[Samba] SMB share access for machines which are not joined to the domain?

Rowland penny rpenny at samba.org
Tue Jun 25 16:20:49 UTC 2019

On 25/06/2019 17:11, Goetz, Patrick G via samba wrote:
> Samba 4.7.6 running on Ubuntu 18.04, with host joined to an AD domain as
> a domain member.
> I have all this working perfectly for SMB clients which are joined to
> the domain, however I need to provide SMB access (if possible) to a
> handful of machines that are not domain members and can't be made domain
> members.  Is there any way to do this?
> I thought configuring "allow hosts" in smb.conf with the IP addresses of
> the 2-4 machines in question might work, but this seems to restrict all
> access, in particular blocking domain-joined clients when configured.
The only way would be to add 'map to guest = bad user' to [global] and 
'guest ok = yes' to the share you want to connect to, then connect with 
a user that is unknown to the domain.

This is very insecure, as the share will be wide open and everything in 
the share will belong to the Unix guest user (not to be confused with 
the Windows guest user) and any user will be able read anything.

Why can the machines not be joined to the domain ?


More information about the samba mailing list