Samba/how-to/guest logins

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< Samba‎ | how-to
Jump to navigation Jump to search

How to configure Samba for "guest" logins

As most home operating systems are now moving towards requiring users to have login accounts, this is becoming less necessary – but it is still useful under some circumstances (such as wanting to give access to Win9x machines with the login dialogue bypassed).

Step 1 – adjust the configuration for smb.conf

In the [global] section: 

guest account = <guestuser>
guest ok = yes
security = share

...where <guestuser> should be a standard Linux user (typically "sambaguest") who has the necessary permissions on the target system for whatever sort of access you want to grant through the share. If the user doesn't have the correct permissions, client machines will probably be able to see the share but not to access anything inside it. Check /var/log/samba/ for log files which may help trace problems (the actual log filespecs are defined by the "log file =" parameter in smb.conf).

The following settings have not been tested successfully and aren't actually necessary, but can apparently be helpful if there are permissions conflicts (e.g. files created by <guestuser> can't be written or deleted by anyone else): 

force group = <browsegroup>
force create mode = 0060
create mask = 0775

...where {[arg|browsegroup}} is the groupname for users who should have access to shared stuff; I usually use "lanusers". "force group" may be unnecessary if <guestuser> is created as a member of <browsegroup> instead of its own private group: 

sudo adduser --ingroup <browsegroup> --no-create-home <guestuser>

After editing and saving smb.conf. restart the Samba daemon for changes to take effect. Note for the future: it may actually be a better idea to leave off the --no-create-home option, because the <guestuser>'s home directory actually makes a very sensible place for folders to be shared from.

Step 2 – edit smbusers file

Make sure the smbusers file exists, and has the <guestuser> account (typically "sambaguest") in it. The smbusers file lets you map {whatever login names remote systems (including Windows systems) might send} to the <guestuser> account, so such connections can be recognized as valid guest connections.

Step 3 – check system account for <guestuser>

Make sure the Linux system has a user account for <guestuser>, and give that account any necessary access privileges.

A bit of explanation: The "guest account" setting is the filesystem user which the Samba server uses for accessing files on its host system, regardless of what username is sent by remote systems. Files created on the Samba server using a "guest" connection will be owned by <guestuser> and <guestuser>'s primary group. If the "force group" setting is used, then the group ownership for those files will instead be <browsegroup>.

The actual names for <guestuser> and <browsegroup> are arbitrary; "sambaguest" and "lanusers" seem to work fine.

Retrieved from "https://htyp.org/mw/index.php?title=Samba/how-to/guest_logins&oldid=24014"