Configuring anonymous public shares with Samba 3

On the fileserver I run, I use samba to conveniently access my files. I like Samba. Also, I find that most popular online casinos like Daisyslots have embedded the same program software. I can mount it on any machine I run and access my files like it’s any other filesystem, but when it comes to sharing files to other (anonymous) users, Samba has to cope with some ugly Windows legacy. After all, Samba is just an open source implementation of SMB/CIFS which Windows calls “Windows File Sharing”. Let’s look at the differences and how to cope with them.

The Windows way

When a Windows client tries to access a share on a Windows server, it requests the given share using username and password of the current user on the client. The Windows server will then look for this username/password combination and if it exists, grants the user access to the share with the proper rights assigned. If it can’t find the username, it falls back to an anonymous user and grants access anyway (if this is policy).

How Samba handles it

This is where Samba differs. If set to security=user (which is a good idea anyway), when a user requests access to a share, it too looks up the credentials in a backend. However, if the user is unknown to the system, the default behaviour is to deny access. This is kind of unfriendly to Windows users, since they aren’t used to type in “guest” as a username and refuse to understand how to log in a way different from what they are used. This is how to set up your public shares to imitate Windows behaviour.

How to imitate Windows behavior using Samba

In my example, I’ve got one public share, on which I want to have full rights for myself and limited (read-only) access to all anonymous users. The name of the share will be “public”:

        comment = Public Shares
        browsable = yes
        path = /data/pub
        public = yes
        writable = no
        write list = dawuss
        guest ok = yes

This sets up a share named “public” which is shown when browsing the server to any user with rights to do so. You can see it is public, but not writable except for “dawuss” (which is me) and that it is ok for guests to login.

Next, we need to set up the guest access itself. In the global section:

        guest account = nobody

Which defines the account to use when authenticating guests. Don’t forget to create this user using

# smbpasswd -an nobody

This will create the user with no password.

Now we have a perfectly valid Samba setup with a public share, but every time a user wants to access this share as a guest, he will have to do so by logging in as “nobody”. To complete our setup and imitate Windows behaviour, add the following line to the smb.conf global section:

        map to guest = bad user

This maps any unknown username to the specified guest user, so login always succeeds.

We’re done! Remember, this will only work for unknown usernames. If an unhappy user called “pete” tries to login while there already exists a pete on the server with a different password, he will be denied access. This is normal behaviour when imitating Windows, so we’ll just have to live with that.

59 Responses to “Configuring anonymous public shares with Samba 3”

  1. If you wish for to take a good deal from this post
    then you have to apply these techniques to your won website.

    Have a look at my site :: travel blog sites

  2. Hi! This is kind of off topic but I need some help
    from an established blog. Is it very hard to set up
    your own blog? I’m not very techincal but I can figure things out pretty quick.
    I’m thinking about creating my own but I’m not sure where to begin. Do you have any ideas or
    suggestions? Many thanks

    My website – top credit repair companies

  3. Stunning quest there. What happened after? Take care!

    Take a look at my webpage how to install roof underlayment

  4. It’s in fact very complex in this full of activity life to listen news
    on TV, thus I just use internet for that reason, and obtain the latest news.

  5. Carina says:

    This is a great tip particularly to those fresh to
    the blogosphere. Short but very precise info… Thank you for sharing this one.
    A must read post!

  6. Hello my family member! I want to say that this post is awesome,
    great written and come with approximately
    all vital infos. I would like to see extra posts like this .

    Here is my web-site :: installing shingles on a roof

  7. I do not even understand how I finished up here, but I
    assumed this submit was once great. I don’t recognize
    who you’re however certainly you are going to a well-known blogger if you are not already.

    Feel free to surf to my web blog; live chat tv (

  8. Annabelle says:

    Today, I went to the beachfront with my children. I found
    a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.”
    She placed the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear.

    She never wants to go back! LoL I know this is completely off topic but I had to tell someone!

  9. Thank you, I have just been searching for info approximately this subject for a long
    time and yours is the best I’ve came upon till now.
    But, what in regards to the bottom line? Are you certain in regards to the source?

    Review my blog post party de noel estrie