.d/S09ZyXELSambaReplacement stop' you see it starting. That's the samba firmware. The replacement script always stops one, and starts the other.

To definitively solve the problem with the shares, including creating new shares:

Copy /etc/smb.conf to /opt/etc/samba: cp /etc/smb.conf /opt/etc/samba
Modify the ZyXELSambaReplacement.conf file as follows:

[Global]
#client max protocol = SMB2
max protocol = SMB2

#include = /etc/samba/smb.conf
include = /opt/etc/samba/smb.conf

Attention!!! This will completely bypass the samba conf from the original firmware. I recommend this because the original configuration comes with very old settings and with major security problems, in the following I will also give an example of a .conf that works perfectly with windows 10.

[global]
workgroup = Whatever
domain master = no
local master = no
preferred master = no
os level = 100
server string = NSA325
netbios name = NSA
dos charset = UTF8
display charset = UTF8
unix charset = UTF8
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
guest account = pc-guest
map to guest = Bad User
write ok = yes
force create mode = 777
force directory mode = 777
force security mode = 777
force directory security mode = 777
auth methods = guest sam_ignoredomain
max log size = 50
host msdfs = yes
; lanman auth = yes
;Permit authentification NTLMv2 for clients.
client ntlm auth = yes
;Allow NTLMv1 and higher authentication, allowing Windows to start with a less secure protocol and negotiate at a higher level
ntlm auth = yes
kernel oplocks = no
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=131072 SO_RCVBUF=131072
use mmap = yes
max xmit = 131072
min receivefile size = 128k
unix extensions = no
wide links = Yes
oplocks = yes
level2 oplocks = no
max smbd processes = 128
printing = cups
printcap = /etc/printcap
load printers = yes
use sendfile = yes
passdb backend = smbpasswd
veto files = /.grive*/

This is the [global] section; I disabled lanman authentication because it is old and insecure and i enable NTLMv1 and v2.

Now you can restart smb or just reboot the machine. And with that linux part is over, now just make sure windows 10 use NTLMv2 (It should be default but don't risk it)

Windows 10 settings
Modify the Local Security Policy as follows:

1. press the windows key and R
2. secpol.msc
3. Navigate to Local Policy - Security Options
4. Double Click on Network security: LAN Manager authentication level
5. Select: Send LM & NTLM - use NTLMv2 session security if negotiated
6. Apply then OK
7. Reboot then wait a bit as it takes until it takes.

That's all folks.
These settings will allow you to see the NAS in the Windows 10 network, to map network disks and most importantly to create and modify the shares as you wish (Attention !!! I only put the [global] section in the conf.. .I didn't put the section with the shares that remain as you configured them in the original conf). This example does not change the behavior of Android phones in any way.