Friday, 25 October 2013

SAMBA Shares with no Username/Password

Setting up a NAS/share that you want all users on your network to be able to access without a username or password?  If you want to do this in SAMBA 4, you can't use the traditional global setting of:

security = share

as "share" level security is now deprecated. You'll now need to set the parameter map to guest.  Instead, use the following settings in /etc/samba/smb.conf:

security = user
map to guest = Bad Password
passdb backend = tdbsam
guest account = nobody

And if you're doing this, it's a good idea to lock down Samba to your local network:

interfaces = lo eth0 192.168.1.0/24
hosts allow = 192.168.1.0/24

Lastly, don't forget to configure iptables to lock down source ports:

iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport netbios-ssn -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.0/24 --dport netbios-ssn -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport microsoft-ds -j ACCEPT
iptables -A INPUT -p udp -s 192.168.1.0/24 --dport microsoft-ds -j ACCEPT

Point smbclient/Windows Explorer/Mac Finder to //IP/share_name and you're all set!