SAMBA - need open R/W for anyone on LAN

Been "fiddling" with Samba for 4 hours now. I want to emulate having the USB drive that is plugged into my router now (/mnt/sda2) act like it was plugged in parallel to USBs on every computer on the local network. Open data where anyone can read to anywhere and anyone can write to anywhere on this USB drive and this is all happening only on the local LAN. In other words I am looking for a shared NFS with no security. Does anyone have a config file sample of how to make that work?

(Pretty much read all that's been written recently and it's all with user password security, even the "option security share" demands a password when I try to NET USE the drive from Windows)

Here's the last of about a hundred profile changes I've tried:

config samba
	option name 'Doolie'
	option workgroup 'WORKGROUP'
	option description 'Doolie'
	option homes '0'
	option interface 'loopback lan'

config sambashare
	option browseable 'yes'
	option name 'Media'
	option path '/mnt/sda2'
	option read_only 'no'
	option guest_ok 'yes'
	option create_mask '0755'
	option dir_mask '0755'
	option users 'root'

Also the documentation tells me to make the change of "option security share" editing the template under the Luci Services tab, but I'm not sure how the template is getting plugged into the config file. Very confusing.

**P.S. I don't mind having to enter a password and user name to access the disk, I just don't want the drive divided by user area or any type of writing done on the drive that can't be changed by anyone who accesses it and if a password is necessary or suggested, I don't want to have to manage new passwords every time I get on a new computer and want to get to the drive. THANKS.

**** On second thought, 2 passwords might not be bad if one would be for R/O access and the other for R/W access.

The package assumes no valid smb.conf in the /etc/samba dir, the init script will then use the samba template + config options to create a valid one on /tmp/etc and than link this final one back to /etc/samba, which can than be consumed by the samba daemon.
Also keep in mind that only a handful parameters are implemented via uci (config), so check the openwrt wiki which one work and otherwise parameters have to go into the template.

There is no "share" option for the "security " parameter, either in uci or samba.

If you use samba4, than this gives you a full guest share, with read/write access for everyone in the network. If you use linux clients, change the file/dir masks.

config sambashare
	option guest_ok 'yes'
	option guest_only 'yes'
	option inherit_owner 'yes'
	option create_mask '0666'
	option dir_mask '0777'
	option path '/mnt/sda'
	option read_only 'no'
	option force_root '1'
	option name 'share'

Samba3 uci/config has no inherit_owner or force_root option, so stick them into the global template.

force user = root
force group = root
inherit owner = yes
1 Like

Thank you. The opkg repository had only samba 3.6 and when I google samba4 I find a github site with no download feature or no place I can find to explain how I find an opkg side-loadable version of samba4. Thanks again.

I might add that I'm doing this on an espresobin and about 48 hours into this trying to get something for a simple file share on Windows laptops and a KODI box. I'm going to try the media server package for the KODI box and just need something simple for the Samba setup where I can use the USB drive in the espresobin as a shared network server.

Otherwise I can add a new opkg and do a little configuration but after that I've extinguished my skill set. (It took me 4 years of experimenting before I got openvpn server workign on openwrite and that was just trial and error using hundreds of configuration blogs and wikis so that should give you a hint of how intuitive this stuff is for me :wink:

Samba4 is in snapshots, so you have to use a snapshot based version. The above settings should also work with samba36 as noted.

PS: You can also try build your own samba4 version against your FW version via:
There are example configs for how to build against the 18.02 sdk.

config samba
	option name 'Doolie'
	option workgroup 'WORKGROUP'
	option description 'Doolie'
	option homes '0'
	option interface 'loopback lan'

config sambashare
	option guest_ok 'yes'
	option guest_only 'yes'
	option inherit_owner 'yes'
	option create_mask '0666'
	option dir_mask '0777'
	option path '/mnt/sda2'
	option read_only 'no'
	option force_root '1'
	option name 'share'

Go to Windows, Network, click on Doolie, asked for password, enter root and the password of the router, "the userid is invalid or incorrect password"

No multiple Linux users, only the root user ID exists on the espressobin


guest only and guest ok should mean you aren't asked for a password... so that's a bit weird.

whatever you do, DON'T use the root user as your username and password for accessing the samba share. If I remember correctly samba has its own password database that you modify with smbpasswd but that might be old information. I only use Samba occasionally, i use honest to goodness NFSv4 for most of my file sharing. Not sure what the status is of Windows access to NFSv4 though, so not necesssarily recommending it if you need windows.

@DonJuane Please use "Preformatted text </>" for logs, scripts, configs and general console output.

Please edit your posting accordingly.

So still what is happening is that with these settings, trying to click on the share in the Network menu asks for a password and entering the root ID and password gets the standard invalid user/ password Windows error message.

I have some old notes that bypasses UCI so you're on your own but they worked last time I tried (which is a while ago) if interested

Yes, I would be interested. A favor perhaps ....

Can you read this, tell me if you think it will work and then how to configure 3.6 in OpenWRT syntax so I might give this a try?

Can you double check if the UCI settings are actually used, aka check the /etc/samba/smb.conf ? Also check if map to guest = Bad User is active in the template.

