How to Make Samba List All Shares Without Authentication

Samba 4.19.5 on Opensuse Tumbleweed, server name HOGSTORE.

A large number of Windows 10 Pro (22H2) desktops as clients on workgroup 802MAGIC.

I want all browseable shares on this server to be visible (not necessarily accessible) without a username/password prompt in Windows Explorer. When accessing \\HOGSTORE, I want all the shares that are set as “browseable” to be listed, but and NO prompt for credentials. Some of the shares may or may not require authentication to access.

I’ve been trying for days to get this to work, unsuccessfully. It always prompts for credentials . Here’s what I’ve tried so far:

• turned on “Enable insecure guest logons” in Windows 10 using group policy editor.
• ensured that “Microsoft network client: Digitally sign communications (always)” is disabled in Windows 10 using group policy editor (it already was by default on every client).
• created a user on the server called “weaksauce” in group “weaksauce” with no password (I explicitly deleted its password using passwd -d weaksauce, and then for good measure also deleted its password with smbpasswd -n weaksauce. Tried with login shell set as both /bin/bash and /bin/nologin.
• ensured the Samba server and all clients are on the same workgroup.
• here’s my smb.conf global section:

[global]
log level = 3
netbios name = HOGSTORE
guest account = weaksauce
server string = SMB Server %v
case sensitive = no
map to guest = bad user
guest ok = yes
invalid users = root
eventlog list = Application System Security SyslogLinux
server role = standalone server
preferred master = yes
log file = /var/log/samba/%m.log
usershare allow guests = Yes
load printers = no

• Ensured the Windows 10 Pro client was rebooted after changes, and the Samba server was restarted to reload configuration changes.

I don’t know what magic setting(s) is(are) needed for this to function, but the frustration of trying to get it to function as needed has caused me to rip out all my hair and I’m now completely bald. I’ve scoured the Googles and none of the results I’ve come across have helped me solve this (obviously, since I’m here now).

Really hoping someone can help me out or at least point me in the right direction.

So after spending DAYS on this, I finally had the idea to try making a Windows 7 VM to test the behavior there. And of course, everything works fine and exactly as expected in Windows 7 So this is actually a recent Windows 10+ change that goes beyond the “Enable insecure guest logons” setting, and has nothing to do with Samba or my configuration after all.

This might be helpful for Windows 10 (good security practices notwithstanding)…

Yup, that’s what I’m referring to in my OP with “Enable insecure guest logons”, but it doesn’t work.

I don’t use samba guest access (since years), but this might be of help to you…

Are you specifically referring to the ‘EnableSecuritySignature’ registry setting here?

I note from reading

The EnableSecuritySignature registry setting for SMB2+ client and SMB2+ server is ignored. Therefore, this setting does nothing unless you’re using SMB1. SMB 2.02 and later signing is controlled solely by being required or not. This setting is used when either the server or client requires SMB signing. Only if both have signing set to 0 will signing not occur.

Check the ‘RequiredSecuritySignature’ registry setting as well.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.