I just upgraded Ubuntu server to 14.04 which took samba up to 4.1.6. My public share (local home network so not worried about security so much as family getting to files simply and anonymously), has stopped working, i.e. it will now ask for username and password.
when I run testparm I get:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = HOHWORKGROUP
server string = firewig
interfaces = eth1, 127.0.0.0/8, 192.168.10.0/24
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = lmhosts, wins, bcast, host
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
valid users = nobody
[share]
comment = share
path = /srv/samba/share/
force user = nobody
force group = nogroup
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
guest ok = Yes
I can not seem to get my windows (W7) machine to be able to anonymously access the share. Not sure what is wrong with my config here.
Best Answer
You have to be careful about the options.
valid users=nobody
, for example, does not mean that the usernobody
is allowed log in. It means that no other user butnobody
can log in.Since you are obviously fine to allow guest access, just remove
valid users=nobody
from the global section.Furthermore, while you have correctly set
map to guest = bad user
, you also have to check which user takes the role ofguest
on your system. Apparently, you have just assumed it'snobody
but that's not necessarily the case. If you are not sure, you can specify it manually withguest account = nobody
. Needless to say,nobody
has to exist on your system!Next, you need to make sure that the share has the respective POSIX permissions for
nobody
. For example, if your file permissions allownobody
to read the files in the share but not to modify them, then thewriteable
option insmb.conf
is not going to override that.Now we get to the share portion of your smb.conf, we can make this a lot simpler. If you wish to map all actions to the guest account, you don't need to use
force user
andforce group
. Just use the parameterguest only = yes
instead. Together withguest ok = yes
this will have the effect that all connections will be mapped to the correct guest account, in our casenobody
.Result (for full guest access):