[Samba] How does the "guest account" param work?

Kyle kl at attitia.com
Thu Oct 16 06:28:33 GMT 2008 

smb.conf states "This user must exist in the passwd file, but does not 
require a valid login"

What exactly does this mean? As I understand it, adding a user with 
'smbpasswd -a nobody' automatically gives it a valid login.

My reasons for asking are;

I added myself to passdb.tdb with my passwd.
I added the 'nobody' user to passdb.tdb with no passwd.
I then logged in to an XP host which has a user account for me, but no 
passwd.
I couldn't browse the workgroup, but could log on to the samba host 
directly via UNC. E.g. \\<samba-host> with user:'nobody' - pass: <empty>

Only problem with that is that a home dir appeared for 'nobody' which 
happened to be the '/' (root) dir.  NOT good!

Surely, it shouldn't do that?

So then I tried with 'guest account = guest'
Deleted the 'nobody' user from passdb.tdb
I created a /home/guest dir and added and enabled 'guest' to the 
passdb.tdb.

This then lets me only log on to the [public] share. However, if I click 
the 'Up' button on the XP host's file manager (Explorer), I can get back 
up to the root of the host directly (i.e. \\<samba-host> ) and suddenly 
see both the [public] share and the guest home dir.

If there are 'guest ok = Yes' defined shares, then I would expect to 
still be able to browse the workgroup and see available shares on the 
samba host, albeit only those 'guest ok' defined shares. And I certainly 
wouldn't expect to see any home dir for a limited user.


Using the following setup;

[global]
        workgroup = HOME
        server string =
        domain master = Yes
        interfaces = lo, eth1
        bind interfaces only = Yes
        os level = 95
        security = user
        passdb backend = tdbsam
        guest account = guest
        unix password sync = Yes
        passwd program = /usr/bin/userpasswd %u
        passwd chat = *password:* %n\n *password:* %n\n *successfully.*
        restrict anonymous = 2

[homes]
        valid users = %S
        read only = No
        browseable = No

[public]
        comment = Public Shared
        path = /home/shares/pub
        read only = No
        guest ok = Yes



-- 
------------------------------------------------------------------------
Kind Regards

Kyle

More information about the samba mailing list