Created attachment 15387 [details] Network trace If you have an AD server, a Windows client and a Linux client. Both clients have been joined to the domain but the Linux client configures smbd as a standalone client with a guest share, then a user from the Windows client is not able to connect to the guest share if he uses the fqdn of the Linux client running smbd. The Windows client tries to auth with SPNEGO/NTLMSSP and smbd fails to authenticate the user.
The problem seems to be the client, which doesn't accept the authentication to be downgraded to guest.
I've seen that there are Windows 10 clients which have RequireSecuritySignature set to 1, so they don't allow guest connections at all. However my Windows 10 client has set it to 0. https://blogs.technet.microsoft.com/josebda/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2/ Hmm.
(In reply to Andreas Schneider from comment #0) How can a Linux Samba client be joined to a domain and also be configured as a a standalone server ? A Linux domain member will have (amongst other lines) 'security = ADS' a standalone server will have 'security = user' or 'server role = standalone server' You cannot use both, it might also help if you posted the smb.conf