Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


samba shares accessibility

Posted on 2011-02-18
Medium Priority
Last Modified: 2012-05-11
Hi everyone,

I would like to define 2 samba shares on my network. I have a 3-leg perimeter with a samba-server on the green zone (with all my other clients and servers).

1 share is a public share for all the clients and servers. So no authentication
1 share is a share which only clients may access. So authentication with the local accounts on the linux-server.

Is this possible to access 1 share without authentication and the other one with authentication?
And how what would the stanza of the 2 shares be in the smb.conf ?

Thanks in advance!
Question by:Silencer001
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 14

Accepted Solution

Monis Monther earned 2000 total points
ID: 34932825
Yes it is possible

 the first share would be like

[public share]
path =/path/to/dir
guest ok = yes
readonly = no

[auth share]
path = /path/to/dir
read only = no

For the public share in the global section you must have

guest account = nobody
map to guest = bad user

Note: Permissions on the dir form the LInux side must be appropriate
Note: Add your users to Samba.To do that you must first create accounts for them under linux

useradd username

Then you need to add them into samba

smbpasswd -a username

Note: If you have a lot of users it would be better if you make this a Domain similar to MS AD but this would be another story.

Author Comment

ID: 34935621
Hi small_student, thanks for your reply!!
But I don"t understand what you mean with "for the public share in the global section you must have"..

Is it like this:
[public share]
path =/path/to/dir
guest ok = yes
readonly = no
guest account = nobody
map to guest = bad user

I just want to give everyone full access so I will give 777 on the dir. Or is this not smart?

But the problem is that I need to give in a password when I want to connect to the server. So when I access \\, I will be promted for a password. How can I resolve this so that I only need to give in a password when I want to join auth share?

And is there also a way to just block access to the auth share for server by its ip-address?

I also added the users to samba.

Thanks for your reply already, much appreciated!

Author Comment

ID: 34937153
Hi Small_Student,

I just adapted the settings and worked like a charm!! Really nice help!
I gave 770 for the auth share and 777 for the public share. (I changed the group-owner to the group with the users that may access the samba-server).

So the next 2 lines made sure that you don't need to logon immediatly when you access the samba-server? Can you please give me some additional information about these 2 lines?

guest account = nobody
map to guest = bad user

Already thank you soo much! 500 point coming your way! ;-)

Kind regards,

LVL 14

Assisted Solution

by:Monis Monther
Monis Monther earned 2000 total points
ID: 34938328
Sorry to respond lately I just checked my mail and saw your posts.

The way samba works is as follows.

A windows machine makes a request to a Samba Server.
Windows Credentials are different than Linux. Windows use LanMan and NTPasswd. Unix/Linux use UID/GID.
Samba maps the windows user to a corresponding Linux user to access the share. This is why Linux permissions are also important and you must have Linux and Samba Users.

Finally to have a public account this means anyone must map to a specific user. Here in our case comes the line

guest account = nobody

This means for shares that have guest access map any request to the Linux account nobody.
nobody is a user under Linux you can check this user by running the following command

grep nobody /etc/passwd

Finally when would samba map a request to the guest account? This would be the

map to guest = bad user

Which means for unknown users map them to the guest account and these are users who do not have a username or password.

Hope this helps  

Author Comment

ID: 34939488
Wow thanks, great explanation!!

Thanks for all your information!!

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question