samba - Sep 2019 - Samba Share with user and no password

Hello,

i have migrate a Samba (3.0.20b-3.19-1616-SUSE) to debian 9 (4.5.16-Debian).

On the old suse users are created with smbpasswd -an foo
On Windows (10) users have a User account with also empthy passwords. No
AD or NT4-Domain (round about 10 Users)

Then I try to connect to the share smbclient -NL \\192.xxx.xxx.xxx work.
Connect from Windows to share with no password dosed work.

Set a Samba Password and connect to share with this works also.

I also read
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Is there a way to connect Windows 10 with username and no password to
samba share?

On 05/09/2019 14:14, basti via samba wrote:
> Hello,
>
> i have migrate a Samba (3.0.20b-3.19-1616-SUSE) to debian 9
(4.5.16-Debian).
Keep upgrading, 4.5.16 is EOL ;-)
>
> On the old suse users are created with smbpasswd -an foo
> On Windows (10) users have a User account with also empthy passwords. No
> AD or NT4-Domain (round about 10 Users)
Boy, you really don't like doing things securely.
>
> Then I try to connect to the share smbclient -NL \\192.xxx.xxx.xxx work.
> Connect from Windows to share with no password dosed work.
I take it 'dosed' is really 'does not'
>
> Set a Samba Password and connect to share with this works also.
That is how it is supposed to work.
>
> I also read
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
Good.
>
> Is there a way to connect Windows 10 with username and no password to
> samba share?
>
I really do not think this is a good idea, anybody who gets access to 
your lan, only needs to find out a username and they have access to 
everything on your standalone server. However, if you must use blank 
passwords, try adding 'null passwords = yes' to your smb.conf.

Rowland

Thank you Rowland.

I will try it.

Yes you are right. it's not securely.
I think this type of setup terrible this days. No central user
management, no secure at all. It a customer requirement. Switch to AD is
not on purpose at the moment.

Best Regards

On 05.09.19 16:14, Rowland penny via samba wrote:
> On 05/09/2019 14:14, basti via samba wrote:
>> Hello,
>>
>> i have migrate a Samba (3.0.20b-3.19-1616-SUSE) to debian 9
>> (4.5.16-Debian).
> Keep upgrading, 4.5.16 is EOL ;-)
>>
>> On the old suse users are created with smbpasswd -an foo
>> On Windows (10) users have a User account with also empthy passwords.
No
>> AD or NT4-Domain (round about 10 Users)
> Boy, you really don't like doing things securely.
>>
>> Then I try to connect to the share smbclient -NL \\192.xxx.xxx.xxx
work.
>> Connect from Windows to share with no password dosed work.
> I take it 'dosed' is really 'does not'
>>
>> Set a Samba Password and connect to share with this works also.
> That is how it is supposed to work.
>>
>> I also read
>>
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> Good.
>>
>> Is there a way to connect Windows 10 with username and no password to
>> samba share?
>>
> I really do not think this is a good idea, anybody who gets access to
> your lan, only needs to find out a username and they have access to
> everything on your standalone server. However, if you must use blank
> passwords, try adding 'null passwords = yes' to your smb.conf.
> 
> Rowland
> 
> 
>

On 05.09.19 16:14, Rowland penny via samba wrote:
> try adding 'null passwords = yes' to your smb.conf.
I have try. but can't connect (NT_STATUS_CONNECTION_RESET).

Log append.

Config:

[global]
   workgroup = workgroup
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 5000
   log level = 3 passdb:5 auth:5
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   printcap name = none
   preferred master = No
   local master = No
   domain master = No

