Mojave SMB file sharing authentication issues

I'm trying to set up SMB file sharing from one Mac running macOS Mojave to another. The serving Mac runs Server.app and an Open Directory master with Local Network Users. The client is bound to the master. The user accounts on the client are 'Mobile Accounts' except for the administrator account on each Mac.

I have a HFS+ volume on the computer that shares, which enabled me to separately test AFP and SMB sharing. AFP sharing of a folder on the HFS+ volume works (with registered user). SMB sharing of a folder on the APFS volume does not work. It looks like an authentication/configuration problem.

Looking on the serving side, I see this in log:

default 10:02:52.426557 +0100   smbd    Server requires signing, but not auth-bound to Directory Service
default 10:02:52.427298 +0100   smbd    Too many groups requested (2147483647).  Can cause performance issues when network directories are involved
default 10:02:52.433288 +0100   smbd    Too many groups requested (2147483647).  Can cause performance issues when network directories are involved
default 10:02:52.448680 +0100   digest-service  digest-request: uid=0
default 10:02:52.448713 +0100   digest-service  digest-request: init request
default 10:02:52.452971 +0100   securityd   found a non-proper sample, skipping...
default 10:02:52.468923 +0100   opendirectoryd  Failed to talk to secd after 4 attempts.
default 10:02:52.472453 +0100   digest-service  digest-request: init return domain: ALBUS server: ALBUS indomain was: <NULL>
default 10:02:52.472607 +0100   smbd    Server requires signing, but not auth-bound to Directory Service

It does work when I set the "Windows File Sharing" flag for a user on. But that only is possible for Local Directory users not Local Network Directory users. I think I should be able to solve this by solving the smbd Server requires signing, but not auth-bound to Directory Service issue. Or I must find to add the Local Network Directory users to "Windows File Sharing" (but given the lower security of that it is not what I would like).

I've done all the 'normal' things such as rebooting, turning services off and on again (and both), add specific access in Server.app (pf) for SMB and (S)LDAP and I'm now officially out of options.


The answer was here: https://support.apple.com/en-us/HT204021

If you use Directory Utility on the client to have an authenticated binding between the client machine and the server Open Directory, you can mount SMB shares.

There are other workarounds which are either less secure or have poor performance on writing. See the linked support article.