I have a Samba 4 domain controller (Ubuntu 18.04) (ad.domain.local) and a member server as a file server. I can access the file server share (fs.domain.local) from domain members without problems, but I also want it to be accessible from non domain member accounts. When I am connected with a local user on my Windows 10 machine and I want to access \ fs, my access is denied. What do I need to change for this to work? Thank you.
In log.smbd, I receive the following messages:
(2020/02/25 14:34:46.940399, 0) ../source3/auth/auth_domain.c:122(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine AD.DOMAIN.LOCAL. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. (2020/02/25 14:34:46.940909, 0) ../source3/auth/auth_domain.c:185(domain_client_validate) domain_client_validate: Domain password server not available.
smb.conf from fs.domain.local:
(global) workgroup = DOMAIN client signing = auto client use spnego = yes kerberos method = secrets and keytab realm = DOMAIN.LOCAL security = ads username map = /etc/samba/user.map vfs objects = acl_xattr map acl inherit = yes # the next line is only required on Samba versions less than 4.9.0 store dos attributes = yes allow trusted domains = yes (share) path = /data/share read only = no
smb.conf from ad.domain.local
# Global parameters (global) dns forwarder = 192.168.1.1 netbios name = AD realm = DOMAIN.LOCAL server role = active directory domain controller workgroup = DOMAIN idmap_ldb:use rfc2307 = yes username map = /etc/samba/user.map vfs objects = acl_xattr map acl inherit = yes # the next line is only required on Samba versions less than 4.9.0 store dos attributes = yes (netlogon) path = /var/lib/samba/sysvol/domain.local/scripts read only = No (sysvol) path = /var/lib/samba/sysvol read only = No