smb guest access - v.11

[bulsatar]

Hello,
I have done some searching already and attempted to find an answer but so far unsuccessful. I am trying to setup a share that has guest access with no logon requirement. I have a pi that I want to connect to the folder so I can use Kodi to watch my movies and I want everyone in the house to be able to use this directory without logging in. I have provided screenshots of the setup of the dataset and the share below. I am trying to connect via Linux, but when I navigate Network->Windows Network->Workgroup->FreeNas->shared, I get an authentication popup that gets permission denied when trying to sign in as Anonymous.

I am comfortable around Linux but greatly prefer to use the UI. Any help is appreciated!

 

[bulsatar]

Since I haven't gotten any responses, here is what I have tried so far. Hopefully someone will chime in for how to get this to work as it seems like it should be pretty simple but for some reason it just won't work. I can "see" the share, but nothing will allow me to actually access it, with or without the correct username/password setup.

On my Linux machine, I have:
- fstab - results always equal permission denied

Code:

//Soun-Nas/shared					/media/Shared	  cifs  rw,guest		  0 0
//Soun-Nas/shared					/media/Shared	  cifs  rw,username=guest,password=12345		 0 0
//Soun-Nas/shared					/media/Shared	  cifs  rw,username=bulsatar,password=12345		 0 0
***my username is mapped uid identical on my local machine and freenas machine

- navigated to the shared folder thru the UI, but when I click on it I get a password request and everything I have tried won't let me log into the share. Permission Denied.

On my Freenas machine, I have:

• created a user called "guest". Set it's home directory to the shared dataset, primary group to the built in guest group, disabled password login.
• on the shared volume I have "guest" set as owner, permission type set to Windows
• on the smb share I have checked "Apply Default Permissions", "Allow Guest Access", "Only Allow Guest Access", and hosts allow 192.168.1.0/254.
• on the smb service settings I have checked "Allow Empty Password", guest account has "guest" selected

 

[zambanini]

people have better things to do in the holidays ; )

just a hint, since i do not want to write a tutorial:
you need to change the permissions(read,write, user everybody) with the windows explorer so everyone can read/write to your share, after this enable the guest only part in freenas

 

[bulsatar]

after a couple of days of updates because I haven't turned on a windows machine in my house for most of a year, it still doesn't work. And I should be able to do this through Linux. There should be absolutely no reason to turn on a windows machine to get a cifs share working on freenas.

On windows, I am getting denied any kind of permission to the share even though it is saying everyone has full control. Although I provided info from a windows setup, solving this issue thru Linux is very much preferable.

so,

 

[bulsatar]

I still haven't been able to find a way to access my share. Any detailed help would be appreciated as I KNOW it is a permissions issue but I DON'T know how to fix it. I am definitely begging right now....

1. Created a user called "guest" and gave it primary group of "guest"
2. My volume is called "shared" and I have the user owner as "guest" and the group owner as "guest", permission type as windows
3. My smb service is set with guest account as "guest"
4. My smb share is marked "Allow guest access" and "only allow guest access"
5. when I run ls -l on my top level shared folder I get: drwxrwxr-x+ 13 guest guest 14 Dec 31 09:08 shared
6. when I run ls -l on my shared folder I get:
-rwxrwxr-x+ 1 guest guest 0 Dec 31 09:08 .windows
drwxrwxr-x+ 20 guest guest 20 Nov 8 20:36 3d files
drwxrwxr-x+ 2 guest guest 10 Dec 31 08:24 guest
drwxrwxr-x+ 2 guest guest 2 Sep 23 08:28 Library
drwxrwxr-x+ 2 guest guest 23 Dec 31 11:26 Movies
drwxrwxr-x+ 2 guest guest 2 Sep 23 08:27 Music
drwxrwxr-x+ 2 guest guest 2 Sep 23 08:27 Pictures
drwxrwxr-x+ 4 guest guest 4 Oct 23 21:43 projects
drwxrwxr-x+ 3 guest guest 3 Oct 11 15:36 Shows
drwxrwxr-x+ 2 guest guest 3 Oct 23 22:05 Software
drwxrwxr-x+ 3 guest guest 3 Sep 27 21:38 temp
drwxrwxr-x+ 4 guest guest 282 Oct 1 21:12 wallpapers

