share samba drive with windows without having to allow guest access
I am trying to set up a simple samba share between my raspberry pi and my windows 10. This is my config:
[global]
min protocol = SMB2
workgroup = WORKGROUP
wins support = no
dns proxy = no
guest account = nobody
interfaces = 127.0.0.1, 192.168.2.0/24
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.2.0/24
hosts deny = 0.0.0.0/0
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
pam password change = yes
encrypt passwords = yes
map to guest = never
usershare allow guests = no
auto services = pi
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[pi]
comment = pi samba share
path = /home/shares/pi
browseable = yes
writeable = true
admin users = pi
public = no
valid users = pi
hide dot files = no
In order for this to work, I had to follow this article Guest access in SMB2 to change the registry keys for allowing guest access.
What would I need to change in my config so that I don't have change any registry keys for everything to work (meaning: I can successfully access /home/shares/pi
from my Windows 10)?
I have various settings in my config that, to my understanding, prohibit guest access, so I don't understand why I still had to enable it.
windows-10 samba raspberry-pi
|
show 1 more comment
I am trying to set up a simple samba share between my raspberry pi and my windows 10. This is my config:
[global]
min protocol = SMB2
workgroup = WORKGROUP
wins support = no
dns proxy = no
guest account = nobody
interfaces = 127.0.0.1, 192.168.2.0/24
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.2.0/24
hosts deny = 0.0.0.0/0
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
pam password change = yes
encrypt passwords = yes
map to guest = never
usershare allow guests = no
auto services = pi
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[pi]
comment = pi samba share
path = /home/shares/pi
browseable = yes
writeable = true
admin users = pi
public = no
valid users = pi
hide dot files = no
In order for this to work, I had to follow this article Guest access in SMB2 to change the registry keys for allowing guest access.
What would I need to change in my config so that I don't have change any registry keys for everything to work (meaning: I can successfully access /home/shares/pi
from my Windows 10)?
I have various settings in my config that, to my understanding, prohibit guest access, so I don't understand why I still had to enable it.
windows-10 samba raspberry-pi
1
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
@Ramhound what is so challenging aboutsmbpasswd -a username
?
– ivanivan
Dec 15 '18 at 18:02
|
show 1 more comment
I am trying to set up a simple samba share between my raspberry pi and my windows 10. This is my config:
[global]
min protocol = SMB2
workgroup = WORKGROUP
wins support = no
dns proxy = no
guest account = nobody
interfaces = 127.0.0.1, 192.168.2.0/24
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.2.0/24
hosts deny = 0.0.0.0/0
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
pam password change = yes
encrypt passwords = yes
map to guest = never
usershare allow guests = no
auto services = pi
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[pi]
comment = pi samba share
path = /home/shares/pi
browseable = yes
writeable = true
admin users = pi
public = no
valid users = pi
hide dot files = no
In order for this to work, I had to follow this article Guest access in SMB2 to change the registry keys for allowing guest access.
What would I need to change in my config so that I don't have change any registry keys for everything to work (meaning: I can successfully access /home/shares/pi
from my Windows 10)?
I have various settings in my config that, to my understanding, prohibit guest access, so I don't understand why I still had to enable it.
windows-10 samba raspberry-pi
I am trying to set up a simple samba share between my raspberry pi and my windows 10. This is my config:
[global]
min protocol = SMB2
workgroup = WORKGROUP
wins support = no
dns proxy = no
guest account = nobody
interfaces = 127.0.0.1, 192.168.2.0/24
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.2.0/24
hosts deny = 0.0.0.0/0
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
pam password change = yes
encrypt passwords = yes
map to guest = never
usershare allow guests = no
auto services = pi
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[pi]
comment = pi samba share
path = /home/shares/pi
browseable = yes
writeable = true
admin users = pi
public = no
valid users = pi
hide dot files = no
In order for this to work, I had to follow this article Guest access in SMB2 to change the registry keys for allowing guest access.
What would I need to change in my config so that I don't have change any registry keys for everything to work (meaning: I can successfully access /home/shares/pi
from my Windows 10)?
I have various settings in my config that, to my understanding, prohibit guest access, so I don't understand why I still had to enable it.
windows-10 samba raspberry-pi
windows-10 samba raspberry-pi
edited Dec 15 '18 at 16:20
user3629892
asked Dec 15 '18 at 16:19
user3629892user3629892
1011
1011
1
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
@Ramhound what is so challenging aboutsmbpasswd -a username
?
– ivanivan
Dec 15 '18 at 18:02
|
show 1 more comment
1
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
@Ramhound what is so challenging aboutsmbpasswd -a username
?
– ivanivan
Dec 15 '18 at 18:02
1
1
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
@Ramhound what is so challenging about
smbpasswd -a username
?– ivanivan
Dec 15 '18 at 18:02
@Ramhound what is so challenging about
smbpasswd -a username
?– ivanivan
Dec 15 '18 at 18:02
|
show 1 more comment
1 Answer
1
active
oldest
votes
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend
option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd
is the oldest and most simple, it's just a plain file similar to /etc/passwd
. The tdbsam
uses a binary tdb
file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd
for adding accounts and changing password.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1384856%2fshare-samba-drive-with-windows-without-having-to-allow-guest-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend
option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd
is the oldest and most simple, it's just a plain file similar to /etc/passwd
. The tdbsam
uses a binary tdb
file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd
for adding accounts and changing password.
add a comment |
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend
option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd
is the oldest and most simple, it's just a plain file similar to /etc/passwd
. The tdbsam
uses a binary tdb
file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd
for adding accounts and changing password.
add a comment |
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend
option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd
is the oldest and most simple, it's just a plain file similar to /etc/passwd
. The tdbsam
uses a binary tdb
file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd
for adding accounts and changing password.
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend
option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd
is the oldest and most simple, it's just a plain file similar to /etc/passwd
. The tdbsam
uses a binary tdb
file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd
for adding accounts and changing password.
answered Dec 15 '18 at 23:45
RalfFriedlRalfFriedl
1,058137
1,058137
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1384856%2fshare-samba-drive-with-windows-without-having-to-allow-guest-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Why are you against allowing guest access? If you don't allow it, then you have to configure an authentication server that SAMBA will understand which can be a challenge.
– Ramhound
Dec 15 '18 at 16:20
Here is the Rabbit Hole you will fall down by using IdM.
– Ramhound
Dec 15 '18 at 16:28
@Ramhound so it is normal and expected that if I want to setup a samba share between my pi and my windows, I need to tweak the windows registry...?
– user3629892
Dec 15 '18 at 16:36
Have you considered just enabling SMBv3 instead of using SMBv2? If you are running an affected edition of Windows 10, then you need to perform these actions, or simply use SMBv3. However, it only appears that the behavior should effect Education and Enterprise. Windows 10 Home and Professional editions are unchanged from their previous default behavior. So which edition of Windows 10 are you using?
– Ramhound
Dec 15 '18 at 17:11
@Ramhound what is so challenging about
smbpasswd -a username
?– ivanivan
Dec 15 '18 at 18:02