[Samba] SMB share access for machines which are not joined to the domain?

Goetz, Patrick G pgoetz at math.utexas.edu
Tue Jun 25 17:37:23 UTC 2019

On 6/25/19 11:21 AM, Gregory Sloop via samba wrote:
> You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain.
> Something like - Connect as: User: "somedomain\pat" with Pat's password.

When we try this from a machine that is not connected to the domain, 
authentication fails:

C:\Users\cns-dbr2717>net use * \\cns-bio-krak1.austin.utexas.edu\emtifs 
System error 1311 has occurred.

We can't sign you in with this credential because your domain isn't 
available. Make sure your device is connected to your organization's 
network and try again. If you previously signed in on this device with 
another credential, you can sign in with that credential.

We experimented, switching between

     security = ADS
     security = user

This doesn't seem to matter for domain users connecting from a domain 
host, but neither work for a domain user connecting from a non-domain 
host.  Connecting to a Windows SMB server, this does work.

Some information found online seems to suggest that this (domain user, 
non-domain host) *would* work if we were running winbind, but Rowland 
seems to suggest this isn't the case, either.  In theory it should be 
possible to run sssd and winbind on the SMB server, but we put some 
minimal effort into this and couldn't get it to work.  Likely will work 
in a couple of software iterations.

More information about the samba mailing list