[Samba] to shares access from non-member clients/nodes

Rowland penny rpenny at samba.org
Fri Aug 30 16:25:51 UTC 2019

On 30/08/2019 17:12, lejeczek via samba wrote:
> hi guys,
> with Samba as below
> [global]
>      workgroup = NNNR
>      netbios name = PA2
>      realm = PRIVATE.REALM.MINE
>      kerberos method = dedicated keytab
>      dedicated keytab file = /etc/samba/samba.keytab
>      create krb5 conf = no
>      security = user
>      domain master = yes
>      domain logons = yes
> Should nodes/clients outside of domain (non-members) be able to access
> (with user+pass) Samba shares?
> many thanks, L.
99% of that smb.conf is for a Unix Domain member, but 'security = user' 
should be 'security = ADS' and it wouldn't be a PDC (domain master = 
yes) because it is using kerberos.

There are also no auth lines that are required for a Unix domain member.

To put it another way, that is a borked smb.conf.

If you just want a standalone server, see here:


If you want something else, please explain just what you are trying to 


More information about the samba mailing list