I have to set a registry key on all Windows 10 clients since the Windows 10 1709 update, because MS disabled the guest account access by default superuser MS TechJourney:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:00000001
MS recommends:
The recommended solution is to add an explicit account and password on your NAS device […]
I have this set up. To access the shares on the samba server you have to type username and pw, but w/o setting the above registry key, the client PC cannot even list the available file shares on the samba server. What is wrong in my configuration?
[global]
workgroup = <censored>
server string = <censored>
interfaces = lo enp3s0 <censored>/25
bind interfaces only = yes
hosts allow = 127. <censored>
allow insecure wide links = yes
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
# Standalone Server Options
security = user
passdb backend = tdbsam
map to guest = Bad User
guest account = nobody
smb encrypt = auto
# Browser Control Options
local master = yes
os level = 255
preferred master = yes
domain master = yes
# Name Resolution
wins support = yes
# Share Definitions
[home]
comment = <censored>
path = /home
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 0770
veto files = /lost+found/pub/user/backupbot/
[public]
comment = <censored>
path = /home/pub/
public = no
browseable = yes
writable = yes
create mode = 0660
directory mode = 2770
veto files = /TempDrive/Papierkorb/
inherit permissions = Yes
# allow access from public to media/extra/Software
follow symlinks = yes
wide links = yes
Best Answer
Solution:
The problem was
samba.org says
After disabling map to guest (which means the default "map to guest = Never" is used) Windows 10 (1709+) client machines can connect, also I do not completely understand why. Please comment if you can explain this.