SAMBA 4.1.6 create public share

samba4

I just upgraded Ubuntu server to 14.04 which took samba up to 4.1.6. My public share (local home network so not worried about security so much as family getting to files simply and anonymously), has stopped working, i.e. it will now ask for username and password.

when I run testparm I get:

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = HOHWORKGROUP
        server string = firewig
        interfaces = eth1, 127.0.0.0/8, 192.168.10.0/24
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = lmhosts, wins, bcast, host
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap config * : backend = tdb
        valid users = nobody

[share]
        comment = share
        path = /srv/samba/share/
        force user = nobody
        force group = nogroup
        read only = No
        create mask = 0777
        force create mode = 0777
        directory mask = 0777
        force directory mode = 0777
        guest ok = Yes

I can not seem to get my windows (W7) machine to be able to anonymously access the share. Not sure what is wrong with my config here.

Best Answer

You have to be careful about the options.

valid users=nobody, for example, does not mean that the user nobody is allowed log in. It means that no other user but nobody can log in.

Since you are obviously fine to allow guest access, just remove valid users=nobody from the global section.

Furthermore, while you have correctly set map to guest = bad user, you also have to check which user takes the role of guest on your system. Apparently, you have just assumed it's nobody but that's not necessarily the case. If you are not sure, you can specify it manually with guest account = nobody. Needless to say, nobody has to exist on your system!

Next, you need to make sure that the share has the respective POSIX permissions for nobody. For example, if your file permissions allow nobody to read the files in the share but not to modify them, then the writeable option in smb.conf is not going to override that.

Now we get to the share portion of your smb.conf, we can make this a lot simpler. If you wish to map all actions to the guest account, you don't need to use force user and force group. Just use the parameter guest only = yes instead. Together with guest ok = yes this will have the effect that all connections will be mapped to the correct guest account, in our case nobody.

Result (for full guest access): 

# chmod -R a+rwX /srv/samba/share

/etc/samba/smb.conf
-------------------
[global]
  guest account = nobody
  map to guest = bad user

[share]
  path = /srv/samba/share
  writeable = yes
  guest ok = yes
  guest only = yes
Related Topic