This is controlled with the "security" setting (see smb.conf) and a few others.
map to guest
This parameter can take four different values, which tell smbd(8)
what to do with user login requests that don't match a valid UNIX
user in some way.
Quote:
Sections may be designated guest services, in which case no password is
required to access them. A specified UNIX guest account is used to
define access privileges in this case.
Sections other than guest services will require a password to access
them. The client provides the username. As older clients only provide
passwords and not usernames, you may specify a list of usernames to
check against the password using the user = option in the share defini-
tion. For modern clients such as Windows 95/98/ME/NT/2000, this should
not be necessary.
The access rights granted by the server are masked by the access rights
granted to the specified or guest UNIX user by the host system. The
server does not grant more access than the host system grants.
|
The basic point I think is, on Samba you get to see exactly what the admin wanted you to see, while on Windows it's (sometimes) a surprise. IMO, I think too much has been made of the so-called NULL sessions. In some cases it is required for correct functioning of the system. You have to look at the context of where you are serving SMB/CIFS to: your local intranet or the Internet at large? Then, select the security model and corresponding config options that grant you what you need.
See smb.conf(5), Samba3-ByExample.pdf, and Samba3-HOWTO.pdf (all in the Samba distribution) for full config instructions.