-   Linux - Software (
-   -   Samba: Guest account unexaplained behavior (

ptemmerman 11-09-2009 05:05 PM

Samba: Guest account unexaplained behavior
Hi all,

I'm seeing something strange here on my Samba installation. Not that it's something critical, not at all, just out of curiousity.

I'm sharing a simple folder with Samba in a workgroup (no domain).
When I try to browse the shared resources of my Samba server (using \\smbserver_ip), I get asked to enter user credentials, which is rather strange as I'm not yet accessing a restricted resource.

Thus I thought, maybe I need to addd "guest ok = yes" to the global settings.

The man page says the following about "guest ok":

If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account.
That seems to be what I am looking for! Thus I make the change, restart Samba still asks username and password to list the available services.

Ok..maybe I need something more..what about "map to guest":

This parameter can take four different values, which tell smbd(8) what to do with user login requests that don't match a valid UNIX user in some way.
* Never - Means user login requests with an invalid password are rejected. This is the default.
* Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the guest account.

Ok, I guess I found the problem...The XP machine's user account is named "Administrator" and there is no administrator user in the Linux box, thus the default "map to guest" policy gets applied which is "never" - don't map to guest and show the login window (correct?)

So I thought, lets set map to guest to bad user. Restarted Samba and tried again and gues what...IT WORKED! I was able to browse the shares without having to enter a username/password.

Well, ok, so it seems that eventually the user gets mapped to guest when the used username does not exist. So in my case the used username was Administrator (as I suppose it uses the sessions username). This seems rather reasonable as I don't have the administrator's user account, not in Linux nor in Samba.

So I thought...let's fix the root of the problem...let's map the Administrator's username to the root's username (which does exist both in Linux and in Samba), and the problem should be fixed.
I created a file /etc/samba/smbusers with the following content:

root = administrator
and added to smb.conf the option (globally):

username map = /etc/samba/smbusers
I restarted Samba, tried again to browse my network share's on Samba asked for a username/password again ?!?!

So it seems "map to guest" does not work together with "username map" in my case.

If somebody could shed a light on this, I would really appreciate. I'm eager to understand what is happening


I tried something more as I realized my Windows Administrator's account did not have a password, and my root account (to which is it supposedly being mapped) does. So I changed my root pass to be empty and tried again, and this time it works. (I'm not being asked to enter credentials to list the available shares)

The combination is as follows:

map to guest = bad user
username map = /etc/samba/smbusers (maps administrator to root)

So it seems the problem was the password's not being equal.
Then I thought I could actually change map to user back to it's default: never.
I requote from the man page:

Never - Means user login requests with an invalid password are rejected. This is the default.
Thus, if I understand correctly, if my username and pass is OK (being sent automatically by windows when trying to browse the resource), then it should map to guest.

Restarted, tried and...failed again! I get asked to enter username and password.

The whole thing is that I want to be able to see which resources are actually shared, and it seems there is no logical combination, or I'm at least not seeing it.


SlackInstalled 11-17-2009 12:59 PM

Share without password in Samba
The following is the first part of my SMB.conf file

# Samba config file created using SWAT
# from (
# Date: 2008/07/13 20:22:18

workgroup = THUIS
server string = Samba
security = SHARE
encrypt passwords = No
printcap name = cups
preferred master = Yes

path = /windows
guest ok = Yes

comment = Gedeelde gegevens
path = /windows
read only = No
guest ok = Yes

By setting security = SHARE in the global section, my shares FTPDATA and data can be accessed over the network without that a username and/or password is needed.
I never combined this with protected shares, but as I understand from documentation, if you leave out guest ok = Yes for a share, then the share can only be accessed by a password (without username)
Googling for "Security = share samba" will give you some other articles


All times are GMT -5. The time now is 10:22 AM.