# shares
# all shares has "guest ok = yes"
...
-------------- next part --------------
  check_ntlm_password:  mapped user is: [user33]\[user35]@[user35]
[2019/09/06 09:26:48.752739,  3]
../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for user35
[2019/09/06 09:26:48.752882,  3]
../source3/auth/check_samsec.c:56(sam_password_ok)
  Account for user 'user35' has no password and null passwords are
allowed.
[2019/09/06 09:26:48.752908,  4]
../source3/auth/check_samsec.c:183(sam_account_ok)
  sam_account_ok: Checking SMB password for user user35
[2019/09/06 09:26:48.752928,  5]
../source3/auth/check_samsec.c:165(logon_hours_ok)
  logon_hours_ok: user user35 allowed to logon at this time (Fri Sep  6 07:26:48
2019
  )
[2019/09/06 09:26:48.753405,  5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
  make_server_info_sam: made server info for user user35 -> user35
[2019/09/06 09:26:48.753436,  3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [user35] succeeded
[2019/09/06 09:26:48.753473,  5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
  check_ntlm_password:  PAM Account for user [user35] succeeded
[2019/09/06 09:26:48.753488,  2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [user35] -> [user35] ->
[user35] succeeded
[2019/09/06 09:26:48.753665,  3]
../source3/auth/token_util.c:547(finalize_local_nt_token)
  Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.753728,  3]
../source3/auth/token_util.c:579(finalize_local_nt_token)
  Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.754004,  5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.754117,  5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.754164,  5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.754183,  5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
  SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.754228,  5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.754268,  5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.754315,  5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.754335,  5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
  SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.754504,  1]
../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[user35] domain=[user35]
workstation=[user35]
[2019/09/06 09:26:48.754527,  1] ../lib/util/util.c:555(dump_data)
  [0000] 6E CF AD 45 3C FD 80 2D   17 56 40 BB 37 65 51 19   n..E<..- .V at
.7eQ.
[2019/09/06 09:26:48.754557,  1] ../lib/util/util.c:555(dump_data)
  [0000] 76 87 42 99 FF 79 CA 4B   C1 E4 97 C0 30 BB 00 84   v.B..y.K ....0...
[2019/09/06 09:26:48.754586,  2]
../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
[2019/09/06 09:26:48.754666,  3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/09/06 09:26:48.755622,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)
[2019/09/06 09:26:48.763465,  3] ../source3/smbd/oplock.c:1328(init_oplocks)
  init_oplocks: initializing messages.
[2019/09/06 09:26:48.763531,  3] ../source3/smbd/process.c:1958(process_smb)
  Transaction 0 of length 236 (0 toread)
[2019/09/06 09:26:48.763717,  3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_11
[2019/09/06 09:26:48.763755,  5]
../source3/auth/auth.c:491(make_auth_context_subsystem)
  Making default auth method list for server role = 'standalone server',
encrypt passwords = yes
[2019/09/06 09:26:48.763776,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend trustdomain
[2019/09/06 09:26:48.763800,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'trustdomain'
[2019/09/06 09:26:48.763817,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend ntdomain
[2019/09/06 09:26:48.763835,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'ntdomain'
[2019/09/06 09:26:48.763851,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend guest
[2019/09/06 09:26:48.763868,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'guest'
[2019/09/06 09:26:48.763884,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam
[2019/09/06 09:26:48.763901,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam'
[2019/09/06 09:26:48.763918,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam_ignoredomain
[2019/09/06 09:26:48.763935,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam_ignoredomain'
[2019/09/06 09:26:48.763952,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend winbind
[2019/09/06 09:26:48.763969,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'winbind'
[2019/09/06 09:26:48.763985,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend unix
[2019/09/06 09:26:48.764002,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'unix'
[2019/09/06 09:26:48.764019,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend wbc
[2019/09/06 09:26:48.764035,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'wbc'
[2019/09/06 09:26:48.764052,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2019/09/06 09:26:48.764077,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2019/09/06 09:26:48.764095,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2019/09/06 09:26:48.764113,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2019/09/06 09:26:48.767687,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2019/09/06 09:26:48.767722,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2019/09/06 09:26:48.767742,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2019/09/06 09:26:48.767761,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'spnego' registered
[2019/09/06 09:26:48.767780,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'schannel' registered
[2019/09/06 09:26:48.767798,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2019/09/06 09:26:48.767817,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2019/09/06 09:26:48.767835,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2019/09/06 09:26:48.767854,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2019/09/06 09:26:48.767873,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_basic' registered
[2019/09/06 09:26:48.767891,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2019/09/06 09:26:48.767910,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'krb5' registered
[2019/09/06 09:26:48.767928,  3]
../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2019/09/06 09:26:48.769724,  5]
../source3/auth/auth.c:491(make_auth_context_subsystem)
  Making default auth method list for server role = 'standalone server',
encrypt passwords = yes
[2019/09/06 09:26:48.769760,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2019/09/06 09:26:48.769781,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2019/09/06 09:26:48.769798,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2019/09/06 09:26:48.769816,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2019/09/06 09:26:48.769951,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2019/09/06 09:26:48.772576,  3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[user35] domain=[user35] workstation=[user35] len1=24 len2=340
[2019/09/06 09:26:48.772626,  3] ../source3/param/loadparm.c:3739(lp_load_ex)
  lp_load_ex: refreshing parameters
[2019/09/06 09:26:48.772688,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2019/09/06 09:26:48.772784,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
[2019/09/06 09:26:48.773174,  1]
../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
  WARNING: The "syslog" option is deprecated
[2019/09/06 09:26:48.773277,  1]
../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
  WARNING: The "null passwords" option is deprecated
[2019/09/06 09:26:48.773628,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[homes]"
[2019/09/06 09:26:48.773711,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[daten]"
[2019/09/06 09:26:48.773756,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[www]"
[2019/09/06 09:26:48.773843,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[gemeinsam]"
[2019/09/06 09:26:48.773901,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[EFA]"
[2019/09/06 09:26:48.773954,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[CAT]"
[2019/09/06 09:26:48.774024,  3] ../source3/param/loadparm.c:1585(lp_add_ipc)
  adding IPC service
[2019/09/06 09:26:48.774397,  5]
../source3/auth/auth_util.c:122(make_user_info_map)
  Mapping user [user35]\[user35] from workstation [user35]
[2019/09/06 09:26:48.774415,  5]
../source3/auth/auth_util.c:143(make_user_info_map)
  Mapped domain from [user35] to [user33] for user [user35] from workstation
[user35]
[2019/09/06 09:26:48.774429,  5] ../source3/auth/user_info.c:62(make_user_info)
  attempting to make a user_info for user35 (user35)
[2019/09/06 09:26:48.774444,  5] ../source3/auth/user_info.c:70(make_user_info)
  making strings for user35's user_info struct
[2019/09/06 09:26:48.774459,  5] ../source3/auth/user_info.c:108(make_user_info)
  making blobs for user35's user_info struct
[2019/09/06 09:26:48.774474,  3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[user35]\[user35]@[user35] with the new password interface
[2019/09/06 09:26:48.774489,  3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [user33]\[user35]@[user35]
[2019/09/06 09:26:48.774742,  3]
../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for user35
[2019/09/06 09:26:48.774856,  3]
../source3/auth/check_samsec.c:56(sam_password_ok)
  Account for user 'user35' has no password and null passwords are
allowed.
[2019/09/06 09:26:48.774879,  4]
../source3/auth/check_samsec.c:183(sam_account_ok)
  sam_account_ok: Checking SMB password for user user35
[2019/09/06 09:26:48.774899,  5]
../source3/auth/check_samsec.c:165(logon_hours_ok)
  logon_hours_ok: user user35 allowed to logon at this time (Fri Sep  6 07:26:48
2019
  )
[2019/09/06 09:26:48.775065,  5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
  make_server_info_sam: made server info for user user35 -> user35
[2019/09/06 09:26:48.775103,  3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [user35] succeeded
[2019/09/06 09:26:48.775147,  5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
  check_ntlm_password:  PAM Account for user [user35] succeeded
[2019/09/06 09:26:48.775166,  2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [user35] -> [user35] ->
[user35] succeeded
[2019/09/06 09:26:48.775362,  3]
../source3/auth/token_util.c:547(finalize_local_nt_token)
  Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.775425,  3]
../source3/auth/token_util.c:579(finalize_local_nt_token)
  Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.775970,  5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.776007,  5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.776039,  5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.776067,  5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
  SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.776111,  5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.776150,  5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.776189,  5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.776215,  5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
  SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.776387,  1]
../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[user35] domain=[user35]
workstation=[user35]
[2019/09/06 09:26:48.776410,  1] ../lib/util/util.c:555(dump_data)
  [0000] 60 14 2B E8 AC 21 12 CE   41 6D 00 DA B8 9E 7A BF   `.+..!.. Am....z.
[2019/09/06 09:26:48.776439,  1] ../lib/util/util.c:555(dump_data)
  [0000] 24 33 9E 21 86 7A B4 30   D4 FA 39 1C BD 14 F9 5B   $3.!.z.0 ..9....[
[2019/09/06 09:26:48.776468,  2]
../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
[2019/09/06 09:26:48.776547,  3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/09/06 09:26:48.777519,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)