Thanks so much for checking. I got far into trying this method:

(and thanks to whoever in busybox forced super long, cryptic passwords when trying to do development work - can't you just put a system option to disable requiring a novel-long password)

Anyway I tried to add another user, tried to add that user with chown to my /mnt/sda2 drive I had and tried to log on witlh the new userID and all I could get is "access denied" so then I went back to samba under the luci configuration option and I have it so screwed up I can't even load it. So I will be trying to uinstall it and start over with it today. Let this show to developers that something is seriously wrong with this implementation. It may work for system engineers but it's not for the common-Joe who likes to experiment and set up local networks.


OK, I removed samba, deleted all the samba data files and installed it again.

`/etc/samba/smb.conf is: 
	netbios name = OpenWrt 
	display charset = UTF-8
	interfaces = lo br-lan 
	server string = OpenWrt
	unix charset = UTF-8
	workgroup = WORKGROUP
	bind interfaces only = yes
	deadtime = 30
	enable core files = no
	invalid users = root
	local master = no
	map to guest = Bad User
	max protocol = SMB2
	min receivefile size = 16384
	null passwords = yes
	passdb backend = smbpasswd
	security = user
	smb passwd file = /etc/samba/smbpasswd
	use sendfile = yes

	comment     = Home Directories
	browsable   = no
	read only   = no
	create mode = 0750

	path = /mnt/sda2
	valid users = root
	read only = no
	guest ok = no
	create mask = 777
	directory mask = 777
	browseable = yes

Also per various suggestions I've read for a Windows 7 machine trying to use Samba, I have done the following:

Windows Run or command prompt entry:

Local Policies ->Security Options

When you're there change the following policies

Microsoft network client: Send unencrypted password to third-party SMB server: Switch it to "Enabled".

Network security: LAN Manager authentication level: Select the option: Send LM & NTLM - use NTLMv2 session security if negotiated.


root@OpenWrt:/mnt# ls -l /mnt
drwxr-xr-x    2 root     root          4096 May 10 02:40 mmcblk0p1
drwxr-xr-x    2 root     root          4096 May 10 03:09 mmcblk0p2
drwxr-xr-x    2 root     root          4096 May 10 02:40 sda1
drwxr-xr-x    2 root     root          4096 May 10 02:40 sda2
root@OpenWrt:/mnt# cd sda2
root@OpenWrt:/mnt/sda2# touch test.txt
root@OpenWrt:/mnt/sda2# ls
root@OpenWrt:/mnt/sda2# ls -l
-rw-r--r--    1 root     root             0 May 11 18:00 test.txt

Windows command line:

C:\Windows\system32>net use v: \\OPENWRT\Media /USER:root (password)
System error 5 has occurred.

Access is denied.



C:\Windows\system32>net use ?
The syntax of this command is:

[devicename | *] [\\computername\sharename[\volume] [password | *]]
        [/USER:[dotted domain name\]username]
        [/USER:[username@dotted domain name]
        [[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME


Old notes, may not work and can most certainly be optimized and it's by far not the most secure setup...


workgroup = homegroup
server string = My NAS Box
reset on zero vc = yes
bind interfaces only = true
interfaces = br-lan
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = no
use sendfile = yes
syslog = 2
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
printable = no
passdb backend = smbpasswd
guest account = root
null passwords = yes
map to guest = Bad User
enable core files = no
encrypt passwords = true
deadtime = 15
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
delete veto files = yes
# max log size = 1000
smb passwd file = /etc/samba/smbpasswd

comment = My External HDD
path = /mnt/sda1/storage
public = yes
guest ok = yes
writable = yes
write list = root
browseable = yes



touch /etc/printcap
mkdir -p /var/cache/samba
mkdir -p /var/log/samba
mkdir -p /var/lib/samba/private
# You need to run "smbpasswd -c /etc/samba/smb4.conf -a root" once
smbd -D -s /etc/samba/smb4.conf
  • Create the /etc/samba/smb4.conf file
  • Put the startup script (which can be converted to use procd quite easily) somewhere
  • chmod + x
  • Run smbpasswd -c /etc/samba/smb4.conf -a root and set a password, preferably the same as on the router itself
  • Add script to /etc/rc.local (full path)
  • Run /etc/scripts/
  • Cross fingers :wink:

Note: You need to change path = /mnt/sda1/storage in smbd.conf to something that's valid.

Thanks so much. I am not at v4 of Samba because it has been said that I must compile it myself in order to use it and I am just not at this skill level yet (and may never be). I am running out of time on this project and need to get on the road, so I think it's wisest at this point for me to abandon it. Someone should know when they are "whipped", cut their losses and move on. I've certainly lost more money and time on bad decisions in the past. Thanks everyone for your effort to assist me. I appreciate it.

...or just grab a snapshot image has been mentioned several times.

I have to say these "just get's" are killing me. Where did we start, was it 6 months ago ..... me: I am looking for a simple NFS for my camper and a media viewer. I "just got" and espressobin and a MiCool - I have "just gotten" more and more until.... well .... all I can think of is .... "until I am DIZZY". LOL, Grab a snapshot sounds easy to some I would imagine. No Luci on these i read, Another challenge. One step forward, and three back.

  • LuCI is available (package), I don't know where you've gotten this idea from.
  • As for the Mecool, ...and if you click on the read more link it tells you how to boot for the first time (one time only).

Just for fun... it took me ~22 minutes to from a fresh install to have Samba running and that includes a two very slow package installes and about 3 reboots (one firstboot) which you wouldn't need to do as your device has more than 16Mbyte of flash :slight_smile:

So I'd say like 15 minutes or so tops on your device

I have a capture of it which pretty much also applies to your device.