password protected samba share
I would like to have a few samba shares. Some of them should be available to everybody (this is already working) and some of them should be protected with a password (and username). For the password protected folders I created a new user, gave him a samba password and wrote his name under valid users = in my share. These were the commands:
useradd joe passwd joe smbpasswd -a joe valid users = vivek raj joe I followed this little guide: Samba Add a User. But it looks like it’s not working, Windows 7 always tells me that the password is wrong. Here is my samba config file:
[global] server string = bananapi workgroup = WORKGROUP netbios name = %h security = user guest account = root socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 smb ports = 445 max protocol = SMB2 min receivefile size = 16384 deadtime = 30 os level = 20 mangled names = no syslog only = yes syslog = 2 name resolve order = lmhosts wins bcast host preferred master = auto domain master = auto local master = yes printcap name = /dev/null load printers = no browseable = yes writeable = yes printable = no encrypt passwords = true enable core files = no passdb backend = smbpasswd smb encrypt = disabled use sendfile = yes # Using the following configurations as a template allows you to add # writable shares of disks and paths under /storage [Share] path = /storage/share available = yes browsable = yes public = yes writable = yes root preexec = mkdir -p /storage/share [username] path = /storage/username available = yes browsable = yes public = no writable = yes valid users = joe root preexec = mkdir -p /storage/username Please edit your question and explain what you did. First because most people won’t be willing to go read an external link to try and understand what you’ve done and second so we can see what you actually did.
Thanks for the edit. Please edit again and tell us where exactly you added the valid users line. If it’s in your samba config file, edit the file to show it.
No, what you have there is valid users = username . We need to see exactly what you have in your file.
3 Answers 3
you can configure a share using guest ok = yes to allow access to guest users.
This works only when using share-level security
when needing info on something, consider going to the source rather than some other website, here is the table of contents to samba: https://www.samba.org/samba/docs/using_samba/toc.html
which is the most restrictive, and for anyone from a Microsoft Windows system to even access any samba share from your linux system they will need to either have or know an account on that linux system, and then know the password.
part of my smb.conf is this
[global] workgroup = WORKGROUP passdb backend = tdbsam security=user map to guest = Bad User # map to guest = nobody usershare allow guests = No server signing = auto similiar to yours, the above will cause anyone on a windows system who does not have an account on the linux system to never connect, microsoft windows will respond with cannot access \\whatever_server_you_typed. This is because Map to Guest = Bad User where «Bad User» does not exist on the linux system as a user account, it is also syntactically invalid because it has a space.
Using Map to Guest = nobody where nobody however is a valid linux account will result in microsoft windows prompting for a username and password, and this will happen when the given username from microsoft windows is not also a username on the linux system running samba-server.
If you choose this method under Security = User you can use the method i described above to potentially satisfy your security needs. Otherwise you would need to do security = share to accomplish what you initially asked to do- where anyone on the network can access a specific folder without being prompted for a password.
For Security the choices are User, Share, Server, and Domain. The samba help documents will describe what functionality is and is not available under each.
And I recommend you undo the guest account = root
I did not track down the guest account = option in the help docs, I assume it is the same as Map to Guest (just like the Public option is really Guest OK = yes ) and for obvious security implications you don’t want to map some unknown user to the root account.