Hey everyone,
So I have been reading about this for some time, but never got around to fixing it.
Most of my clients are still on Windows 10 for lack of having any reason to "upgrade" to windows 11, but now I ahve a Windows 11 machine in the house, and am being forced to deal with the issue.
I presume this has something to do with SMB1/CIFS being deprecated, but I am not sure.
On the server side (Ubuntu 20.04 LTS on kernel 6.5.11) my /etc/smb.conf looks something like this:
Global settings:
Each user has a password protected share as follows:
This results in requiring credentials to log in.
In addition to the users folders, I also have some shared folders set up which are guest browseable, and are configured something like this:
On Windows 10 and earlier clients, as well as Linux clients this results in users folder requiring credentials to access, but share folders not requiring credentials. This is as intended.
On Windows 11, users can still access their credential protected folders, but they are unable to access the share folders using guest access.
Many guides say to just go into Windows and enable SMB1, but I've read it has some pretty serious security flaws, so I don't want to do that.
How would I go about fixing this properly so that it uses the latest versions of the protocol, but users can still access the guest folders without credentials?
Appreciate any input.
So I have been reading about this for some time, but never got around to fixing it.
Most of my clients are still on Windows 10 for lack of having any reason to "upgrade" to windows 11, but now I ahve a Windows 11 machine in the house, and am being forced to deal with the issue.
I presume this has something to do with SMB1/CIFS being deprecated, but I am not sure.
On the server side (Ubuntu 20.04 LTS on kernel 6.5.11) my /etc/smb.conf looks something like this:
Global settings:
Code:
[global]
server string = %h server (Samba, Ubuntu)
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 4
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
security = user
ntlm auth = yes
Each user has a password protected share as follows:
Code:
[user]
comment = User's Folder
path = /mnt/storagepool/userfolder
valid users = user
force user = user
force group = user
create mask = 0774
browseable = No
Writable = Yes
In addition to the users folders, I also have some shared folders set up which are guest browseable, and are configured something like this:
Code:
[share]
comment = Share Folder
path = /mnt/Storagepool/share
force user = share
force group = share
group = share
read only = No
create mask = 0774
guest ok = Yes
browseable = No
On Windows 10 and earlier clients, as well as Linux clients this results in users folder requiring credentials to access, but share folders not requiring credentials. This is as intended.
On Windows 11, users can still access their credential protected folders, but they are unable to access the share folders using guest access.
Many guides say to just go into Windows and enable SMB1, but I've read it has some pretty serious security flaws, so I don't want to do that.
How would I go about fixing this properly so that it uses the latest versions of the protocol, but users can still access the guest folders without credentials?
Appreciate any input.