[Samba] SMB share access for machines which are not joined to the domain?

Goetz, Patrick G pgoetz at math.utexas.edu
Tue Jun 25 20:11:09 UTC 2019

On 6/25/19 12:56 PM, Rowland penny via samba wrote:
>> C:\Users\cns-dbr2717>net use * \\cns-bio-krak1.austin.utexas.edu\emtifs
>> /user:austin.utexas.edu\dbr2717
>> System error 1311 has occurred.
> First, what part of 'Red-hat doesn't support the use of sssd with Samba' 
> do you not understand ? ;-)

Hmmm, "support" and "works" are 2 different things.  We do have Samba 
4.8.3 working fine with sssd.

> You cannot run sssd and winbind on the same machine.

I don't understand why that would be, though.  This person appears to 
have it working, providing this comment:

"Please check the list archive for config examples. The main idea is to 
add idmap_sss to the Samba configuration to make sure winbind and SSSD 
use the same id-mapping, see man idmap_sss for details as well."  The 
very existence of idmap_sss calls the validity of your statement into 
question, doesn't it?

This URL includes an example, but -- disclaimer -- we were not able to 
get this working with the packaged versions shipped with CentOS 7.6.1810


> If you are running Samba >= 4.8.0 on an Unix domain member, you must run 
> winbind.

See above; we have a fully functionally smbd from 4.8.3 running without 

> The problem with using user from an unjoined machine is probably the 
> username. Every computer running Windows or Samba is a member of a 
> workgroup unless it is joined to a domain. This means that it will be 
> sending WORKGROUP\username and a domain member will be expecting 
> DOMAIN\username, so try connecting as DOMAIN\username.

But isn't DOMAIN\username exactly what I'm doing in the example provided 
at the top of this message?

> Rowland

More information about the samba mailing list