I am trying to set up a simple samba share between my raspberry pi and my windows 10. This is my config:
[global] min protocol = SMB2 workgroup = WORKGROUP wins support = no dns proxy = no guest account = nobody interfaces = 127.0.0.1, 192.168.2.0/24 bind interfaces only = yes hosts allow = 127.0.0.1 192.168.2.0/24 hosts deny = 0.0.0.0/0 log file = /var/log/samba/log.%m log level = 1 max log size = 1000 panic action = /usr/share/samba/panic-action %d security = user server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes encrypt passwords = yes map to guest = never usershare allow guests = no auto services = pi
#======================= Share Definitions =======================
[homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S
[printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700
[print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
[pi] comment = pi samba share path = /home/shares/pi browseable = yes writeable = true admin users = pi public = no valid users = pi hide dot files = noIn order for this to work, I had to follow this article Guest access in SMB2 to change the registry keys for allowing guest access.
What would I need to change in my config so that I don't have change any registry keys for everything to work (meaning: I can successfully access /home/shares/pi from my Windows 10)?
I have various settings in my config that, to my understanding, prohibit guest access, so I don't understand why I still had to enable it.
61 Answer
You have two possible approaches:
- You can access the files as guest.
- You can configure accounts that have to authenticate.
A guest account is fine if all the users should have access anyway, but it's not what you desire, so you must configure one ore more accounts. Samba allows different kinds of accounts, they are configured with the passdb backend option:
smbpasswd - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument.
tdbsam - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the private dir directory.
ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to ldap://localhost)
The smbpasswd is the oldest and most simple, it's just a plain file similar to /etc/passwd. The tdbsam uses a binary tdb file and can store more information about user accounts. LDAP is more interesting if you want to manage many accounts and/or already have an LDAP server.
See also smbpasswd for adding accounts and changing password.
