[Samba] Unable to Login as Guest to Protected Share

Rowland Penny rpenny at samba.org
Tue Aug 10 15:46:39 UTC 2021 

On Tue, 2021-08-10 at 09:41 -0500, Mckenzie Ebert via samba wrote:
> *> Is it possible for you to post the smb.conf ?
> *
> 
> Here is my copy of the smb.conf I am currently using:
> 
> [global]
>     map to guest = Bad User
>     log file = /var/log/samba/%m
>     log level = 1
>     printcap name = /dev/null
> 
>     # Buffer sizes from testing done here:
> https://ubuntuforums.org/archive/index.php/t-2279604.html
>     # For us, we didn't need to go as high to max out the connection
>     socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
> IPTOS_LOWDELAY
> 
>     unix extensions = no
>     wide links = yes
>     follow symlinks = yes
> 
>     # Disable asyncronous I/O that was causing NVME Queue timeouts
>     # on Lexar SSD systems
>     aio read size = 0
>     aio write size = 0
> 
>     # Improves send speed drastically
>     use sendfile = yes
> 
>     # Ensures proper security and authentication
>     security = user
>     # Stores username and guest name information
>     username map = /etc/samba/usermap.txt
> 
> [sdcard]
>     # This share allows anonymous (guest) access
>     # without authentication!
>     path = /path/to/sdcard/
>     read only = no
>     writeable = yes

'read only' is an inverted synonym for 'writeable', or to put it
another way, you do not need both, as set, they do the same thing.

>     public = yes
>     guest ok = yes

'public' is a synonym for 'guest ok', you do not need both.

>     valid user = nobody,UserName

And here is what is probably causing your problem: it is 'valid users',
not 'valid user'.

> 	
> 
> [data]
>     # This share allows anonymous (guest) access
>     # without authentication!
>     path = /path/to/data/
>     wide links = yes
>     follow symlinks = yes
>     read only = no
>     writeable = yes
>     public = yes
>     guest ok = yes
>     valid user = nobody,UserName
> 
> 
> The username map file has the following:
> 
> UserName = UserName
> nobody = *

I take that the left 'Username' is a local Samba user and the right
'Username' is an external user (NOTE: you may have to use a DOMAIN here
e.g. DOMAIN\Username). You also need to remove 'nobody' from the
username map. If an unknown user connects, then the user is
automatically mapped to the Unix user 'nobody' and allowed access to
shares with either 'public = yes' or 'guest ok = yes' in the config,
provided 'map to guest = bad user' is in global.

Rowland

More information about the samba mailing list