Mojave SMB file sharing authentication issues
I'm trying to set up SMB file sharing from one Mac running macOS Mojave to another. The serving Mac runs Server.app and an Open Directory master with Local Network Users. The client is bound to the master. The user accounts on the client are 'Mobile Accounts' except for the administrator account on each Mac.
I have a HFS+ volume on the computer that shares, which enabled me to separately test AFP and SMB sharing. AFP sharing of a folder on the HFS+ volume works (with registered user). SMB sharing of a folder on the APFS volume does not work. It looks like an authentication/configuration problem.
Looking on the serving side, I see this in log:
default 10:02:52.426557 +0100 smbd Server requires signing, but not auth-bound to Directory Service
default 10:02:52.427298 +0100 smbd Too many groups requested (2147483647). Can cause performance issues when network directories are involved
default 10:02:52.433288 +0100 smbd Too many groups requested (2147483647). Can cause performance issues when network directories are involved
default 10:02:52.448680 +0100 digest-service digest-request: uid=0
default 10:02:52.448713 +0100 digest-service digest-request: init request
default 10:02:52.452971 +0100 securityd found a non-proper sample, skipping...
default 10:02:52.468923 +0100 opendirectoryd Failed to talk to secd after 4 attempts.
default 10:02:52.472453 +0100 digest-service digest-request: init return domain: ALBUS server: ALBUS indomain was: <NULL>
default 10:02:52.472607 +0100 smbd Server requires signing, but not auth-bound to Directory Service
It does work when I set the "Windows File Sharing" flag for a user on. But that only is possible for Local Directory users not Local Network Directory users. I think I should be able to solve this by solving the smbd Server requires signing, but not auth-bound to Directory Service
issue. Or I must find to add the Local Network Directory users to "Windows File Sharing" (but given the lower security of that it is not what I would like).
I've done all the 'normal' things such as rebooting, turning services off and on again (and both), add specific access in Server.app (pf) for SMB and (S)LDAP and I'm now officially out of options.
The answer was here: https://support.apple.com/en-us/HT204021
If you use Directory Utility on the client to have an authenticated binding between the client machine and the server Open Directory, you can mount SMB shares.
There are other workarounds which are either less secure or have poor performance on writing. See the linked support article.