Public Shares with Samba

What the hell, Microsoft? Your SMB protocol is convoluted and confusing, and it keeps changing over the years, yet somehow it’s the best – or at least, the most compatible – solution for a file sharing on a home network with a variety of machines. But man – what a mess.

The Samba project has done a great job of giving the community a linux/unix¬†version of the SMB protocol, and it works great… if you can get it working. My use case at home is simple. I need a couple shares that can be freely accessed by anyone in my home network. All these machines are behind a NAT with no incoming connections possible, thanks to my ISP. It’s actually a double NAT, since I’ve got a private home network inside my ISP’s private network. Nobody’s getting in. So I don’t want or need passwords, user accounts, logins, or security of any kind. I just need a file share to stream movies to Kodi on a FireTV and store all the digital crap I’ve been collecting over the years.

The problem is, every time I go to set up a public samba share I am inevitably presented with a login window when I try to connect to the new share, then I spend 15 minutes or so figuring out which arcane config option I forgot to set. So I present to you, my fellow reluctant SMB user, a simple samba config to get you an insecure public share on your home network with samba.

All the magic happens in smb.conf. Here’s what you need for a basic share:

[global]


netbios name = servername
workgroup = workgroupname
guest account = nobody
security = user
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
map to guest = bad user

[sharename]

writeable = yes
guest only = yes
public = yes
path = /path/to/share/directory

The global section defines the configuration for the samba service in general and sets defaults for the shares. The sharename section(s) apply to a specific share.

guest account = nobody

Since everyone will be connecting to this share anonymously, you’ll need a user account on the server to own all the files. You can use any user on the system, but it’s best to set up an account (like nobody) that will have full permission to manipulate the files in the share but little else.

security = user

This tells samba that you’ll be mapping SMB connections to usernames on the server. In this case, you’re mapping guest logins to the nobody account.

create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775

These commands force samba to use your preferred file permissions for any file or directory created by the guest user. If you leave these lines out, permissions may vary depending on which client is connecting to the share.

map to guest = bad user

This last one is key. It tells samba that if it can’t identify the connecting user, treat them as a guest. Without this line, your client machines will be asking for login and password every time you try to connect.

[sharename]

writeable = yes
guest only = yes
public = yes
path = /path/to/share/directory

This section defines the specific share you’ll be using on your network. You can name it whatever you want, and you can create multiple shares if you need them. The config lines define the share are writable, visible to the entire network, and restricted to guest logins only.

One last thing to keep in mind: if you have a file share that does require a login, all the other shares will ask for login information too. The samba config file comes with a default share called [home] that requires a login. Get rid of it! In fact, I recommend renaming the default config file and creating a new one with just the commands you want. The file is so long it’s easy to miss active config options that will trip you up.

 

Leave a Reply

Your email address will not be published. Required fields are marked *