I?m having an issue with a new media server.
Previously, I was using a Debian Linux server for my media server. Basically, it
was just Samba shares, since that seems the easiest way for a number of programs
(on Linux, Mac, iOs, Android tablets, and Apple TV) to be able to play back
video and audio files. It?s also easier than setting up streaming servers.
This Debian server worked fine. I used this for the configuration for a share:
[Library]
comment = Media library
path = "/share00/Library"
browseable = yes
read only = yes
guest ok = yes
# follow symlinks = yes
wide links = yes
(The rest of the config file is after my signature.)
On this system, on several programs, I just did not enter a username or password
to log into that share.
Now I?m using a RAID device, a Synology DS620Slim. Considering the type of
system in this, I haven?t wanted to get into config files and hand-edit them
unless I have to. I know one small change can upset things in their overall
design. I set up a Samba share, but was limited in choices. I set up guest
access for my share on there. When I?m trying to watch a video from the new
server, in some programs (VLC is a good example), I have to have
"guest" in the username field to be able to get to the video files.
While I can deal with this, when we have relatives staying here, they get
frustrated when they try to watch something and get something asking them to log
in. Also, to be honest, lots of times I use this to get something to listen to
late at night, when I wake up and can?t get back to sleep. At that point, yes,
it?s really hard to remember something like this!
At this point I?m not sure how to get to the RAID config files. I?m working on
that.
Until then, is there a different type of login? I?m wondering if I?ve set up my
Linux system to use some kind of anonymous login and the RAID is using a guest
login - or something like that.
Why is it that, with my Linux server, I can login and see the shares without
using a username or password and the new system always requires me to specify
"guest?"
Hal
???????
smb.conf:
???????
[global]
security = user
unix password sync = yes
unix extensions = no
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server",
"classic primary
# domain controller", "classic backup domain controller",
"active
# directory domain controller".
#
# Most people will want "standalone sever" or "member
server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan at
informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
On Thu, 2022-02-17 at 03:36 -0500, Hal Vaughan via samba wrote:> I?m having an issue with a new media server. > > Previously, I was using a Debian Linux server for my media server. > Basically, it was just Samba shares, since that seems the easiest way > for a number of programs (on Linux, Mac, iOs, Android tablets, and > Apple TV) to be able to play back video and audio files. It?s also > easier than setting up streaming servers. > > This Debian server worked fine. I used this for the configuration for > a share: > > > On this system, on several programs, I just did not enter a username > or password to log into that share. > > Now I?m using a RAID device, a Synology DS620Slim.There is only 'guest' access on Samba when using 'map to guest = bad user', if use a user is unknown to Samba, the user gets mapped to 'nobody' before it gets anywhere near the share(s). What I think is going on here is that your old server was using SMBv1 and your new one isn't. The other problem that you may have coming, Windows 10 pro has guest access turned off by default. Rowland
Is you DS620Slim already upgraded to DSM 7 ? If not, i suggest do so, way better then DSM6.x On below, im missing bit what the exact goal is here. Like: (PC) <> synology Or (PC) <> debian samba Or PC / synology \ debian samba Also read : https://kb.synology.com/en-uk/DSM/tutorial/Why_cant_access_shared_folder That will explain more. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Hal > Vaughan via samba > Verzonden: donderdag 17 februari 2022 9:37 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Different Types of Guest Logins? > > I?m having an issue with a new media server. > > Previously, I was using a Debian Linux server for my media > server. Basically, it was just Samba shares, since that seems > the easiest way for a number of programs (on Linux, Mac, iOs, > Android tablets, and Apple TV) to be able to play back video > and audio files. It?s also easier than setting up streaming servers. > > This Debian server worked fine. I used this for the > configuration for a share: > > [Library] > comment = Media library > path = "/share00/Library" > browseable = yes > read only = yes > guest ok = yes > # follow symlinks = yes > wide links = yes > > (The rest of the config file is after my signature.) > > On this system, on several programs, I just did not enter a > username or password to log into that share. > > Now I?m using a RAID device, a Synology DS620Slim. > Considering the type of system in this, I haven?t wanted to > get into config files and hand-edit them unless I have to. I > know one small change can upset things in their overall > design. I set up a Samba share, but was limited in choices. I > set up guest access for my share on there. When I?m trying to > watch a video from the new server, in some programs (VLC is a > good example), I have to have "guest" in the username field > to be able to get to the video files. While I can deal with > this, when we have relatives staying here, they get > frustrated when they try to watch something and get something > asking them to log in. Also, to be honest, lots of times I > use this to get something to listen to late at night, when I > wake up and can?t get back to sleep. At that point, yes, it?s > really hard to remember something like this! > > At this point I?m not sure how to get to the RAID config > files. I?m working on that. > > Until then, is there a different type of login? I?m wondering > if I?ve set up my Linux system to use some kind of anonymous > login and the RAID is using a guest login - or something like that. > > Why is it that, with my Linux server, I can login and see the > shares without using a username or password and the new > system always requires me to specify "guest?" > > > > > Hal > ??????? > smb.conf: > ??????? > > [global] > > security = user > unix password sync = yes > unix extensions = no > > ## Browsing/Identification ### > > # Change this to the workgroup/NT-domain name your Samba > server will part of > workgroup = WORKGROUP > > # This will prevent nmbd to search for NetBIOS names through DNS. > dns proxy = no > > > #### Debugging/Accounting #### > > # This tells Samba to use a separate log file for each machine > # that connects > log file = /var/log/samba/log.%m > > # Cap the size of the individual log files (in KiB). > max log size = 1000 > > # We want Samba to log a minimum amount of information to > syslog. Everything > # should go to /var/log/samba/log.