Hello,
I have both RHEL 8 and 9 file servers that are authenticated to IPA and setup to export samba shares using the "Samba on an IdM domain member" method. I can access these shares via smb:// on macOS without issue. When I try to access them via Windows 10 or 11, it will prompt for credentials and then reject them. The windows machines are setup standalone, no domain, no AD. I'm only trying to access the share, via //192.XXX.XXX.XX.
Below is my samba config. Any help would be greatly appreciated.
[global] # Limit number of forked processes to avoid SMBLoris attack max smbd processes = 1000 # Use dedicated Samba keytab. The key there must be synchronized # with Samba tdb databases or nothing will work dedicated keytab file = FILE:/etc/samba/samba.keytab kerberos method = dedicated keytab # Set up logging per machine and Samba process log file = /var/log/samba/log.%m log level = 1 # We force 'member server' role to allow winbind automatically # discover what is supported by the domain controller side server role = member server realm = XXX.LOCAL netbios name = NAS02 workgroup = XXX # Local writable range for IDs not coming from IPA or trusted domains idmap config * : range = 0 - 0 idmap config * : backend = tdb
idmap config XXX : range = 540600000 - 540799999 idmap config XXX : backend = sss
#Additional sutff for macOS #min protocol = SMB2 vfs objects = fruit streams_xattr ea support = yes fruit:metadata = stream fruit:nfs_aces = no fruit:aapl = yes fruit:model = MacSamba fruit:posix_rename = yes #fruit:veto_appledouble = no #fruit:zero_file_id = yes #fruit:wipe_intentionally_left_blank_rfork = yes #fruit:delete_empty_adfiles = yes
[nas02] path = /mnt/nas02/active browseable = yes read only = no inherit acls = yes inherit permissions = yes