This issue comes up time and time again on the mailing list and internet. I have yet to see a single answer. How do you get windows to access a share with as a guest? The situation is pretty simple: - A samba share exists for which there are guest logins available However this share is inaccessible to windows users because: - Windows by default tries to login to a share with its current username/password - Windows fails - Windows opens a login/password box for user - There is no way to force windows to connect as a guest There are two hacks for this issue: 1. demote to share level security, which windows consumes differently. 2. "map to guest" option to default failed logins to guest. These hacks have issues: #1 massively reduces the functionality of samba. #2 is viable, however i've found users' often end up logged in as guest when they intended to login as a user. this is a severely suboptimal hack. the nub of the issue is that /Windows/ needs some way of being able to connect as guest. to the best of my knowledge though, the fuckassedbitchcunts at microsoft have not provided any measures for this absolutely basic procedure: logging in as a guest. someone please dear lord tell me i am wrong?
> How do you get windows to access a share as a guest?But what's a "guest"? Is that someone logging in with a blank username? Or is it someone logging in with the username "Guest" and a blank password? Or is it any unknown username regardless of the password?> - Windows by default tries to login to a share with its current > username/passwordCorrect, so if you allow your existing users to access all the "guest" shares, it shouldn't matter who they connect as.> - Windows opens a login/password box for userAs it does when you connect as an invalid username or password, or the account you're connecting as doesn't have enough access. Grant the connecting user access if you don't want the login box to appear.> - There is no way to force windows to connect as a guestBut Windows asks you for a username to connect as, just log in with the "Guest" username (isn't that how Windows itself works? Don't people always tell you to disable the Guest account on a new Windows installation for this reason?)> 2. "map to guest" option to default failed logins to guest. > #2 is viable, however i've found users' often end up logged in as > guest when they intended to login as a user. this is a severely > suboptimal hack.I guess it's up to how you define your guest account. If you create an account called Guest and give it a blank password, then people can log in as this guest account or their own account by typing in the appropriate username, and there shouldn't be any mix up. If you were hoping for an easy solution where people don't have to log in at all to access the guest shares, then you'll have to make sure all your legitimate users have access to the appropriate guest shares too, then use one of the 'map to guest' options. I'm not aware of any other way of doing it.> the nub of the issue is that /Windows/ needs some way of being able to > connect as guest.Since Microsoft use an actual Guest account I expect their method is related to that (whether you have to log in as a Guest, or invalid accounts are automatically mapped to guest I don't know. Perhaps trying to connect to an XP box with the Guest account enabled might tell you.) I think you'll have to use a 'map to guest' option with Samba, that's really the only way having things "just work" (assuming, as you say, that people don't accidentally log themselves on as a guest.) Cheers, Adam.
Matthew Fowle wrote:> > There are two hacks for this issue: > 1. demote to share level security, which windows consumes differently. > 2. "map to guest" option to default failed logins to guest. > > These hacks have issues: > #1 massively reduces the functionality of samba. > #2 is viable, however i've found users' often end up logged in as > guest when they intended to login as a user. this is a severely > suboptimal hack. >I'm not sure why this is bad. I have shares that I maintain as a service to my users and myself. E.g: \\conan\installers\ is where I keep the stuff I want to be able to install from. (You have no idea how many CD's I lost before I started doing this. Left them in the client computer...) I'm the only person who has write access to it. everyone has read access to it, so that my witfull users can service themselves. (A small subset of users...) \\conan\apps is where I part applications that are handy, but not used much. Normally a guest share is one that is read only for those users. I need an example where a guest should have write access that isn't inviting trouble down the line.> the nub of the issue is that /Windows/ needs some way of being able to > connect as guest. to the best of my knowledge though, the > fuckassedbitchcunts at microsoft have not provided any measures for > this absolutely basic procedure: logging in as a guest. someone > please dear lord tell me i am wrong?Question: Apache can pretend to be several different hostnames as a webserver Can samba be trained to be several different servers? If so, then you could have two virtual servers on one host. One of the servers could have security = domain, the other security = share. Perhaps this approach can be implemented right now by using ipaliasing. Suppose that your server is Aardvark, and it's ip address is 192.168.1.20 Add an entry to DNS for Aardvarkshare and give it an ip of 192.168.1.21 On Aardvark, add an ipalias for 192.168.1.21. Now, duplicate your present smb.conf file; The original, take out the public shares. On the copy take out the passworded shares, and give it a different netbios name. In both add an interface line with the appropriate ip address. Smbd for the second file needs to be started as smbd -s {new conf file name}