samba shares accessibility

Posted on 2011-02-18
Last Modified: 2012-05-11
Hi everyone,

I would like to define 2 samba shares on my network. I have a 3-leg perimeter with a samba-server on the green zone (with all my other clients and servers).

1 share is a public share for all the clients and servers. So no authentication
1 share is a share which only clients may access. So authentication with the local accounts on the linux-server.

Is this possible to access 1 share without authentication and the other one with authentication?
And how what would the stanza of the 2 shares be in the smb.conf ?

Thanks in advance!
Question by:Silencer001
  • 3
  • 2
LVL 14

Accepted Solution

small_student earned 500 total points
ID: 34932825
Yes it is possible

 the first share would be like

[public share]
path =/path/to/dir
guest ok = yes
readonly = no

[auth share]
path = /path/to/dir
read only = no

For the public share in the global section you must have

guest account = nobody
map to guest = bad user

Note: Permissions on the dir form the LInux side must be appropriate
Note: Add your users to Samba.To do that you must first create accounts for them under linux

useradd username

Then you need to add them into samba

smbpasswd -a username

Note: If you have a lot of users it would be better if you make this a Domain similar to MS AD but this would be another story.

Author Comment

ID: 34935621
Hi small_student, thanks for your reply!!
But I don"t understand what you mean with "for the public share in the global section you must have"..

Is it like this:
[public share]
path =/path/to/dir
guest ok = yes
readonly = no
guest account = nobody
map to guest = bad user

I just want to give everyone full access so I will give 777 on the dir. Or is this not smart?

But the problem is that I need to give in a password when I want to connect to the server. So when I access \\, I will be promted for a password. How can I resolve this so that I only need to give in a password when I want to join auth share?

And is there also a way to just block access to the auth share for server by its ip-address?

I also added the users to samba.

Thanks for your reply already, much appreciated!

Author Comment

ID: 34937153
Hi Small_Student,

I just adapted the settings and worked like a charm!! Really nice help!
I gave 770 for the auth share and 777 for the public share. (I changed the group-owner to the group with the users that may access the samba-server).

So the next 2 lines made sure that you don't need to logon immediatly when you access the samba-server? Can you please give me some additional information about these 2 lines?

guest account = nobody
map to guest = bad user

Already thank you soo much! 500 point coming your way! ;-)

Kind regards,

LVL 14

Assisted Solution

small_student earned 500 total points
ID: 34938328
Sorry to respond lately I just checked my mail and saw your posts.

The way samba works is as follows.

A windows machine makes a request to a Samba Server.
Windows Credentials are different than Linux. Windows use LanMan and NTPasswd. Unix/Linux use UID/GID.
Samba maps the windows user to a corresponding Linux user to access the share. This is why Linux permissions are also important and you must have Linux and Samba Users.

Finally to have a public account this means anyone must map to a specific user. Here in our case comes the line

guest account = nobody

This means for shares that have guest access map any request to the Linux account nobody.
nobody is a user under Linux you can check this user by running the following command

grep nobody /etc/passwd

Finally when would samba map a request to the guest account? This would be the

map to guest = bad user

Which means for unknown users map them to the guest account and these are users who do not have a username or password.

Hope this helps  

Author Comment

ID: 34939488
Wow thanks, great explanation!!

Thanks for all your information!!

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Users are often faced with high disk consumption without really knowing where the largest amount of data resides. Disk Usage Analyzer (aka Baobab) is is a graphical, menu-driven application to analyse disk usage in any Gnome environment and can e…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question