Okay guys, I took time time to read the other thread and think about this, here are my two cents into the subject. Correct me at any point if I'm wrong!
kernel-panic69 wrote:
That setting was changed due to previous issues, if I am not mistaken. Everyone else has not had these issues because they likely have been following the bouncing ball of discussion in the forum about these issues...
Yeah I stumbled across this issue while thinking the issue was another thing. Our current facts:
It seems like Microsoft decided to "kill" guest access to shares:
In Windows 10, version 1709, (...) no longer allows the following actions:
Guest account access to a remote server
According to them this was done because:
1) "Guest logons do not support standard security features such as signing and encryption." > possibly breaking the SMB3 "standard"
2) "guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network"
3) "A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge" > serious security issues.
So having a "bad user" default breaks the compatibility of DD-WRT's SMB with the Windows, therefore making the feature useless for most users - M$ error messages are cryptic as usual, it takes a while to figure out about that "Enable insecure guest logons" option.
SMB was broken for so long that nobody will even try to look for settings under Windows. People will just assume DD-WRT's SMB is broken "as usual" and move on to Entware (like I did )
egc wrote:
https://svn.dd-wrt.com/changeset/47087
I think this was the only way to allow to access the shares without a login.
I can make a drop down box in the GUI but what should be in it?
I do not use samba have my dedicated QNAP Pro 453 with 4 * 8 TB
I see two options here:
a) Bluntly change the parameter to "never" and remove public shares from dd-wrt cause they aren't supported by Windows. Probably will enrage everyone using macOS/Linux.
b) Make it available but smart and useful for everyone:
1. Set "map to guest" to "never" as default;
2. Hide/disable all public sharing options by default from the UI:
3. Add a checkbox/radio in the Samba section that says "Enable public shares feature";
4. Whenever someone checks the checkbox do this:
4.1. Display the following message: "Enabling this feature breaks Windows 10 version 1709+ compatibility unless the 'Enable insecure guest logons' policy is enabled."
4.2. Change "map to guest" to "bad user"
This proposed solution would make it work for everyone: for Windows users that just want something to work out of the box AND for users who want public shares. The message will tell users exactly what happens if they enable the feature and how to deal with it under Windows / ignore it under macOS/Linux.
Can someone else also give feedback into this solution?
Thank you and keep up the great work! _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Last edited by TCB13 on Wed Dec 01, 2021 17:24; edited 1 time in total
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Wed Dec 01, 2021 16:23 Post subject:
I am absolutely thrilled that you double-quoted me for more emphasis (SIC). I think most people were using the insecure guest logons as a workaround on the windows side without knowing it or something. Getting Windows, MacOS, and Linux to seamlessly play together has always been a game of whack-a-mole. Anxiously awaiting the next thing that M$ breaks all to sh*t. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I am absolutely thrilled that you double-quoted me for more emphasis (SIC). I think most people were using the insecure guest logons as a workaround on the windows side without knowing it or something. Getting Windows, MacOS, and Linux to seamlessly play together has always been a game of whack-a-mole. Anxiously awaiting the next thing that M$ breaks all to sh*t.
Ahaha double quote, my bad
M$ is always changing the rules of the game. I do understand why they've disabled public shares, specially in SMB3 where encryption is an assumed feature but its still a pain.
I guess for now by (b) suggestion would be the way to have the multi-platform support. Meanwhile I've decided to add the following to my startup:
Quote:
# Built in Samba - Fix SMB Windows
sed -i "/^map to guest/c\map to guest = never" /tmp/smb.conf
killall ksmbd.mountd
ksmbd.mountd -c /tmp/smb.conf -u /tmp/smb.db
This way I can still use the GUI to configure users and shares and have it working out of the box under Windows and macOS.
This method has the obvious caveat of having to reboot after changing Samba settings, but its better than the other options.
I cannot do any sophisticated things at the moment as I am tied up and that would really need me to dig in and test etc.
I made a dropdown box which lets you choose "bad user" or "never" do not look at the text/translation
Suggestions for better text/translation are more than welcome
I just tested your fix and it works just fine!
About the translations maybe it can be really "Map to guest" with "Bad User" and "Never". As long as the "Never" is the default option people will not mess it with. Advanced users will know what this does (probably).
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Wed Dec 01, 2021 20:43 Post subject:
Now we change the rules and see how many people wonder why their current configs are broken... *chuckles* At least this is all out in the open, so if they didn't know, it's their fault for not reading this thread! (SIC) _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Well, I just changed the title of the thread to make it more helpful. If anyone rants I'll double quote them until they get it ahah _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).