Comment 9 for bug 1701073

Confirmed. The bug will happen wherever opening a symlink to a directory with O_DIRECTORY||O_NOFOLLOW returns ENOTDIR instead of ELOOP (and you have to be using protocol SMB2 or higher):

xenial:
andreas@nsn7:~$ mkdir -p /tmp/cve/a
andreas@nsn7:~$ ln -s /tmp/cve/a /tmp/cve/b
andreas@nsn7:~$ python -c 'import os; os.open("/tmp/cve/b", os.O_DIRECTORY|os.O_NOFOLLOW)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
OSError: [Errno 40] Too many levels of symbolic links: '/tmp/cve/b'
andreas@nsn7:~$

Same thing on artful:
root@15-89:~# mkdir -p /tmp/cve/a
root@15-89:~# ln -s /tmp/cve/a /tmp/cve/b
root@15-89:~# python -c 'import os; os.open("/tmp/cve/b", os.O_DIRECTORY|os.O_NOFOLLOW)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
OSError: [Errno 20] Not a directory: '/tmp/cve/b'
root@15-89:~#

Samba is only checking for ELOOP, which means the ENOTDIR error surfaces:
(my [cve] share points at /cve)
root@15-89:~# ls -la /cve
total 12
drwxr-xr-x 3 root root 4096 Jun 30 19:20 .
drwxr-xr-x 24 root root 4096 Jun 30 19:20 ..
drwxr-xr-x 2 root root 4096 Jun 30 19:20 a
lrwxrwxrwx 1 root root 1 Jun 30 19:20 b -> a
root@15-89:~# smbclient //localhost/cve -U ubuntu%ubuntu -m SMB2 -c "ls /b/"
WARNING: The "syslog" option is deprecated
Domain=[ARTFUL] OS=[] Server=[]
NT_STATUS_NOT_A_DIRECTORY listing \b\
root@15-89:~#

When using SMB1 (which is the default, so you get the same without specifying -m):
root@15-89:~# smbclient //localhost/cve -U ubuntu%ubuntu -m SMB -c "ls /b/"
WARNING: Ignoring invalid value 'SMB' for parameter 'client max protocol'
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Ubuntu]
  b D 0 Fri Jun 30 19:20:37 2017

  30831504 blocks of size 1024. 23550704 blocks available

On my xenial LXD samba container, it works all the time, and my host is xenial too, so it's the right kernel. I'll double check with a VM, though.