How to allow guest access in SAMBA

Question

So basically, I'm having the exact same issue as the guy in this thread. I can see the samba print share, but not access it from windows. The top answer, which looks promising states that I must do the following:

You need to add a guest user to the samba password database. Usually it is done by mapping guest in samba configuration files to a UNIX existing user; give that user printing rights via groups; then you should be able to access the printer via the \server\ URI.

Can somebody please explain to me how exactly this is done? I've googled around and it hasn't been of much help.

Thanks!

UPDATE
here is the printer portion of my /etc/samba.conf file. let me know if you want the rest and i'll put it in a google doc or something

[printers]
comment = All Printers
; browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
; read only = no
guest account = blain
create mask = 0700

Answer 1

In order to set up guest access in Samba, you need to set up a user that it will pretend to log in as. So, let's say you want to share files on /mnt/somepartition/files publically. Your configuration might look like this:

[public_files]
    comment = Public files
    path = /mnt/somepartition/files
    browsable = yes
    guest ok = yes
    writable = yes
    guest account = someusername
    create mask = 0775
    directory mask = 0755

What this saying is "Create a samba share on \mymachine\public_files that is viewable to anonymous users (not hidden like user files generally are) and enable it for write access. Anonymous users can access this share by using someusername's credentials. When files are created, make them globally executable but restrict write access globally. When directories are created, make them globally executable but only writable by someusername."

Once this is done, you will need to create a smbpassword, per your question. To do this, ensure first that the user exists within your server. If the user doesn't, create it:

sudo adduser someusername

Once the user exists, create a samba login:

sudo smbpasswd -a someusername

A couple of things to keep in mind: the directory that public_files points to will need to be READ accessible to someusername. Make sure you set the permissions correctly. If the directory is owned by you but still want to make them available, add someusername to a common group and then change the group ownership.

Answer 2

How I got it to work on my Pi running dietpi. It works with Windows (10), Mac (Catalina) and Linux clients, and has read+write permissions. Note: I automount the USBHDD to /media/USBHDD at startup

Contents of smb.conf:

[global]
        workgroup = WORKGROUP
        server string = %h server
        dns proxy = no
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog only = no
        syslog = 0
        panic action = /usr/share/samba/panic-action %d
        security = user
        encrypt passwords = true
        passdb backend = tdbsam
        obey pam restrictions = yes
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        pam password change = yes
        map to guest = bad user
        load printers = no
        printcap name = /dev/null
        disable spoolss = yes
[dietpi]
        comment = DietPi Share
        path = /mnt/dietpi_userdata
        browseable = yes
        create mask = 0664
        directory mask = 0775
        valid users = dietpi
        writeable = yes
[PiNAS]
        path = /media/USBHDD
        browseable = yes
        read only = no
        guest ok = yes
        writeable = yes
        create mask = 0775
        directory mask = 0755
max connections = 8

Answer 3

There is a tick box to enable guest user access to file shares in System Preferences > Users & Groups. Go there and it enables without having to dig around in configuration files.

Answer 4

Make sure you have these parameters in your smb.conf:

# Invalid users
# https://www.samba.org/samba/docs/using_samba/ch09.html
   invalid users = root bin daemon adm sync shutdown halt mail news uucp operator
# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no
# NetBIOS names (replace "myserver" with your server name)
   netbios name = myserver
# NetBIOS aliases
# Hosts allow (replace 192.168.1.0/24 for your net range)
   hosts allow = 127.0.0.1, 192.168.1.0/24
   hosts deny = ALL
# Prevent Samba´s services to manage the network (Domain Controller like a WinNT Server, or similar)
;   domain master = auto
;   local master = yes
;   preferred master = auto
# WINS
;   wins support = no
# Extended Attributes
   ea support = yes
# Prevent: "parse_dos_attribute_blob: bad ndr decode from EA on file | Buffer Size Error"
;   store dos attributes = yes
;   map archive = yes
;   map hidden = no
;   map system = no
;   map readonly = no
# winbindd will store user credentials from successful logins encrypted in a local cache.   
   winbind offline logon = no
# security users (replace "your_user" with your user account with privileges)
   security = user
   guest account = your_user
# smb sign and smb protocol
;   server signing = mandatory
;   server min protocol = SMB3
# encrypt
# for v4.13 or earlier
;   smb encrypt = required
# for v4.14 or higher
;   server smb encrypt = required
# smb port for netbios
   smb ports = 445 139
# local printers
   load printers = no
   disable spoolss = yes
# Symlink race allow137,138,139,445,162s access outside share definition
# https://www.samba.org/samba/security/CVE-2017-2619.html
# Optional:
   unix extensions = no
shared public folder (Replace the path of your shared public folder)
[shared]
   comment = shared
   path = /home/your_user/sharedfolder
   guest ok = yes
   guest only = yes
   browseable = yes
   writable = yes
   create mask = 0777
   directory mask = 0777
   public = yes
   force user = nobody

On windows 10/11 run Windows Powershell with privileges and execute:

Set-SmbClientConfiguration -RequireSecuritySignature $false
Set-SmbClientConfiguration -EnableInsecureGuestLogons $true