Hai, 

Just setup as the wiki is showing for a standalone setup. That works fine. 

What your trying todo is possible, but i always results in problem, at least to
easy..
A Windows update/samba update can trigger that. 
Think in "cached" auths and/or passthrough auth of windows. 

You pc is trying to auth with (PCNAME\)user pass   
You standalone server is trying to use : user but pass is always wrong. 

So read this again, setup the shares as shown and test it so it fits your
environment.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Or open the server and allow guest in full order. 

I wont advice anything else because your setup is going straigh against all
current things
happening at samba or windows or anything authentication related.
... Allowing guests or passwordless access. 

Why i say this... Because sure i might run fine in the end now, but i'll bet
within 3-6 months
You have problems you most probely are not able to fix due to coming changes. 
And then its again, fiddeling with settings.. 

But thats my opionion. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> basti via samba
> Verzonden: vrijdag 6 september 2019 11:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba Share with user and no password
> 
> On 05.09.19 16:14, Rowland penny via samba wrote:
> > try adding 'null passwords = yes' to your smb.conf.
> 
> I have try. but can't connect (NT_STATUS_CONNECTION_RESET).
> 
> Log append.
> 
> Config:
> 
> [global]
>    workgroup = workgroup
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 5000
>    log level = 3 passdb:5 auth:5
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    server role = standalone server
>    passdb backend = tdbsam
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>    pam password change = yes
>    map to guest = bad user
>    usershare allow guests = yes
>    printcap name = none
>    preferred master = No
>    local master = No
>    domain master = No
> 
> # shares
> # all shares has "guest ok = yes"
> ...
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

AFAIK, by default Win10 won't let you login with blank passwords when
using SMB2/3 (by upgrading samba you automatically switched to SMB2/3)
There may be a registry setting to fix this, don't remember it now.