[Samba] SMB share access for machines which are not joined to the domain?

Gregory Sloop gregs at sloop.net
Tue Jun 25 17:57:51 UTC 2019 

Hmmm...

Use the netbios name, instead of a FQDN, perhaps?
i.e.: \\cns-bio-krak1\emtifs 
[I'm assuming the NB name. If I'm wrong, correct it.]

I know I've done this with Windows DC shares, and I'm 99% certain I've done it with FreeNAS acting as a domain member. [Samba domain member.] 

I haven't done it with 18.04 / 4.7.6 - but can't see why it should be different. 

[Though I admit it's been a while, and I'm not sure of the syntax I used. But I'm quite sure I've mapped drives this way, without having to join the domain. You won't get GPO or lots of other "goodies" that domain membership gives, but you should be able to get to the SMB shares.]

-Greg



GPGvs> On 6/25/19 11:21 AM, Gregory Sloop via samba wrote:
>> You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain.
>> Something like - Connect as: User: "somedomain\pat" with Pat's password.



GPGvs> When we try this from a machine that is not connected to the domain, 
GPGvs> authentication fails:


GPGvs> C:\Users\cns-dbr2717>net use *
GPGvs> \\cns-bio-krak1.austin.utexas.edu\emtifs 
GPGvs> /user:austin.utexas.edu\dbr2717
GPGvs> System error 1311 has occurred.

GPGvs> We can't sign you in with this credential because your domain isn't 
GPGvs> available. Make sure your device is connected to your organization's 
GPGvs> network and try again. If you previously signed in on this device with
GPGvs> another credential, you can sign in with that credential.

GPGvs> We experimented, switching between

GPGvs>      security = ADS
GPGvs> and
GPGvs>      security = user

GPGvs> This doesn't seem to matter for domain users connecting from a domain 
GPGvs> host, but neither work for a domain user connecting from a non-domain 
GPGvs> host.  Connecting to a Windows SMB server, this does work.

GPGvs> Some information found online seems to suggest that this (domain user,
GPGvs> non-domain host) *would* work if we were running winbind, but Rowland 
GPGvs> seems to suggest this isn't the case, either.  In theory it should be 
GPGvs> possible to run sssd and winbind on the SMB server, but we put some 
GPGvs> minimal effort into this and couldn't get it to work.  Likely will work
GPGvs> in a couple of software iterations.





-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs at sloop.net
http://www.sloop.net
---

More information about the samba mailing list