Configure shared folder to be mountable without authentication

Question

My ultimate goal is to configure an HP Officejet Pro 8600 to save scans into a shared folder on my computer (using the "Scan to network folder" functionality of the printer).

So I have configured a folder on my computer as a network share in the following way:

$ net usershare info --long
[LocalNetwork]
path=/path/to/LocalNetwork
comment=
usershare_acl=Everyone:F,
guest_ok=y

I have also configured my UFW firewall to allow access from within the local network to the ports used by Samba:

$ sudo ufw allow from 192.168.178.0/24 to any app Samba
Rule added
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
137,138/udp (Samba)        ALLOW IN    192.168.178.0/24          
139,445/tcp (Samba)        ALLOW IN    192.168.178.0/24

Both the printer and my computer are in the same network and I use \\<my-ip-address>\LocalNetwork as the network path. Since the printer reports "Connection failed" when testing the connection, I decided to test it with a Raspberry Pi that is in the same network. When I attempt to mount the folder though, it asks for a password for the root user:

$ sudo mount -t cifs //192.168.178.92/LocalNetwork test_mount_point
Password for root@//192.168.178.92/LocalNetwork:

I didn't expect this, since I configured the folder for guest access. So why does it attempt to authenticate and how can I setup the folder to be accessible without authentication?

Edit

By passing -o guest it doesn't prompt for a password, however I get a mount error(13): Permission denied:

$ sudo mount -t cifs -o guest //192.168.178.92/LocalNetwork test_mount_point
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Edit

Following this answer I have added a user via smbpasswd with some password (nopass):

$ sudo smbpasswd -a nobody

When I try to mount the folder using this username and password I get a new error however:

$ sudo mount -v -t cifs -o user=nobody,password=nopass //192.168.178.92/LocalNetwork test_mount_point
mount error(5): Input/output error

Edit: `testparm -s`

This is the output:

$ testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
    log file = /var/log/samba/log.%m
    logging = file
    map to guest = Bad User
    max log size = 1000
    obey pam restrictions = Yes
    pam password change = Yes
    panic action = /usr/share/samba/panic-action %d
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    passwd program = /usr/bin/passwd %u
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    unix password sync = Yes
    usershare allow guests = Yes
    usershare owner only = No
    idmap config * : backend = tdb

[LocalNetwork]
    create mask = 0777
    guest ok = Yes
    path = /path/to/LocalNetwork
    read only = No

Is "/path/to/LocalNetwork" either in your encrypted home directory or is it under /media/your-user-name? — Morbius1, Dec 07 '20 at 13:05
@Morbius1 No, it's actually located in my home directory: `/home/username/LocalNetwork` (which is not encrypted). Using the artificial `nobody` user, I managed to convert the `Permission denied` error to a `Input/output error` however I'm stuck there. I tried various suggestions from other questions, like adding `sec=ntlmv2` or `vers=x.y` (with various combinations for `x` and `y`), but the error persists. — a_guest, Dec 07 '20 at 13:17
I cannot resolve the error message you are getting to the share and it's location so I would edit /etc/samba/smb.conf and right under the workgroup = WORKGROUP line add this one: `force user = your-user-name`. Then restart smbd. — Morbius1, Dec 07 '20 at 13:33
@Morbius1 But doesn't that mean that I have to mount the folder as "myself"? The purpose of that folder is that others can use it without I having to share my password with them. That's why I selected the "guest" option in the first place. — a_guest, Dec 07 '20 at 14:21
Guest access on Samba relies on the user being unknown to Samba, by running 'smbpasswd -a nobody', you have made the user known to Samba, so Guest access is turned off. Do not add 'force use' to 'global' it is meant for a share and in this case wouldn't help anyway. Can you post the output of 'testparm -s' from the computer holding the share. — Rowland Penny, Dec 07 '20 at 14:22
@RowlandPenny However if I use another username or simply `-o guest` I get the `Permission denied` error. I have also checked the permissions of the local folder and they are `drwxrwxrwx`. I have updated my question with the output from `testparm -s`. — a_guest, Dec 07 '20 at 14:27
Your smb.conf shows that you are running Samba as a standalone server, so, run 'smbpasswd -x nobody' as root and then try to connect as a user unknown to the Samba machine i.e. a user that doesn't exist on the computer anywhere. You can also run 'smbclient -L localhost -N' on the machine, this will show if the share exists. — Rowland Penny, Dec 07 '20 at 14:37
@RowlandPenny When I connect as a user that doesn't exist, what should I specify as a password? If I don't specify one, it will ask me for the password. If I specify anything or use the `guest` option, then I get the `Permission denied` error as before. Using `smbclient -L localhost -N` shows `LocalNetwork Disk` (as well as `SMB1 disabled -- no workgroup available` at the bottom of the output). — a_guest, Dec 07 '20 at 14:42
Anything you like. If you use 'map yo guest = bad user' in global, then a user that uses an incorrect password will be rejected,unless the user is unknown to Samba, in which case the user is mapped to guest (usually the Unix user 'nobody') and will be allowed access to any share that also has 'guest ok = yes' set. — Rowland Penny, Dec 07 '20 at 14:52
@RowlandPenny Well, that's also what I thought. However in my case it behaves differently. As mentioned, if I'm using an unknown user for the `mount` command, it will prompt for that user's password. If I specify anything as a password in addition, it will report `Permission denied`. That seems to contradict the Samba configuration. — a_guest, Dec 07 '20 at 14:56
By any chance is the folder you are trying to send the scan to Ubuntu 20.04? — Morbius1, Dec 07 '20 at 15:25
@Morbius1 Ah, yes, I probably should have mentioned this right from the beginning, I'm using `Ubuntu 20.04.1 LTS`. Sounds like that makes a difference? — a_guest, Dec 07 '20 at 15:54
I have a feeling this isn't a Samba problem, for a start, mounting a share doesn't use Samba, it uses cifs-utils. There is also a known problem on Ubuntu where files are seen as directories. Can you connect to the share from another Linux machine using smbclient ? — Rowland Penny, Dec 07 '20 at 16:14
@RowlandPenny If I try to connect via `smbclient //192.168.178.92/LocalNetwork` it asks me for `Enter WORKGROUP\'s password:`. Is that the correct way of using it? If I provide `--no-pass` then it seems to connect with the message `Unable to initialize messaging context` and the typical prompt: `smb: \>`. So does that mean the problem is mounting via `-t cifs`? — a_guest, Dec 07 '20 at 16:19
If you can connect to the share via smbclient, then it isn't a Samba problem, so it has to be a cifs-utils problem or a problem with any GUI you might be using. — Rowland Penny, Dec 07 '20 at 21:40

