Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Create Windows-accessible Public shares via Samba Network
If any of you have your Mac sitting on a network with other PC users, you may know how frustrating it can be to share files through Samba. While the /etc/smb.conf file that Apple provides is useful, setting-up an effective public share requires some tweaking. I could not find the necessary tutorial on how to solve my problems on this site or elsewhere, so I decided to write this hint once I figured out how to get things working they way I wanted them to.

This hint has been tested with OS X 10.4.2 only, so I don't know if this will work or is helpful on other systems, though I imagine it is. It would be worth knowing if the backup config file, /etc/smb.conf.template, is significantly different for different versions of OS X.

Looking at /etc/smb.conf, the configuration file for Samba, you will notice among others, [global] settings and a [home] share, which usually do not require changing. There is also a [public] share commented-out with semicolons. If you remove the comment notation (and have Windows sharing turned on in the Sharing System Preferences, of course), then you will be able to connect to the specified directory with a blank user name and password.

To do this, edit the file as root (sudo pico /etc/smb.conf) and remove the comments from the following lines:
;[public]
;   path = /tmp
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no
On my computer, I changed the listed path from /tmp to the public folder in my main account. To test your share locally, type Command-K in the Finder and connect to smb://localhost/public. When you are asked to authenticate, leave both the user name and guest name blank. Hit enter and voila! Hopefully you will see whatever directory you chose to share as a mounted network connection on your desktop.

With this setup, however, you won't be able to connect to your public share from a Windows machine. Running \\hostname\public on an XP box won't let you authenticate with a null username. Simply typing "guest" for a user name or "unknown," the guest account used by Samba, also won't work. (For your information, "unknown" is a real account that has no privileges, no shell account and no password, as you will soon see.)

The simplest fix for this problem, and the meat of this hint, is to make the following changes to smb.conf. Comment out the only guest = yes line, and add the following underneath:
valid users = @unknown, @guest
guest ok = yes
The @ symbol forces Samba to look in NIS and Unix user directories, as opposed to the default location. Excluding this symbol keeps the user names from authenticating properly.

These changed settings will allow Windows users to enter "unknown" as a user name and to connect to your public share. However, for the less than technically-savvy Windows user, this may seem confusing or dumb. There is probably no "guest" account on your system, but if you would like to use "guest" as a user name in place of "unknown," you can create it; otherwise you may remove , @guest from the above line of smb.conf.

To create the guest user, open the Netinfo Application in the Utilities folder.

Carefully (very!) and without making any other changes, duplicate the "unknown" user under "users" after authentication. Change the details of "unknown copy," replacing every occurrence of -2 with -3, and replacing unknown with guest. Don't forget to scroll down to check for all fields. Save your changes and agree to update the database only if you haven't made any mistakes.

Like before, test your Samba share locally and try using "guest" and/or "unknown" as your user name without a password. If you can connect without any errors, then you've taken one more roadblock out of the way of your XP friends from connecting to your machine.
    •    
  • Currently 3.17 / 5
  You rated: 2 / 5 (6 votes cast)
 
[36,954 views]  

Create Windows-accessible Public shares via Samba | 11 comments | Create New Account
Click here to return to the 'Create Windows-accessible Public shares via Samba' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create Windows-accessible Public shares via Samba
Authored by: MichelP on Oct 07, '05 07:08:09AM
For people not willing to mess with .conf files, I'd recommend Sharepoints an excelent donationware:
http://www.hornware.com/sharepoints/
It allows to create new users, add/change mount points for AFS and SMB services. Available as an app or prefPane.

[ Reply to This | # ]
Create Windows-accessible Public shares via Samba
Authored by: gullevek on Oct 07, '05 07:15:09AM

this is a must have. It actually makes Mac OS X way more useful. Especially at home, where you might have tons of externel HDs with pictures and other things you want to share ...



[ Reply to This | # ]
Create Windows-accessible Public shares via Samba
Authored by: sudoman on Oct 07, '05 12:46:06PM

Maybe this is easier to use for some, but I personally found it to be confusing. If you know how to set-up a public share with that program, I'd be interested in knowing how. : )



[ Reply to This | # ]
Create Windows-accessible Public shares via Samba
Authored by: mhorn on Oct 08, '05 08:02:49AM

What problems did you run into when trying to use SharePoints?



[ Reply to This | # ]
SharePoints public share config
Authored by: wyntir on Oct 09, '05 05:02:27PM
This SharePoints config works for me for public shares (important bits circled in red).

It's important that, if you want the shared folder accessible by guests, that the permissions have read-access all the way down to it. (E.g., to share your ~/Music/iTunes/iTunes Library/ folder, ~, Music, iTunes, and iTunes Library all need to be world-readable.)

Also make sure you're in the same workgroup as your Windows friends in the SMB props tab.

SharePoints is definitely one of the best OSX utilities, bar none.

[ Reply to This | # ]
Important Question
Authored by: gcastaneda on Oct 07, '05 08:41:11AM

Thank you for a great hint!

Because I am totally new at doing this type of tweaking, and I dont want to mess up anything, I need to ask this:

In NetInfo, I have duplicated "unknown" into "unknown copy." However, "unknown copy" has "99" where the "-2" values should be (the only user I have with "-2" values is "nobody").

For this hint to work on my machine, do I make a duplicate of "nobody" and make the changes there? Or do I just make these changes ("99" to "-3") to my "unknown copy" user? Also, do I need to make changes to other fields (i.e., home)?

Thanks in advance for your help!



[ Reply to This | # ]
Important Question
Authored by: ework on Oct 07, '05 11:39:23AM

I believe changing 99 -> -3 in "unknown copy" will work.



[ Reply to This | # ]
Important Question
Authored by: sudoman on Oct 07, '05 12:44:12PM

As ework has already said, yes. = )



[ Reply to This | # ]
Create Windows-accessible Public shares via Samba
Authored by: ework on Oct 07, '05 11:46:08AM

Another way to use "guest" which doesn't require changes in NetInfo or even prompts for a password on Windows is the following in your global section. This is taken from a Linux box but samba is samba. The only change required, though likely not neccessary, is "nobody" -> "@nobody" for reasons mentioned in the hint.

[global]
guest ok = yes
guest account = nobody
map to guest = bad user



[ Reply to This | # ]
don't forget
Authored by: JohnnyMnemonic on Oct 07, '05 10:07:27PM
O'Reilly's Using Samba 2nd Edition, installed on a Mac near you:

file:///usr/share/swat/using_samba/toc.html

[ Reply to This | # ]

Create Windows-accessible Public shares via Samba
Authored by: andor on Dec 01, '05 05:02:59PM
I tried this forever but it didn't work for me in 10.4.3.

However, eworks method works fine and is much easier for everyone as all nonexistant user names get remapped to the guest account. So, apart from user names existant on your mac (actually including "unknown"), you can enter anything you like.

Uncomment the [public] section and then add the following line to the [global] section:

map to guest = bad user

[ Reply to This | # ]