samba shares accessibility

Posted on 2011-02-18
Last Modified: 2012-05-11
Hi everyone,

I would like to define 2 samba shares on my network. I have a 3-leg perimeter with a samba-server on the green zone (with all my other clients and servers).

1 share is a public share for all the clients and servers. So no authentication
1 share is a share which only clients may access. So authentication with the local accounts on the linux-server.

Is this possible to access 1 share without authentication and the other one with authentication?
And how what would the stanza of the 2 shares be in the smb.conf ?

Thanks in advance!
Question by:Silencer001
  • 3
  • 2
LVL 14

Accepted Solution

small_student earned 500 total points
ID: 34932825
Yes it is possible

 the first share would be like

[public share]
path =/path/to/dir
guest ok = yes
readonly = no

[auth share]
path = /path/to/dir
read only = no

For the public share in the global section you must have

guest account = nobody
map to guest = bad user

Note: Permissions on the dir form the LInux side must be appropriate
Note: Add your users to Samba.To do that you must first create accounts for them under linux

useradd username

Then you need to add them into samba

smbpasswd -a username

Note: If you have a lot of users it would be better if you make this a Domain similar to MS AD but this would be another story.

Author Comment

ID: 34935621
Hi small_student, thanks for your reply!!
But I don"t understand what you mean with "for the public share in the global section you must have"..

Is it like this:
[public share]
path =/path/to/dir
guest ok = yes
readonly = no
guest account = nobody
map to guest = bad user

I just want to give everyone full access so I will give 777 on the dir. Or is this not smart?

But the problem is that I need to give in a password when I want to connect to the server. So when I access \\, I will be promted for a password. How can I resolve this so that I only need to give in a password when I want to join auth share?

And is there also a way to just block access to the auth share for server by its ip-address?

I also added the users to samba.

Thanks for your reply already, much appreciated!

Author Comment

ID: 34937153
Hi Small_Student,

I just adapted the settings and worked like a charm!! Really nice help!
I gave 770 for the auth share and 777 for the public share. (I changed the group-owner to the group with the users that may access the samba-server).

So the next 2 lines made sure that you don't need to logon immediatly when you access the samba-server? Can you please give me some additional information about these 2 lines?

guest account = nobody
map to guest = bad user

Already thank you soo much! 500 point coming your way! ;-)

Kind regards,

LVL 14

Assisted Solution

small_student earned 500 total points
ID: 34938328
Sorry to respond lately I just checked my mail and saw your posts.

The way samba works is as follows.

A windows machine makes a request to a Samba Server.
Windows Credentials are different than Linux. Windows use LanMan and NTPasswd. Unix/Linux use UID/GID.
Samba maps the windows user to a corresponding Linux user to access the share. This is why Linux permissions are also important and you must have Linux and Samba Users.

Finally to have a public account this means anyone must map to a specific user. Here in our case comes the line

guest account = nobody

This means for shares that have guest access map any request to the Linux account nobody.
nobody is a user under Linux you can check this user by running the following command

grep nobody /etc/passwd

Finally when would samba map a request to the guest account? This would be the

map to guest = bad user

Which means for unknown users map them to the guest account and these are users who do not have a username or password.

Hope this helps  

Author Comment

ID: 34939488
Wow thanks, great explanation!!

Thanks for all your information!!

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users are often faced with high disk consumption without really knowing where the largest amount of data resides. Disk Usage Analyzer (aka Baobab) is is a graphical, menu-driven application to analyse disk usage in any Gnome environment and can e…
Are you sitting there reading this and wondering how to get started with Linux? It almost seems like picking the right Linux distribution is about like picking the right college or buying a new car if you read some of the article out there. Relax… l…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now