score 2 · Accepted Answer · edited Nov 29 '21 at 22:21

As it turns out I have an HP8600 in my network and I couldn't reproduce your problem when I set the Network Folder on the HP to a Xubuntu 18.04 machine.

But I did get the exact same Connection Refused error when I tested it against an Ubuntu 20.04 machine.

It would appear that either because of its age or the method it's using to connect to the samba share it is doing so using the 1.0 version of the SMB dialect. There is no SMB1 ( samba calls it NT1 ) on the server side of Samba in Ubuntu 20.04 ... but you can enable it if you want:

Edit /etc/samba/smb.conf and right under the force user = your-user-name that I suggested above add this one:

server min protocol = NT1

Then restart smbd: sudo service smbd restart

You may need to reboot the ubuntu box. Now I can send it to the Ubuntu 20 share.

Some notes about things that have come up here:

You need to make a decision about how you want to create shares.

You created a usershare ( Local Network Share ) of the target folder in Nautilus then you created a classic share in smb.conf. It's best to create them one way or the other if you want to share a particular folder. So my suggestion would be to remove one of the shares for this folder.
Force user happens after the client makes the connection not before.
Where you place the "force user" depends on how you created the share.

If you create all your shares through Nautilus place it in the [global] sections as I suggested above. If you create the shares within smb.conf then add it to the share definition there.
Without the "force user" you will end up with the scanned file being owned by "nobody" not you.
And you should remove nobody from the samba password database since it's not meant to be used the way you are using it:
```
sudo smbpasswd -x nobody
```

Many thanks, now it works perfectly :-) I followed your suggestion and removed the Nautilus share and only kept the `smb.conf` one, since it allowed me to place the `force user = ...` directly under that share. — a_guest, Dec 07 '20 at 20:33
By the way, regarding the `mount -t cifs ...` from the Raspberry Pi, what made the difference was the `force user = ...` configuration (which I tested by removing it from `smb.conf` and then I get `Permission denied` again). That's interesting since according to the directory permissions I would have expected that anybody can access this directory. I also found [this article](https://www.thegeekdiary.com/how-to-force-user-group-ownership-of-files-on-a-samba-share/) and it seems to discuss this point under section 2 but it's rather complex and I can't really make sense of it. — a_guest, Dec 07 '20 at 20:41

Configure shared folder to be mountable without authentication

Edit

Edit

Edit: testparm -s

1 Answers1

Edit: `testparm -s`