Can't connect to samba share from computers not joined to domain
 

I have a samba share setup as the following. When I browse to it from PC's added to my AD domain, they connect instantly. When i browse to it from a laptop that's not part of the domain, i get prompted for login credentials. what credentials should I be putting in? I can't seem to figure it out. or is it because i have the workgroup set to what my AD domain name is, and the laptops aren't part of that domain.

path = /data/photos
browseable = yes
force user = pictures
force group = picturesgroup
create mask = 0764
directory mask = 0776
writeable = yes
guest ok = yes
guest only = yes

you will need to be in the domain to gain access to the share, IIRC.

why though?

Hi,

Windows domains manages computer accounts and user accounts. To be part of a domain and have the possibility to access resources inside the domain it is required that your machine is member of the domain. Otherwise the machine by itself should be rejected. This is a security mechanism. Not sure if it is possible with valid login credentials of a domain user to connect to the share.

I understand domain memberships in a purely windows environment, and the security of domain memberships in general, but this linux server doesn't have a computer account in AD either, so its not part of the domain techincally.

Hye,

so the authentication is done local by the samba server? What does smb.conf parameter say?

Could you post your General section of your samba server's smb.conf file. One option is "Map to Guest = nobody" which maps and unauthenticated user to the "nobody" user. The `nobody' user in Linux is the `guest' user in Windows. Files created in your /data/photos/ directory will be owned by the Linux `nobody' user.

Whether this will work depends on the Security = setting. An unauthenticated user may still get a username and password request but will be allowed access if they just press enter if the share allows Guest access and you use the "Map to Guest" option to map the user to Guest.

See the manpage for smb.conf. It has more info than I have given. Also consider whether you want to allow unauthenticated users access. One solution would be to join the laptop to the domain.

security = share

workgroup = MyADDomain
server string = photos_samba
lock directory = /tmp/samba
log level = 1
log file = /tmp/samba/samba-logs/%m.log
;max log size = 50
security = share
null passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
getwd cache = yes
hide dot files = yes
interfaces = 10.1.2.3/23
local master = no
domain master = no

there's also a hosts allow in global, but i verified my IP is in there so i didn't post that with all my IPs

Security = Share is intended for old Win98 style networks. I'm surprised that AD members can sign on. It doesn't look like your server is really a domain member.

Since it isn't and you didn't indicate the passdb backend, the default is used. This used to be "passdb backend = smbpasswd" but for newer versions of samba the default is " passdb backend = tdbsam". You might try using the "smbpasswd" command to add the laptop user(s) to the tdbsam database (or the smbpasswd file).

Also post the output of:
ls -ld /data/photos

For the long term, I would recommend downloading the Samba 3 books from the samba website (or installing the samba_doc package for your distro if available) and read up on configuring the samba server to become a domain member. The regular samba package also supplies the "Using Samba" book (in html form).

Not sure ifyou have already tried this . But I think you need to add a samba user in the machine where you running samba .
smbpasswd -a <username> . this adds a user and changes their password . When youare trying to access the share . you have to enter this password .

but shouldn't it be forcing the user for that share so I don't need it? plus the guest options are enabled, so i'm really confused why i can't connect to it, even if i just type in guest for the username.