# Samba: cannot access shares in guest mode from Windows



## brain99 (Jul 21, 2014)

Hi,

I have setup a Samba share, and would like to enable guest access. If I understand correctly, it should be possible to configure Samba to map any unknown usernames to the guest user (and ignore the password in that case) using the following options:

```
map to guest = Bad User
        guest account = shared
```
 However, any attempts at accessing Samba from Windows this way result in an error - either when accessed by name, or by IP. Accessing the share as a regular (non-guest) user works fine from Windows, it's only the guest part that's giving me problems.

By default Windows tries to connect with the Windows username and password, so requiring a null password will not work out of the box.

I am using Samba 3.6 on FreeBSD 10-RELEASE:

```
$ smbd -V
Version 3.6.24
$ uname -a
FreeBSD fileserver 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
```

Here is my smb.conf:

```
[global]
        # Basic config
        workgroup = WORKGROUP
        netbios name = FILESERVER
        security = user
        log level = 10

        # stop complaining about printer shizzle
        load printers = No
        disable spoolss = Yes
        show add printer wizard = No
        printing = bsd

        # Enable logging in from Win 8
        username map = /usr/local/etc/samba/smbusers

        # security
        invalid users = root

        # guest access
        map to guest = Bad User
        map untrusted to domain = Yes
        guest account = shared

        # stuff which seems to be necessary for samba to play nice with recent Windows versions
        server signing = auto
        os level = 65
        local master = Yes

[shared]
        comment = Shared files
        path = /mnt/shared
        read only = No
        guest ok = Yes
        browsable = Yes
        public = Yes
        create mask = 0770
        directory mask = 0770
```

Using smbclient everything looks fine to me:

```
$ smbclient -L //localhost -U "foo@microsoft.com"
Enter foo@microsoft.com's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.24]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (Samba 3.6.24)
        shared          Disk      Shared files
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.24]

        Server               Comment
        ---------            -------
        FILESERVER           Samba 3.6.24

        Workgroup            Master
        ---------            -------
        WORKGROUP            FILESERVER
```

In Windows, the errors I get are the standard nondescript errors everyone seems to get when having Samba/networking problems. Accessing \\FILESERVER results in:

```
Windows cannot access \\FILESERVER

Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve network problems, click Diagnose.

Details:
Error code: 0x80070035
The network path was not found.
```

Accessing by IP results in a very similar error, only the details are different:

```
Error code: 0x80004005
Unspecified error
```

Trying to access \\FILESERVER\shared results in:

```
\\FILESERVER\shared is not accessible. You might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The specified network name is no longer available.
```

When looking at log.smbd, I notice that everything goes smoothly (that is, similar to what is logged when using smbclient) up until the point where Windows seems to close the connection:

```
...
[2014/07/20 23:07:26.735073,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$
[2014/07/20 23:07:26.735337,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.1.41 read error = NT_STATUS_CONNECTION_RESET.
```
 The last line from this log does not appear when using smbclient. This is only a very small excerpt of course, if desired I can post a full log here or on pastebin - please mention the log level you would like.

A workaround which I got to work is to include a mapping to the guest user in the smbusers, and add a password using smbpasswd. This enables Windows users to access the share as any user, but it does cause a login dialog to pop up which must be submitted with a blank password (assuming that's what the guest user is configured with). If all else fails this workaround will do, but of course I prefer real guest access which should not trigger any username/password popups for end users. This also suggests the problem has nothing to do with file permissions, since in this configuration the guest user _is_ able to access the share.

This occurs both on Windows 8.1 and Windows 7, *not* joined to a Homegroup. Interestingly enough, using Mac OS X it is possible to connect to the share if the Guest option is selected when connecting (but not with an arbitrary username / password combination).

My apologies for the long post; I have tried to include all information which I think is relevant. If I still missed something, I will be more than happy to provide more information. Any help would be greatly appreciated.


----------

