[Samba] Can Samba “security = user” be used for guest share without a Windows login prompt?

Kenton Tofte kentontofte at gmail.com
Thu Dec 9 22:08:02 MST 2010

Hello, I hope this is not a dumb question, but I just need some clarification.

I am trying to set up an Ubuntu Samba share for a lab with Windows
computers (Vista and XP). I have two shares that are supposed to
require authentication and one that is supposed to a public share with
no login. I understand from reading the smb.conf manual that "security
= user" makes Windows authenticate before accessing a share, whereas
"security = share" authenticates on a share-by-share basis. The latter
option sounds closest to what I am trying to achieve, but I have also
read that it is not a secure setting. So my question is, is "security
= share" really insecure (especially in a somewhat "safe"
environment), and if it is, is it possible to have a guest share under
"security = user" that does not make Windows ask for login

Here's my smb.conf for reference :


    workgroup = hsbclib
    server string = %h server (Samba, Ubuntu)
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    usershare allow guests = yes
    security = user
    guest ok = yes
    guest account = publicuser
    username map = /etc/samba/smbusers


    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    create mask = 0700


    comment = Printer Drivers
    path = /var/lib/samba/printers


    path = /srv/smb/mabusclass
    writeable = yes
    valid users = magus, mabusclass


    path = /srv/smb/yearbook
    writeable = yes
    valid users = yearbook


    comment = Free Public Storage
    path = /srv/smb/public
    writeable = yes
    guest ok = yes

Many thanks in advance!

More information about the samba mailing list