Thanks for any help

 

[KrisBee]

@bulsatar It's not hard to get bogged down on share issues as it's a potentially complex subject (see for example:
https://forums.freenas.org/index.ph...-configure-share-permissions-freenas-9.35276/
https://forums.freenas.org/index.php?threads/methods-for-fine-tuning-samba-permissions.50739/
https://forums.freenas.org/index.php?threads/how-to-edit-cifs-permissions-from-the-cli.40594/
https://forums.freenas.org/index.php?threads/guest-permissions-on-cifs-share.27391/ )

One idea to be clear about is the meaning of the term "guest access" or "guest account" when referring to SMB shares created in FreeNAS. The "guest account" is in-built and by default is "nobody:nogroup" in both FreeNAS and Linux. You don't need to add an additional user & group to use this concept.

Creating a SMB share that all your home windows users can access without credentials should be straight forward, and by implication if your SAMBA server is configured to use "security = user" then it must be by setting "allow guest access" on the individual SMB shares. But there is a gothca to be aware of, which can be summarised as:

In Windows the client's username and password is automatically sent when it browses for shares - this is done without the user's knowledge. That forces Samba to deal with the sent credentials even though it's a guest share that requires no authentication.

When that username is passed Samba will search through it's password database for that user:

• If there is no match to the username the client user is tagged a "Bad User" and converted ( mapped ) to the guest account which by default is "nobody".
  
  
• If it finds a match to the username and there is a samba password that matches the one sent by the Windows client then the Windows user automatically gains access although not as an anonymous user which is why you needed to add "force user = nobody" to your share definition.
  
  
• If it finds a match to the username but the samba password does not match exactly the password that's automatically sent by the Windows client then you will be prompted for a password - even for a guest share.

The idea of using "force user = nobody" becomes important if you want the same SMB share to be accessed from a Linux client using a mount -t cifs ..... command or a /etc/fstab entry.

If I've understood your OP correctly, you want Windows users to access the share as guests together with at least one linux client. This scheme might work for your case.

If the dataset you wish to share was Data_Storage/Movies, then I would make its owner and group "nobody" & "nogroup" and set permission type to windows. Ensure the SAMBA service "Guest Account" is set to "nobody".

Create a "Windows (SMB)" for the "Data_Storage/Movies" dataset, setting both "Apply Default permissions" and "Allow Guest Access", named Movies, for example. The important extra here is to add the text "force user = nobody" in the Auxiliary Parameters box using advanced mode.

Check you Windows users can access the share without needing to login. They will have the perms set on the dataset for the "nobody account" (defaults to read,write,execute)

To mount the same SMB share in Linux you will need to have the same account (uid/gid) defined on both linux and FreeNAS, e.g: Fred with uid=1010 and gid=1010.

On linux mount the SAMBA share using the Fred account, the FreeNAS passwrd for Fred will be required, e.g :

mount -t cifs -o vers=2.1 -o user=Fred,uid=1010,gid=1010 //<FreeNAS ip>/Movies /home/Fred/CIFS

or its /etc/fstab equivalent. The "force user = nobody" in the SAMBA share will effectively turn Fred into "nobody".

This scheme fudges the issue of the difference between linux and windows permissions which are based on completely different models. OK if the share is read-only, but could cause inconsistencies if both Linux and windows users have read/write access.

An alternative, and possibly preferable scheme for better performance on your Rpi over what is a 100Mb/s network, is to share the same data in two different ways. Create an NFS share for Linux clients, and Windows share for Widows clients on the same dataset. This is safe if only one of the two protocols is configured for read/write access.

The CPU utilisation for a NFS connection should be lower than using CIFS on your Rpi and you should see higher read speeds than if CIFS was used. If you set the FreeNAS NFS service to use NFSv3 then it will authenticate against your Rpi host IP, there's no need for users to be in sync on both FreeNAS and Linux. If the NFS share, for example, on the dataset "Data_Storage/Movies", is read/write then you would have to make the SAMBA share on "Data_Storage/Movies" read-only and allow guest access as previously described.