by lunarg on September 9th 2021, at 11:25

A while back, Microsoft has introduced new security defaults in Windows 10 and Server 2019, disallowing unauthenticated guest access to shares. While this is a good security best practice, it can also break Samba implementations running on Linux. Older versions of Windows (and versions with this policy disabled) can still access the shares, but with the policy in effect, connections immediately fail.

While it would be possible to disable the policy, it's not a very good idea as it is a potential security flaw. A better solution is to fix it on your Linux Samba server, which can be easily done by completely disabling guest access and enforcing SMB3 and password encryption.

Add these lines to the global section:

client min protocol = SMB3
client max protocol = SMB3
restrict anonymous = 2
encrypt passwords = true

Remove any reference to guest access:

  • Remove or comment the map to guest entry.
  • Set guest ok of all shares to no (or leave it out).
« September 2021»
« You only find out who is swimming naked when the tide goes out. »
Warren Buffett