[Freeipa-users] Re: Can't access share SMB from Windows but can on macOS.

On Apr 28, 2023, at 12:45 AM, Alexander Bokovoy <abokovoy(a)redhat.com&gt; wrote: On pe, 28 huhti 2023, Alan Latteri via FreeIPA-users wrote: > Hello, > > I have both RHEL 8 and 9 file servers that are authenticated to IPA and > setup to export samba shares using the "Samba on an IdM domain member" > method. I can access these shares via smb:// on macOS without issue. > When I try to access them via Windows 10 or 11, it will prompt for > credentials and then reject them. The windows machines are setup > standalone, no domain, no AD. I'm only trying to access the share, via > //192.XXX.XXX.XX. Only Kerberos authentication is supported in such setup. Access over IP address will not be successful because there is no Kerberos service principal named after the IP address, so Windows will not be able to obtain a Kerberos service ticket and will fallback to use of NTLMSSP which will fail. Did you try using //nas02.xxx.local ? Also, while Windows would default to Kerberos and then fallback to NTLMSSP, if that machine is not in a domain trusted by IPA, its operations will pretty much be limited and may not be working. This is an unsupported setup. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland