Guest permissions on CIFS share

[Mark Stega]

I have FreeNAS 9.3 setup inside my home. I want my OpenELEC media center boxes to be able to read from a CIFS share on the FreeNAS box. I have the checkbox set to allow guest access. Since there is no user account called 'guest' how do I know what the privileges are? And how would I change them if needed?

 

[dlavigne]

Guest is a built-in user account. See http://doc.freenas.org/9.3/freenas_sharing.html#configuring-unauthenticated-access for instructions.

 

[Mark Stega]

I see how to create a new share with unauthenticated access using the wizard. Is there any way to take an existing share of a directory and grant the same unauthenticated access?

 

[anodos]

I see how to create a new share with unauthenticated access using the wizard. Is there any way to take an existing share of a directory and grant the same unauthenticated access?

Change owner of dataset to guest user then go into your share config. Check 'allow guest access' and 'apply default permissions'

 

[Mark Stega]

The "Owner (user)" dropdown does not include 'guest'; Owner (group)" does include 'guest'; I am afraid that the description of these options in the documentation (Table 8.1c) does little to help my understanding of which I should be trying to set.

Also the choice between linux & windows permissions in the same dialog seems like it should be a mulstiple choice. I have both linux (OpenElec) and Windows using the same share.

{edit] Of course, as an absolute noob to Linux/Unix this may just be a basic lack of knowledge on my part.

 

[ovizii]

@Mark Stega : I completely agree, I've been battling with the exact same problem for half a day now, not wanting to use the wizard and being stuck and confused because of these changes regarding hte guest user/groups :-(

 

[anodos]

The "Owner (user)" dropdown does not include 'guest'; Owner (group)" does include 'guest'; I am afraid that the description of these options in the documentation (Table 8.1c) does little to help my understanding of which I should be trying to set.

Also the choice between linux & windows permissions in the same dialog seems like it should be a mulstiple choice. I have both linux (OpenElec) and Windows using the same share.

{edit] Of course, as an absolute noob to Linux/Unix this may just be a basic lack of knowledge on my part.

Via the GUI, create a user "guest" or perhaps "peon", then in Services -> CIFS change "Guest account" to your newly minted guest user. Once you have done that, make sure you have checked "allow guest access" in your share config. If you want to confer write privileges to guest users, you should modify the ACLs for your share to grant your guest user appropriate access.

 

[ovizii]

If you want to confer write privileges to guest users, you should modify the ACLs for your share to grant your guest user appropriate access.

What are the default access rights of a guest user created this way? Is it read only? And if I DON'T specify "allow guest access" for a share will only authenticated users be allowed access?

 

[Thousandbuckle]

Did anyone ever get this working? I have a similar request and opened a new thread but just stumbled across this one but see there was no conclusion what works.

It also did not make sense why you would create a "guest" user account on FreeNAS as it requires a password which defeats the purpose of a guest account.

 

[Mike P]

I just about pulled my hair out with this problem. The problem was so simple that I kept over looking it. Note this isn't my first freenas box, just been awhile since I have set one up.

Could people be over looking the Guest account that is set in: Service --> CIFS

I did :(

 

[rogerh]

I just about pulled my hair out with this problem. The problem was so simple that I kept over looking it. Note this isn't my first freenas box, just been awhile since I have set one up.

Could people be over looking the Guest account that is set in: Service --> CIFS

I did :(

OK, that's the problem. What is the solution? I have had endless problems with this.

 

[Mike P]

OK, that's the problem. What is the solution? I have had endless problems with this.

Sorry I wasn't clear. Goto services then CIFS. Then select fill in or whatever it is for the guess account field. I'm not home now to see the screen

 

[anodos]

Did anyone ever get this working? I have a similar request and opened a new thread but just stumbled across this one but see there was no conclusion what works.

It also did not make sense why you would create a "guest" user account on FreeNAS as it requires a password which defeats the purpose of a guest account.

It works. It doesn't matter that you are setting a password for the 'guest' user account because Samba will automatically map "bad users" to the guest account and not require credentials.

Consider the following situation:

You have a freenas server with the share \\freenas\share and the guest account "guest" (which in the windows world would be described as \\freenas\guest). You normally log into your laptop with the account \\laptop\bob. When you first try to access "\\freenas\share", your laptop will first try to authenticate using "\\laptop\bob". Since the user account \\laptop\bob does not exist on the FreeNAS server, and you've checked the box "allow guest access", freenas will auto-magically authenticate you as \\freenas\guest. You will now have whatever access \\freenas\guest has to the share \\freenas\share. If "guest" owns the dataset / share in question, then you will have the "full control" permissions set on the share.

In the above example, you may run into problems (and people often do), if you have also have a user account "bob" on the freenas server. Freenas will evaluate the credentials being passed to it and determine that the user "bob" is not a "bad user" and not do the auto-magic user mapping. This is one of the most common causes of problems with "guest" access.

Another common problem is that people want guest access to \\freenas\guest_share, but regular authenticated access to \\freenas\share. They will authenticate to \\freenas\share using the \\freenas\user credentials. Then expect to be able to get the same level of access that guests do to \\freenas\guest_share. This is not necessarily the case. Windows only allows one set of credentials to be used per windows (or samba) file server. In this situation you will need to configure permissions on \\freenas\guest_share to grant access for \\freenas\user.

TL;DR,

It works if you configure it correctly.

 

[Borja]

It works. It doesn't matter that you are setting a password for the 'guest' user account because Samba will automatically map "bad users" to the guest account and not require credentials.

Consider the following situation:

You have a freenas server with the share \\freenas\share and the guest account "guest" (which in the windows world would be described as \\freenas\guest). You normally log into your laptop with the account \\laptop\bob. When you first try to access "\\freenas\share", your laptop will first try to authenticate using "\\laptop\bob". Since the user account \\laptop\bob does not exist on the FreeNAS server, and you've checked the box "allow guest access", freenas will auto-magically authenticate you as \\freenas\guest. You will now have whatever access \\freenas\guest has to the share \\freenas\share. If "guest" owns the dataset / share in question, then you will have the "full control" permissions set on the share.

In the above example, you may run into problems (and people often do), if you have also have a user account "bob" on the freenas server. Freenas will evaluate the credentials being passed to it and determine that the user "bob" is not a "bad user" and not do the auto-magic user mapping. This is one of the most common causes of problems with "guest" access.

Another common problem is that people want guest access to \\freenas\guest_share, but regular authenticated access to \\freenas\share. They will authenticate to \\freenas\share using the \\freenas\user credentials. Then expect to be able to get the same level of access that guests do to \\freenas\guest_share. This is not necessarily the case. Windows only allows one set of credentials to be used per windows (or samba) file server. In this situation you will need to configure permissions on \\freenas\guest_share to grant access for \\freenas\user.

TL;DR,

It works if you configure it correctly.

Correct. I know a trick to add guest_share and user_share as network folders or virtual storage units. If you add one of them as IP Address and the other one as NetBios name you can login to both folders with different users as windows believes are located in different machines.