{smbd,nmbd} instead. If you > want to log > # through syslog you should set the following parameter to > something higher. > syslog = 0 > > # Do something sensible when Samba crashes: mail the admin a backtrace > panic action = /usr/share/samba/panic-action %d > > > ####### Authentication ####### > > # Server role. Defines in which mode Samba will operate. Possible > # values are "standalone server", "member server", "classic primary > # domain controller", "classic backup domain controller", "active > # directory domain controller". > # > # Most people will want "standalone sever" or "member server". > # Running as "active directory domain controller" will require first > # running "samba-tool domain provision" to wipe databases and create a > # new domain. > server role = standalone server > > # If you are using encrypted passwords, Samba will need to know what > # password database type you are using. > passdb backend = tdbsam > > obey pam restrictions = yes > > # This boolean parameter controls whether Samba attempts to > sync the Unix > # password with the SMB password when the encrypted SMB > password in the > # passdb is changed. > unix password sync = yes > > # For Unix password sync to work on a Debian GNU/Linux > system, the following > # parameters must be set (thanks to Ian Kahan > <<kahan at informatik.tu-muenchen.de> for > # sending the correct chat script for the passwd program in > Debian Sarge). > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > > # This boolean controls whether PAM will be used for password changes > # when requested by an SMB client instead of the program listed in > # 'passwd program'. The default is 'no'. > pam password change = yes > > # This option controls how unsuccessful authentication > attempts are mapped > # to anonymous connections > map to guest = bad user > > > # Allow users who've been granted usershare privileges to create > # public shares, not just authenticated ones > usershare allow guests = yes > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 2/17/22 02:36, Hal Vaughan via samba wrote:> I?m having an issue with a new media server. > > Previously, I was using a Debian Linux server for my media server. Basically, it was just Samba shares, since that seems the easiest way for a number of programs (on Linux, Mac, iOs, Android tablets, and Apple TV) to be able to play back video and audio files. It?s also easier than setting up streaming servers. > > This Debian server worked fine. I used this for the configuration for a share: > > [Library] > comment = Media library > path = "/share00/Library" > browseable = yes > read only = yes > guest ok = yes > # follow symlinks = yes > wide links = yes > > (The rest of the config file is after my signature.) > > On this system, on several programs, I just did not enter a username or password to log into that share. > > Now I?m using a RAID device, a Synology DS620Slim. Considering the type of system in this, I haven?t wanted to get into config files and hand-edit them unless I have to. I know one small change can upset things in their overall design. I set up a Samba share, but was limited in choices. I set up guest access for my share on there. When I?m trying to watch a video from the new server, in some programs (VLC is a good example), I have to have "guest" in the username field to be able to get to the video files. While I can deal with this, when we have relatives staying here, they get frustrated when they try to watch something and get something asking them to log in. Also, to be honest, lots of times I use this to get something to listen to late at night, when I wake up and can?t get back to sleep. At that point, yes, it?s really hard to remember something like this!> At this point I?m not sure how to get to the RAID config files. I?m working on that.Synology devices run linux. Turn on the ssh server from the web admin interface and you'll be able to ssh to the device. The filesystem will look a little weird, but should be navigable.> > Until then, is there a different type of login? I?m wondering if I?ve set up my Linux system to use some kind of anonymous login and the RAID is using a guest login - or something like that. > > Why is it that, with my Linux server, I can login and see the shares without using a username or password and the new system always requires me to specify "guest?" > > > > > Hal > ??????? > smb.conf: > ??????? > > [global] > > security = user > unix password sync = yes > unix extensions = no > > ## Browsing/Identification ### > > # Change this to the workgroup/NT-domain name your Samba server will part of > workgroup = WORKGROUP > > # This will prevent nmbd to search for NetBIOS names through DNS. > dns proxy = no > > > #### Debugging/Accounting #### > > # This tells Samba to use a separate log file for each machine > # that connects > log file = /var/log/samba/log.%m > > # Cap the size of the individual log files (in KiB). > max log size = 1000 > > # We want Samba to log a minimum amount of information to syslog. Everything > # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log > # through syslog you should set the following parameter to something higher. > syslog = 0 > > # Do something sensible when Samba crashes: mail the admin a backtrace > panic action = /usr/share/samba/panic-action %d > > > ####### Authentication ####### > > # Server role. Defines in which mode Samba will operate. Possible > # values are "standalone server", "member server", "classic primary > # domain controller", "classic backup domain controller", "active > # directory domain controller". > # > # Most people will want "standalone sever" or "member server". > # Running as "active directory domain controller" will require first > # running "samba-tool domain provision" to wipe databases and create a > # new domain. > server role = standalone server > > # If you are using encrypted passwords, Samba will need to know what > # password database type you are using. > passdb backend = tdbsam > > obey pam restrictions = yes > > # This boolean parameter controls whether Samba attempts to sync the Unix > # password with the SMB password when the encrypted SMB password in the > # passdb is changed. > unix password sync = yes > > # For Unix password sync to work on a Debian GNU/Linux system, the following > # parameters must be set (thanks to Ian Kahan <<kahan at informatik.tu-muenchen.de> for > # sending the correct chat script for the passwd program in Debian Sarge). > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > > # This boolean controls whether PAM will be used for password changes > # when requested by an SMB client instead of the program listed in > # 'passwd program'. The default is 'no'. > pam password change = yes > > # This option controls how unsuccessful authentication attempts are mapped > # to anonymous connections > map to guest = bad user > > > # Allow users who've been granted usershare privileges to create > # public shares, not just authenticated ones > usershare allow guests = yes