How to have a guest share on Samba without resorting to the deprecated "security = share" configuration.
This is a regular query on the Samba mailing list. When it comes to "security = share" just say no!In a nutshell you need:
- A username map file.
- A valid 'nix "guest" user mapped to the Windows guest account ("nobody" in most distros).
- Proper smb.conf configuration.
In smbusers:
nobody = guest
In smb.conf:
[global]
...
security = user
Map to guest = Bad User
username map = /etc/samba/smbusers
...
-- no 'valid users =' line -- (means don't use a "valid user = " entry)
[theshare]
...
guest ok = yes
-- no 'valid users =' line --
...
not working on my Samba 3.5 in ddwrt.
ReplyDeleteHas worked on every Samba install I've seen for years - but they have all been on "standard" Linux distros. I have a version of ddwrt running on an AP but it doesn't have the memory to run Samba. It's possible the available Samba packages for ddwrt are crippled in some way to reduce their memory footprint.
ReplyDeleteFound this: DD-WRT does not include user nobody (I did mention that you need a valid 'nix guest user to map to) at startup (user nobody is the Linux default for "guest").
ReplyDeletehttp://www.dd-wrt.com/wiki/index.php/Optware
THANK YOU!!!!
ReplyDeletei'm still being prompted for a password for my public share below is the contents of my smb file. any ideas??
ReplyDelete[global]
netbios name = STORA
workgroup = WORKGROUP
server string = Stora
#netbios aliases = STORA2
security = user
#security = share
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
use sendfile = yes
username map = /etc/samba/smbusers
guest account = nobody
printcap name = cups
dns proxy = no
browseable = yes
Map to guest = Bad User
domain master = no
local master = yes
preferred master = yes
os level = 2
unix charset = UTF8
mangled names = no
[Public]
comment = Stora (Public)
browseable = yes
writable = yes
path = /home/public
guest ok = yes
public = yes
my smbusers file shows nobody = guest
@Rob
ReplyDeleteNothing jumping out at me here.
Although removing the the "public = yes" from your share is a good idea as it is just a synonym for "guest ok = yes", which you already have.
You may want to read the man file regarding "preferred master = yes" - maybe not a great idea to set that, and the same for "mangled names = no". Also "browseable = yes" is a default and no need to place it in the global section. When troubleshooting simplify using defaults.
Always do a "testparm" to make sure your smb.conf shows no errors and that the values assigned to the parameters are what you expect.
Do double check that "nobody" is an actual user on your system. I get this:
# grep 'nobody' /etc/passwd
nobody:x:65534:65534:nobody:/:/bin/false
Chris
its still not working but thanks for your help
ReplyDelete@Rob
ReplyDeleteSorry about that - I've never had an install where it didn't work. Maybe something else in your configuration. Did you post your complete smb.conf?
Maybe you're already connected as another user. Try running:
net use * /delete /yes
in a command prompt first.
Also try setting:
guest only = yes
in your share. Then you should get a credentials box (unless you're logged as guest - which isn't normal as that account is typically left disabled) requiring you to supply "guest" as the username.
Another thing to check: make sure you didn't actually create a user named guest in Samba:
pdbedit -L
should not list a user named guest.
Something i should probably mention is i am using netgears stora for this which has a version of samba but i dont have the commands like pdbedit or testparm but i do have most of the other commands and i have sudo access so thats how i make the changes.
ReplyDeletei tried the above and none of it worked including the guest account which i enabled since that didnt work i tried the administrator account which i enabled and that worked like it was supposed to which got me to thinking so i created a admin account (which was listed in the smbusers file. the other accounts that were listed as well but were under the nobody = guest pcguest didnt work even though i created them inside windows. however anything that was listed as being under root = administrator , admin, and any other id i put in there saw the public folder fine. just not the people listed for nobody = which is just fine.
testparm can't parse this line:
ReplyDelete-- no 'valid users =' line --
Using Ubuntu 11.04 Server everything is up2date
Doesn't work from Windows 7 client.
ReplyDeleteSeems to work for windows 7 after all, just make sure the username you use on the windows machine doesn't match any linux username.
ReplyDeleteIt does however still give me username/password popup. When I just enter some crap as password, it connects as guest.
Glad I saw your note regarding the username. I had to deluser AND delgroup before samba stopped prompting for password on my writable guest share (on debian squeeze).
Delete