[Samba] SMB share access for machines which are not joined to the domain?
Goetz, Patrick G
pgoetz at math.utexas.edu
Tue Jun 25 17:37:23 UTC 2019
On 6/25/19 11:21 AM, Gregory Sloop via samba wrote:
> You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain.
> Something like - Connect as: User: "somedomain\pat" with Pat's password.
>
When we try this from a machine that is not connected to the domain,
authentication fails:
C:\Users\cns-dbr2717>net use * \\cns-bio-krak1.austin.utexas.edu\emtifs
/user:austin.utexas.edu\dbr2717
System error 1311 has occurred.
We can't sign you in with this credential because your domain isn't
available. Make sure your device is connected to your organization's
network and try again. If you previously signed in on this device with
another credential, you can sign in with that credential.
We experimented, switching between
security = ADS
and
security = user
This doesn't seem to matter for domain users connecting from a domain
host, but neither work for a domain user connecting from a non-domain
host. Connecting to a Windows SMB server, this does work.
Some information found online seems to suggest that this (domain user,
non-domain host) *would* work if we were running winbind, but Rowland
seems to suggest this isn't the case, either. In theory it should be
possible to run sssd and winbind on the SMB server, but we put some
minimal effort into this and couldn't get it to work. Likely will work
in a couple of software iterations.
More information about the samba
mailing list