samba - Aug 2021 - Unable to Login as Guest to Protected Share

Samba Team Members,

I work with a company that sells sensors that use Samba as a way to
transfer files from the sensors to our clients computers. The sensors run
petalinux, and the Samba version used is 4.8.4. We do not monitor what
version of Windows our customers run, although the majority is Windows 10.
In the past we have simply set all shares to public and used the guest
account with no issues. However, lately some customers are unable to access
guest shares due to regulations set by their employer's (they are not
allowed to change the anonymous access policy). Because of this it was
decided to have a "backup" user that could be used as a credentialed
sign
in, with a username and password that we would provide to the customer. The
desired behavior would be that Windows prompts for credentials upon
attempting to access a share, at which time either the valid user
credentials could be input or it could be left blank, resulting in the
guest account being used instead. Both of these would be given the same
access rights. However, I have not been able to replicate this behavior,
nor have I found anything online that might assist in figuring out how to
set this up. Does anyone know if this behavior is even possible, and if so
what the configuration for that looks like?

Regards,
Mckenzie Ebert

On Wed, 2021-08-04 at 12:50 -0500, Mckenzie Ebert via samba
wrote:
> Samba Team Members,
> 
> I work with a company that sells sensors that use Samba as a way to
> transfer files from the sensors to our clients computers. The sensors
> run
> petalinux, and the Samba version used is 4.8.4. We do not monitor
> what
> version of Windows our customers run, although the majority is
> Windows 10.
> In the past we have simply set all shares to public and used the
> guest
> account with no issues. However, lately some customers are unable to
> access
> guest shares due to regulations set by their employer's (they are not
> allowed to change the anonymous access policy). Because of this it
> was
> decided to have a "backup" user that could be used as a
credentialed
> sign
> in, with a username and password that we would provide to the
> customer. The
> desired behavior would be that Windows prompts for credentials upon
> attempting to access a share, at which time either the valid user
> credentials could be input or it could be left blank, resulting in
> the
> guest account being used instead. Both of these would be given the
> same
> access rights. However, I have not been able to replicate this
> behavior,
> nor have I found anything online that might assist in figuring out
> how to
> set this up. Does anyone know if this behavior is even possible, and
> if so
> what the configuration for that looks like?
> 
> Regards,
> Mckenzie Ebert
Is it possible for you to post the smb.conf ?
I presume that you are running Samba as a standalone server, but what
parameters have you set in smb.conf ?

Rowland

*> Is it possible for you to post the smb.conf ?
*

Here is my copy of the smb.conf I am currently using:

[global]
    map to guest = Bad User
    log file = /var/log/samba/%m
    log level = 1
    printcap name = /dev/null

    # Buffer sizes from testing done here:
https://ubuntuforums.org/archive/index.php/t-2279604.html
    # For us, we didn't need to go as high to max out the connection
    socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 IPTOS_LOWDELAY

    unix extensions = no
    wide links = yes
    follow symlinks = yes

    # Disable asyncronous I/O that was causing NVME Queue timeouts
    # on Lexar SSD systems
    aio read size = 0
    aio write size = 0

    # Improves send speed drastically
    use sendfile = yes

    # Ensures proper security and authentication
    security = user
    # Stores username and guest name information
    username map = /etc/samba/usermap.txt

[sdcard]
    # This share allows anonymous (guest) access
    # without authentication!
    path = /path/to/sdcard/
    read only = no
    writeable = yes
    public = yes
    guest ok = yes
    valid user = nobody,UserName
	

[data]
    # This share allows anonymous (guest) access
    # without authentication!
    path = /path/to/data/
    wide links = yes
    follow symlinks = yes
    read only = no
    writeable = yes
    public = yes
    guest ok = yes
    valid user = nobody,UserName


The username map file has the following:

UserName = UserName
nobody = *


On Wed, Aug 4, 2021 at 12:50 PM Mckenzie Ebert <smuser287 at gmail.com>
wrote:
> Samba Team Members,
>
> I work with a company that sells sensors that use Samba as a way to
> transfer files from the sensors to our clients computers. The sensors run
> petalinux, and the Samba version used is 4.8.4. We do not monitor what
> version of Windows our customers run, although the majority is Windows 10.
> In the past we have simply set all shares to public and used the guest
> account with no issues. However, lately some customers are unable to access
> guest shares due to regulations set by their employer's (they are not
> allowed to change the anonymous access policy). Because of this it was
> decided to have a "backup" user that could be used as a
credentialed sign
> in, with a username and password that we would provide to the customer. The
> desired behavior would be that Windows prompts for credentials upon
> attempting to access a share, at which time either the valid user
> credentials could be input or it could be left blank, resulting in the
> guest account being used instead. Both of these would be given the same
> access rights. However, I have not been able to replicate this behavior,
> nor have I found anything online that might assist in figuring out how to
> set this up. Does anyone know if this behavior is even possible, and if so
> what the configuration for that looks like?
>
> Regards,
> Mckenzie Ebert
>