[Samba] anonymous samba server with unauthenticated guest access policy
Michael Tokarev
mjt at tls.msk.ru
Wed Sep 27 15:58:13 UTC 2023
27.09.2023 13:09, Rowland Penny via samba :
> On Wed, 27 Sep 2023 12:56:19 +0300
> Michael Tokarev via samba <samba at lists.samba.org> wrote:
>
>> 27.09.2023 12:38, Rowland Penny via samba:
>>> On Wed, 27 Sep 2023 11:39:00 +0300
>>> Michael Tokarev via samba <samba at lists.samba.org> wrote:
>>>
>>>> Hi!
>>>>
>>>> What's the best way to have an anonymous samba server (with
>>>> read-only shares only, users can't modify anything) with todays
>>>> windows which block unauthenticated guest access by default and
>>>> require signing?
>>>>
>>>> Is the only solution (besides unblocking which is not nice) is to
>>>> add this server to the domain in question?
>>
>>> Hi Michael, it is my understanding that if it is the Windows machine
>>> that has guest access turned off, then there is nothing that Samba
>>> can do to re-enable it, so you must use authenticated users.
>>
>> Heh. It's as good answer as useless. But ok :)
>
> No, it isn't useless, it is a fact. If guest access is turned off on a
> Windows machine (currently win10 pro and up, I believe), then nothing
> you can do on or with a Samba server will turn it back on again, you
> have to turn it on again in Windows.
>
> You can run Samba as a standalone server, AD DC, Domain member etc and
> have all the required guest parameters set correctly and you still will
> not get anonymous access from a Windows machine if it is turned off on
> the Windows machine.
Rowland, are we using the same language?
Or maybe you just don't understand what I'm asking about? (from the "win10
pro and up" I believe you do understand.)
Just to clarify: windows refuses to connect to a (samba) server which
does not have authentication turned on, which allows "unauthenticated
guest access". This is a windows _client_ settings.
What I'm asking is how to turn "unauthenticated" server into something
to which modern win is "more friendly".
This is a question exactly about the samba _server_ not about client,
it is entirely a server thing, - how to become a fried to current win.
/mjt
More information about the samba
mailing list