diff --git a/vendor/smb-server/src/builder.rs b/vendor/smb-server/src/builder.rs
index b8be03d..63c6b44 100644
--- a/vendor/smb-server/src/builder.rs
+++ b/vendor/smb-server/src/builder.rs
@@ -75,9 +75,10 @@ impl Share {
     }
 
     /// Grant `access` to the given (already-registered) user. Multiple calls
-    /// accumulate.
+    /// accumulate. Username is normalized to lowercase for SMB case-insensitive
+    /// matching.
     pub fn user(mut self, name: impl Into<String>, access: Access) -> Self {
-        self.users.insert(name.into(), access);
+        self.users.insert(name.into().to_lowercase(), access);
         self
     }
 
@@ -163,7 +164,7 @@ impl SmbServerBuilder {
     }
 
     pub fn user(mut self, name: impl Into<String>, password: impl Into<String>) -> Self {
-        let n = name.into();
+        let n = name.into().to_lowercase();
         if !self.users.contains_key(&n) {
             self.user_order.push(n.clone());
         }
diff --git a/vendor/smb-server/src/handlers/negotiate.rs b/vendor/smb-server/src/handlers/negotiate.rs
index 9e76e30..63fb7d1 100644
--- a/vendor/smb-server/src/handlers/negotiate.rs
+++ b/vendor/smb-server/src/handlers/negotiate.rs
@@ -118,13 +118,13 @@ pub async fn handle(
             data: signing_data,
         };
 
-        // ENCRYPTION_CAPABILITIES — advertise AES-128-GCM and AES-128-CCM.
-        // GCM is preferred (SMB 3.1.1+), CCM is for Windows 8 compat (SMB 3.0).
+        // ENCRYPTION_CAPABILITIES — advertise a single cipher (AES-128-GCM).
+        // Samba smbclient enforces cipher_count == 1 in the response
+        // (smbXcli_negprot_smb2_done: cipher_count != 1 → INVALID_NETWORK_RESPONSE).
         let encryption_caps = EncryptionCapabilities {
-            cipher_count: 2,
+            cipher_count: 1,
             ciphers: vec![
                 EncryptionCapabilities::CIPHER_AES_128_GCM,
-                EncryptionCapabilities::CIPHER_AES_128_CCM,
             ],
         };
         let encryption_data = {
diff --git a/vendor/smb-server/src/proto/auth/ntlm.rs b/vendor/smb-server/src/proto/auth/ntlm.rs
index eb8a57b..b231d43 100644
--- a/vendor/smb-server/src/proto/auth/ntlm.rs
+++ b/vendor/smb-server/src/proto/auth/ntlm.rs
@@ -743,7 +743,7 @@ impl NtlmServer {
 
         Ok(AuthOutcome {
             identity: Identity::User {
-                user: auth.user.clone(),
+                user: auth.user.to_lowercase(),
                 domain: auth.domain.clone(),
             },
             session_key,
@@ -1008,7 +1008,7 @@ mod tests {
         assert_eq!(
             outcome.identity,
             Identity::User {
-                user: "User".to_string(),
+                user: "user".to_string(),  // lowercase per SMB case-insensitive matching
                 domain: "Domain".to_string()
             }
         );