[Samba] Samba Share with user and no password

Rowland penny rpenny at samba.org
Fri Sep 6 10:14:42 UTC 2019

On 06/09/2019 10:57, basti via samba wrote:
> On 05.09.19 16:14, Rowland penny via samba wrote:
>> try adding 'null passwords = yes' to your smb.conf.
> I have try. but can't connect (NT_STATUS_CONNECTION_RESET).
> Log append.
> Config:
> [global]
>     workgroup = workgroup
>     dns proxy = no
>     log file = /var/log/samba/log.%m
>     max log size = 5000
>     log level = 3 passdb:5 auth:5
>     syslog = 0
>     panic action = /usr/share/samba/panic-action %d
>     server role = standalone server
>     passdb backend = tdbsam
>     unix password sync = yes
>     passwd program = /usr/bin/passwd %u
>     passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>     pam password change = yes
>     map to guest = bad user
>     usershare allow guests = yes
>     printcap name = none
>     preferred master = No
>     local master = No
>     domain master = No
> # shares
> # all shares has "guest ok = yes"
> ...

For guest access to work, you need three things:

'map to guest = yes' set in global

'guest ok = yes' set in the share that you want guest access to

The user must be unknown to Samba

You have the first two, but what about the last one ?

Basically the way it works is this:

A user connects to Samba, if the user is known and has the correct 
password, access is allowed to Samba, but if it is an unknown user, the 
user is mapped to the guest user (usually 'nobody') and is allowed 
access to Samba.

Now that the user is authenticated, it attempts to access a share. If it 
is a known user, it will be allowed access to all shares unless access 
is explicitly denied to a share for that user. If it is an unknown user, 
then access will only be allowed to shares that have 'guest ok = yes' 
set and any files and directories created in the share will belong to 
the guest user.


More information about the samba mailing list